FRAMINGHAM (02/25/2000) - A student at Northeastern University in Boston was charged this week with using a hijacked corporate Internet account to attack NASA and Department of Defense computers and damage servers of an Internet service provider (ISP).
According to a statement issued by the U.S. attorney's office in Boston, Ikenna Iffih, 28, was charged with three counts involving unauthorized access to computers.
"The defendant gained illegal access to several computers, either causing substantial business loss, defacing a Web page with hacker graphics, copying personal information or, in the case of a NASA computer, effectively seizing control," said Donald K. Stern, U.S. attorney for the District of Massachusetts, in a statement.
Attempts to reach lawyers for Iffih were unsuccessful.
Investigators said that last April, Iffih obtained unauthorized access to a corporate Internet account known as firstname.lastname@example.org and used it to access a Defense Logistics Agency computer in Columbus, Ohio. He then allegedly used a service known as Telnet proxy to forward traffic through that computer to mask his address.
After hiding his location, Iffih allegedly gained unauthorized access to a server owned by Zebra Marketing Online Services (ZMOS) in Bainbridge Island, Wash., where investigators said he "recklessly caused damage to the computer and caused a significant loss of business to ZMOS." According to a complaint filed by U.S. attorneys in Seattle, a ZMOS systems administrator detected unauthorized changes in password files and several Trojan horse programs. The operating system had to be reinstalled and all data files reconstructed, a process that took about four days. ZMOS couldn't be reached for comment.
In May, prosecutors allege, Iffih used the same pilfered corporate account to attack a NASA server located at the Goddard Space Flight Center in Greenbelt, Md., where he obtained root access that let him read, delete or modify files on the system. He then installed a sniffer program on the system that captured NASA log-in names and passwords.
Government attorneys said the compromised NASA Web server didn't affect classified information or interfere with satellite command or control.
If convicted, Iffih could face a maximum penalty of 10 years in jail and a fine of $250,000. Prosecutors said Iffih wasn't connected with the wave of denial-of-service attacks on e-commerce sites that occurred earlier this month.