Massive hacking spree halted; man indicted

Computerworld - ALEXANDRIA, Va. -- Federal prosecutors from Virginia and New Jersey today indicted a British citizen on eight counts of computer fraud related to hacking incidents that allegedly damaged 105 U.S. government, military and corporate networks.
At a news conference here this afternoon, Paul J. McNulty, U.S. attorney for the Eastern District of Virginia, said the U.S. will formally request the extradition of Gary McKinnon, a 36-year-old unemployed computer systems administrator living in London. McKinnon remains free in London pending presentation of evidence to law enforcement officials in the U.K., said McNulty.
McKinnon, known by his hacker handle "Solo," is charged with seven counts of computer fraud and related activity in Virginia and one count in New Jersey stemming from a yearlong hacking spree. The indictment alleges that between March 2001 and March 2002 McKinnon broke into and damaged 92 computers belonging to the Pentagon, Army, Navy, Air Force and NASA, as well as six systems owned and operated by private U.S. companies.
Once inside a network, McKinnon is alleged to have installed remote administration and hacker tools, copied password files and other sensitive but unclassified files and deleted user accounts and other critical system files. In at least one instance, McKinnon's hacking activity allegedly caused a major military network in Washington to shut down for three days in February. The estimated losses stemming from his hacking are estimated to be $900,000, according to the indictment.
"The significance of this case is that [with] his access to these records, he was able to impair the integrity of the data on these systems," said McNulty. McKinnon allegedly "scanned tens of thousands of systems" before taking advantage of known vulnerabilities in Microsoft Corp.'s Windows operating system installed on the targeted computers.
The indictment filed by the U.S. attorney's office in New Jersey charges McKinnon with one count of intentional damage to a protected computer. The charge stems from his alleged hacking of a computer used by Naval Weapons Station Earle in Colts Neck, N.J. That computer was used by the Navy to monitor the identity, location, physical condition, staffing, battle readiness and resupply of Navy ships in the area of the complex. Between April and June 2001 McKinnon allegedly stole 950 passwords stored on seven servers connected to the NWS Earle network and used that access to damage and force the shutdown of the NWS system on Sept. 23, two weeks after the Sept. 11 terrorist attacks.
In addition to the military and NASA systems compromised by McKinnon, the indictment filed in Virginia