A Boston man yesterday pleaded guilty to infiltrating a corporate Internet account, attacking NASA and Department of Defense computers and damaging servers owned by an Internet service provider.
Ikenna Iffih, a former student at Northeastern University in Boston, pleaded guilty to a three-count information in U.S. District Court, according to a statement issued by the U.S. Attorney's Office in Boston. Sentencing is scheduled for Oct. 25; Iffih could face up to 20 years in prison, with a possible mandatory minimum sentence of six months. He could also be nailed with up to $750,000 in fines.
The court charged Iffih with intentionally intercepting log-in names and passwords that were transmitted to and through a NASA Web server. Iffih also admitted to accessing a server owned by Zebra Marketing Online Services (ZMOS), an Internet service provider in Bainbridge Island, Wash., and to interfering with the communications system of the Defense Logistics Agency.
"The defendant gained illegal access to several computers, either causing substantial business loss, defacing a Web page with hacker graphics, copying personal information or, in the case of a NASA computer, effectively seizing control," said U.S. Attorney Donald Stern in the statement.
But Patrick McBride, an analyst at MetaSeS in Atlanta, said even the kind of stiff fines and possible prison time that Iffih faces aren't likely to deter other crackers from attempting similar exploits.
"Crackers do this for fun and sport, like spray-painting buses and the sides of buildings," McBride said. However, corporate executives and government organizations have become more keenly aware of security issues and now better realize how vulnerable their systems are, he added.
The government said Iffih began wreaking havoc on government systems in April 1999, when he used a corporate Internet account known as emergon@rcn.com to enter a Defense Logistics Agency computer in Columbus, Ohio. He then used a service known as Telnet proxy to conceal his address and appear to be the government's computer.
Once hidden, Iffih entered the ZMOS server and "recklessly caused damage" to the computer, causing the Internet service provider a significant loss of business, the government said.
Then, from May through August of 1999, Iffih used the same corporate Internet account to attack a NASA server at the Goddard Space Flight Center in Greenbelt, Md., according to the government. The U.S. attorney's office said he took control of the computer and read, deleted or modified files on the system.
Iffih also was said to have installed a sniffer program on the system to intercept and save users' log-in names and passwords for his own future use. According to the government, the infiltrated NASA Web server didn't contain classified or sensitive information and wasn't involved in any satellite command or control. But during the intrusions, it added, Iffih unlawfully copied private information about 9,135 students, faculty members, alumni and other people associated with Northeastern.
Related links:
- For more security coverage, visit our Security Watch page.
- Have opinions on security issues? Head to the forums. (Note: Registration required to post message; anyone may read messages. To register on Computerworld's forums, click here).