Defense Department hacker gets 21-month sentence

The attack was launched by international hacking gang Thr34t Krew

A 21-year old Indiana resident was slapped with a 21-month jail sentence for his role in a hacking attack that compromised computers at the U.S. Department of Defense, according to law enforcement officials.

Raymond Paul Steigerwalt, a former member of the international hacking gang Thr34t Krew (TK), was sentenced last Friday on one count of conspiracy to commit fraud and related activity in connection with computers and one count of possession of child pornography, officials said. In addition to the jail time, he was also ordered to pay restitution of $12,000 to the Defense Department.

The hacking attack launched by TK took place between October 2002 and March 2003, according to U.S. Attorney for the Eastern District of Virginia Paul McNulty.

Steigerwalt and his gang were accused of creating a worm that infected Internet-connected computers. The worm installed a Trojan software program, allowing TK to control the infected machines. At least two computers at the Defense Department were infected, McNulty's office said. It was not clear what damage was done.

Steigerwalt's sentencing came as a result of an investigation involving the Defense Department, the FBI, the U.S. Army Criminal Investigation Command, the U.S. Secret Service, the Air Force Office of Special Investigations, the Riverside California County Sheriff's Office and NASA.

Two other men in northeast England were held in 2003 for their part in creating the TK Trojan. At the time, the U.K.'s National Hi-Tech Crime Unit said that the virus had infected approximately 18,000 computers around the world, causing an estimated $10.3 million in damages.

Steigerwalt's sentencing last week represents a small victory for law enforcement officials, but the incident could still prove somewhat embarrassing for the Defense Department, according to Graham Cluley, a senior technology consultant at Sophos PLC. "Most of these government agencies are pretty clued in on security threats, but the problem is that they only need to be unlucky once to have egg on their face," he said.

International hacking groups like Thr34t Krew appear to be on the rise and are increasingly focusing on moneymaking schemes, Cluley said.

Security experts are warning organizations to be aware of sophisticated attacks designed to steal information or conduct extortion by threatening to launch a denial-of-service attack against a Web site unless money is paid, for instance.

Earlier this week it was revealed that data theft reported at Cisco Systems Inc. last year is now believed to be part of a larger incident involving the break-in of servers in several countries. Some of the attacks are also thought to have been directed at U.S. government agencies.

Copyright © 2005 IDG Communications, Inc.

  
Shop Tech Products at Amazon