Justice

Hacker pleads guilty, targeted DOE

justice

A 23-year-old Pennsylvania man pleaded guilty Aug. 27 to charges he had hacked into supercomputers owned by the Department of Energy and planned to sell access to them for tens of thousands of dollars.

Andrew James Miller, 23, of Devon, Pa., pleaded guilty in U.S. District Court to one count of conspiracy and two counts of computer intrusion.

From 2008 to 2011, according to a statement from the U.S. attorney’s office, Miller and co-conspirators remotely hacked into computers in Massachusetts and elsewhere. In some instances, it said, Miller secretly installed back doors in the computers to allow later access to them with administrator-level, or “root,” privileges.  

Miller was indicted for allegedly remotely hacking into computer networks that belonged to Massachusetts-based RNK Telecommunications Inc.; Colorado-based advertising agency Crispin Porter and Bogusky Inc.; the University of Massachusetts; U.S. Department of Energy (DOE) facilities; and other institutions and companies, according to the Justice Department.

Although the U.S. attorney didn’t identify the specific computers Miller admitted to accessing, Wired  reported that Miller pleaded guilty to propositioning an undercover FBI agent during an online chat, asking the agent to pay $50,000 for root access to the supercomputers at the National Energy Research Scientific Computing Center (NERSC) at the Lawrence Berkeley National Laboratory in Berkeley, Calif.

NERSC is home to several powerful computers used in unclassified research projects.

The lab is a member of the national laboratory system supported by the U.S. Department of Energy through its Office of Science and managed by Cal. It is charged with conducting unclassified research across a wide range of scientific disciplines. All research projects funded by the DOE Office of Science and that require high performance computing support are eligible to apply to use NERSC resources, according to the lab.

Wired also said Miller bragged to FBI agents online that he had also broken into corporate servers at American Express, Yahoo, Google, Adobe, WordPress and other companies and universities.

The U.S. attorney’s office in Boston said Miller got his hands on log-in credentials to the compromised computers and he and his co-conspirators sold access to the back doors, as well as other log-in credentials. The access Miller and his co-conspirators sold allowed unauthorized people to access various commercial, education and government computer networks, it said.

Miller is scheduled for sentencing Nov. 19.  According to the U.S. attorney in Boston, the maximum penalty for the conspiracy count is five years in prison.  One of the computer intrusion counts carries a maximum penalty of five years and the other, involving intentional damage to a private computer, carries a maximum of 10 years.

This article was updated to correct the identification of Lawrence Berkeley National Laboratory.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.