[ISN] Defense Department hacker gets 21-month sentence

InfoSec News isn at c4i.org
Fri May 13 07:08:24 EDT 2005


http://www.computerworld.com/securitytopics/security/story/0,10801,101670,00.html

By Scarlet Pruitt
MAY 12, 2005 
IDG NEWS SERVICE

A 21-year old Indiana resident was slapped with a 21-month jail
sentence for his role in a hacking attack that compromised computers
at the U.S. Department of Defense, according to law enforcement
officials.

Raymond Paul Steigerwalt, a former member of the international hacking
gang Thr34t Krew (TK), was sentenced last Friday on one count of
conspiracy to commit fraud and related activity in connection with
computers and one count of possession of child pornography, officials
said. In addition to the jail time, he was also ordered to pay
restitution of $12,000 to the Defense Department.

The hacking attack launched by TK took place between October 2002 and
March 2003, according to U.S. Attorney for the Eastern District of
Virginia Paul McNulty.

Steigerwalt and his gang were accused of creating a worm that infected
Internet-connected computers. The worm installed a Trojan software
program, allowing TK to control the infected machines. At least two
computers at the Defense Department were infected, McNulty's office
said. It was not clear what damage was done.

Steigerwalt's sentencing came as a result of an investigation
involving the Defense Department, the FBI, the U.S. Army Criminal
Investigation Command, the U.S. Secret Service, the Air Force Office
of Special Investigations, the Riverside California County Sheriff's
Office and NASA.

Two other men in northeast England were held in 2003 for their part in
creating the TK Trojan. At the time, the U.K.'s National Hi-Tech Crime
Unit said that the virus had infected approximately 18,000 computers
around the world, causing an estimated $10.3 million in damages.

Steigerwalt's sentencing last week represents a small victory for law
enforcement officials, but the incident could still prove somewhat
embarrassing for the Defense Department, according to Graham Cluley, a
senior technology consultant at Sophos PLC. "Most of these government
agencies are pretty clued in on security threats, but the problem is
that they only need to be unlucky once to have egg on their face," he
said.

International hacking groups like Thr34t Krew appear to be on the rise
and are increasingly focusing on moneymaking schemes, Cluley said.

Security experts are warning organizations to be aware of
sophisticated attacks designed to steal information or conduct
extortion by threatening to launch a denial-of-service attack against
a Web site unless money is paid, for instance.

Earlier this week it was revealed that data theft reported at Cisco
Systems Inc. last year is now believed to be part of a larger incident
involving the break-in of servers in several countries. Some of the
attacks are also thought to have been directed at U.S. government
agencies.





More information about the ISN mailing list