DOD hacker gets 21-month sentence

An Indiana man was sentenced to 21 months in prison for his role in hacking computers at the DOD.

A 21-year old Indiana resident was slapped with a 21-month jail sentence for his role in a hacking attack that compromised computers at the U.S. Department of Defense (DOD), law enforcement officials recently revealed.

The attack was launched by international hacking gang Thr34t Krew (TK) and took place between October 2002 and March 2003, according to a statement from U.S. Attorney for the Eastern District of Virginia Paul McNulty.

Former TK member Raymond Paul Steigerwalt was sentenced Friday for one count of conspiracy to commit fraud and related activity in connection with computers and one count of possession of child pornography, officials said. He was also ordered to pay restitution to the DOD of US$12,000.

Steigerwalt and his gang were accused of creating a worm that infected Internet-connected computers. The worm installed a trojan software program, allowing them to control the infected machines. At least two computers at the DOD were infected, McNulty's office said. It was not clear what damage was done.

Steigerwalt's sentencing came as a result of an investigation involving the DOD, the Federal Bureau of Investigation (FBI), the U.S. Army Criminal Investigation Command, the U.S. Secret Service, the Air Force Office of Special Investigations, the Riverside California County Sheriff's Office and the National Aeronautics and Space Administration.

Two other men in North East England were held in 2003 for their part in creating the TK trojan. At the time, the U.K.'s National Hi-Tech Crime Unit said that the virus had infected approximately 18,000 computers around the world, causing an estimated £5.5 million (US$10.3 million) in damages.

The sentencing of Steigerwalt last week represents a small victory for law enforcement officials, but the incident could still prove somewhat embarrassing for the DOD, according to Graham Cluley, senior technology consultant at Sophos PLC.

"Most of these government agencies are pretty clued in on security threats but the problem is that they only need to be unlucky once to have egg on their face," Cluley said.

International hacking groups, like Thr34t Krew, appear to be on the rise and they are increasingly focusing on money making schemes, Cluley said.

Security experts are warning organizations to be aware of sophisticated attacks designed to steal information or perform extortion, by threatening to launch a denial-of-service (DOS) attack against a Web site unless money is paid, for instance.

Earlier this week it was revealed that data theft reported at Cisco Systems Inc. last year is now believed to be part of a larger incident involving the break-in of servers in several countries. Some of the attacks are also thought to have been directed at U.S. government agencies.