Hacker pleads guilty, targeted DOE


A 23-year-old Pennsylvania man pleaded guilty Aug. 27 to charges he had hacked into supercomputers owned by the Department of Energy and planned to sell access to them for tens of thousands of dollars.

Andrew James Miller, 23, of Devon, Pa., pleaded guilty in U.S. District Court to one count of conspiracy and two counts of computer intrusion.

From 2008 to 2011, according to a statement from the U.S. attorney’s office, Miller and co-conspirators remotely hacked into computers in Massachusetts and elsewhere. In some instances, it said, Miller secretly installed back doors in the computers to allow later access to them with administrator-level, or “root,” privileges.  

Miller was indicted for allegedly remotely hacking into computer networks that belonged to Massachusetts-based RNK Telecommunications Inc.; Colorado-based advertising agency Crispin Porter and Bogusky Inc.; the University of Massachusetts; U.S. Department of Energy (DOE) facilities; and other institutions and companies, according to the Justice Department.

Although the U.S. attorney didn’t identify the specific computers Miller admitted to accessing, Wired  reported that Miller pleaded guilty to propositioning an undercover FBI agent during an online chat, asking the agent to pay $50,000 for root access to the supercomputers at the National Energy Research Scientific Computing Center (NERSC) at the Lawrence Berkeley National Laboratory in Berkeley, Calif.

NERSC is home to several powerful computers used in unclassified research projects.

The lab is a member of the national laboratory system supported by the U.S. Department of Energy through its Office of Science and managed by Cal. It is charged with conducting unclassified research across a wide range of scientific disciplines. All research projects funded by the DOE Office of Science and that require high performance computing support are eligible to apply to use NERSC resources, according to the lab.

Wired also said Miller bragged to FBI agents online that he had also broken into corporate servers at American Express, Yahoo, Google, Adobe, WordPress and other companies and universities.

The U.S. attorney’s office in Boston said Miller got his hands on log-in credentials to the compromised computers and he and his co-conspirators sold access to the back doors, as well as other log-in credentials. The access Miller and his co-conspirators sold allowed unauthorized people to access various commercial, education and government computer networks, it said.

Miller is scheduled for sentencing Nov. 19.  According to the U.S. attorney in Boston, the maximum penalty for the conspiracy count is five years in prison.  One of the computer intrusion counts carries a maximum penalty of five years and the other, involving intentional damage to a private computer, carries a maximum of 10 years.

This article was updated to correct the identification of Lawrence Berkeley National Laboratory.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.

Cyber. Covered.

Government Cyber Insider tracks the technologies, policies, threats and emerging solutions that shape the cybersecurity landscape.


Reader comments

Thu, Nov 21, 2013

I would stand for a cause as well defending my fellow techy who took his own life. I remember when i heard that and was very upset. There are no clear laws on many aspects of the internet world, and actually, if not malicious and down right mean and hurtful; hacking provides an extremely useful service to eager software companies who many times have been saved from premature releases. However, if personal information is stolen and then exploited, and gathered and targets are made then relentlessly pirsued: at what point does the hacker either stop and/or realize that they are not flexing a powerful muscle against an opponent. They are criminals, and whatever talent they could have bragged about or enhanced then used for the common good (go help the cictims of super typhoon instead of making more victims) is lost and devalued. They are thieves, bullies, sneaks (that is; if they take it to the psychotic level my old IT friend has done). They are cowards. On the other hand: strike and retreat to make a stand for your fellow colleague. He wasnt the malicious coward described above. I read his story. And was deeply saddened. Totally different angle on article: Um......why is Obama getting so beat up when the FBI REPORTED MONTHS AGO ABOUT THE BREACHES IN GOVERNMENT DATA BASES BY HACKERS WHO LEFT BACK DOORS OPEN FOR THE PURPOSE OF RETURNING? Hello???? The first thing that came to my mind was..........

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group