A Boston man was charged today with using a hijacked corporate Internet account to intercept log-in names and passwords on a NASA Web server that he then used to attack other government computer systems.
According to a statement issued by the U.S. attorney's office in Boston, Ikenna Iffih, 28, has been charged with three counts involving unauthorized access to computers. Investigators, including the FBI and the NASA Office of Criminal Investigations, said that Iffih intentionally caused delays and damage to Web sites and a U.S. Department of Defense computer.
The first count charges Iffih with intentionally intercepting and attempting to intercept log-in names and passwords transmitted to and through a NASA computer. The second count alleges that Iffih gained unauthorized access to a Web site operated by Zebra Marketing Online Services (ZMOS), which he then damaged. Count three asserts that Iffih engaged in willful and malicious interference with a Defense Logistics Agency communications system, including obstructing and delaying the transmission of communications over that system. It's alleged that Iffih committed all of these acts using his home computer in Boston.
"The defendant gained illegal access to several computers, either causing substantial business loss, defacing a Web page with hacker graphics, copying personal information or, in the case of a NASA computer, effectively seizing control," said U.S. Attorney Donald K. Stern for the District of Massachusetts in a statement. "All in all, the defendant used his home computer to leave a trail of cybercrime from coast to coast."
A spokesman at the U.S. attorney's office said this afternoon that Iffih, a student at Northeastern University, has not yet been arrested. Iffih's defense attorney could not be reached for comment before posting time.
According to the statement issued by the U.S. attorney's office, Iffih is charged with obtaining unauthorized access to a corporate Internet account in April 1999, which he then used to illegally access a computer controlled and operated by the Defense Logistics Agency. Iffih then concealed his actual computer address through a service known as "telnet proxy," which created the appearance that his address was that of the government's computer, the U.S. attorney's office charges.
After masking his address, Iffih accessed and damaged the Web site of Internet service provider ZMOS, based in the state of Washington. ZMOS, which hosts corporate Web pages and provides Internet service for corporate customers, alleges that it suffered a significant loss of business, according to the statement.
The government is charging that from May 1999 until August 1999, Iffih then used the same corporate Internet account to access a NASA computer research project Web server located in Maryland. Iffih seized control of the NASA computer, allowing him to read, delete or modify any files on the system. He then installed a "sniffer'" program onto the system to intercept and save user log-in names and passwords that were transferred over the NASA system, for his own later use. Government attorneys said that the compromised NASA Web server didn't contain classified or sensitive information and wasn't involved in any way with satellite command or control.
The statement issued by the U.S. attorney's office adds that Iffih used the NASA computer as a platform to launch attacks on other computer systems, such as an attack on the U.S. Department of the Interior's Web server, where he defaced its Web page with computer cracker graphics.
The information also alleges that Iffih accessed various computers operated by Northeastern University, from which he illegally copied a file containing the names, dates of birth, addresses and social security numbers of numerous men and women affiliated with the university, including students, faculty, administration and alumni.
Investigators aren't aware of any use or dissemination of this information. According to prosecutors, Northeastern University cooperated fully with investigators on this matter.
If convicted, Iffih faces a maximum penalty of 10 years in jail and a fine of $250,000. The case is being investigated by the FBI, the Defense Criminal Investigative Service and NASA's Office of Criminal Investigations' Computer Crimes Division, with assistance from agents with the U.S. Department of the Interior and the U.S. Immigration and Naturalization Service. It's being prosecuted by Assistant U.S. Attorney Allison D. Burroughs of Stern's Economic Crimes Unit in Boston.