A student at Northeastern University in Boston was charged yesterday with using a hijacked corporate Internet account to attack NASA and Department of Defense computers and damage servers of a Washington-based Internet service provider.
According to a statement issued by the U.S. Attorney's Office in Boston, Ikenna Iffih, 28, has been charged with three counts involving unauthorized access to computers.
"The defendant gained illegal access to several computers, either causing substantial business loss, defacing a Web page with hacker graphics, copying personal information or in the case of a NASA computer, effectively seizing control," said Donald K. Stern, U.S. attorney for the District of Massachusetts in a statement. "All in all, the defendant used his home computer to leave a trail of cybercrime from coast to coast.''
Investigators say last April, Iffih obtained unauthorized access to a corporate Internet account known as emergon@rcn.com and used it to access a Defense Logistics Agency computer in Columbus, Ohio. He then used a service known as Telnet proxy to forward his traffic through this computer to mask his address.
Once hiding his location, Iffih allegedly then gained unauthorized access to a server owned by Zebra Marketing Online Services (ZMOS) of Bainbridge Island, where investigators say he "recklessly caused damage to the computer and caused a significant loss of business to ZMOS."
In May, prosecutors allege, Iffih used the same pilfered corporate account to attack a NASA server located at the Goddard Space Flight Center in Greenbelt, Md., where he obtained root access that let him read, delete or modify files on the system. He then installed a sniffer program on the system that captured NASA log-in names and passwords.
The NASA computer was used to gain access to other systems, including a Department of Interior Web server that was defaced with graphics. Government attorneys said the compromised NASA Web server didn't compromise classified information or interfere with satellite command or control.
In the course of the intrusions, Iffih is said to have unlawfully copied private information about 9,135 students, faculty, alumni and others associated with Northeastern University. The data included names, dates of birth, addresses and Social Security numbers.
Janet Hookailo, a spokeswoman for Northeastern University, said Iffih, who is an undergraduate in the computer science program, accessed the information through servers at the university's college of engineering. She said the school has been cooperating with an FBI investigation into the incident since last fall.
If convicted, Iffih faces a maximum penalty of 10 years in jail and a fine of $250,000. Prosecutors said Iffih wasn't connected with the wave of denial-of-service attacks on e-commerce sites earlier this month.