Jonathon James became the first juvenile to be sent to prison for hacking at the age of 16 years old. Through our knowledge from this class, James claimed to be gray hat hacker. In an anonymous PBS interview James was quoted saying, “I was just looking around, playing around. What was fun for me was a challenge to see what I could pull off."
James’s actions were directed towards prestigious and important institutions. One institution affected was ironically the Department of Defense. He installed a backdoor into a Defense Threat Reduction Agency server. The DTRA is an agency of the Department of Defense charged with reducing the threat to the U.S. and its allies from nuclear, biological, chemical, conventional and special weapons. The backdoor he created enabled him to view sensitive emails and capture employee usernames and passwords.
Another important institution the 16 year old compromised was NASA! NASA claimed that the boy stole over 1.7 million dollars worth of software. The Department of Justice claimed that the software stolen directly controlled the Space Station’s physical environment, including control of the temperature and humidity within the living space. NASA had to shut down its computer systems which cost them 41,000 dollars. How could a 16 year old boy hack into what millions of people base their safety upon? His response, "The code itself was crappy . . . certainly not worth $1.7 million like they claimed."
With all of the intrusions compiled against James, he would have served at least ten years as an adult. Due to his age, he was banned from computer use and was forced to serve a six-month sentence under house arrest with probation. The funniest part is that he then served six months in prison for violating his parole. James now claims that he learned his lesson and is in the process of starting a computer security company. Regardless, Jonathan James will always be known as the sixteen year old who hacked NASA!
If someone would have asked me what NASA should do to prevent hackers before I read this article, I would’ve said that their security is way beyond my technical knowledge. Although I’m sure the 16 year old was extremely knowledgeable, this should not have been possible. NASA obviously needs to add more firewalls and more up to date virus software. Most importantly, NASA and DTRA should conduct vulnerability tests. Vulnerability tests will highlight flaws and limitations on their systems and can show areas that may need improvement.
Posts
Wow, that is pretty sad but also impressive that a 16 year old could hack into NASA. I'm not sure how he would qualify as a gray hat hacker though if he supposedly stole information costing NASA so much money.
ReplyDeleteAs far as his future, he would certainly seem to be a great person for improving security. However, the questions is, can he really be trusted? Has he really learned a lesson? If he can be believed, maybe NASA should hire him to help them fix their own security problems. Same goes for the Department of Defense. If a 16 year old (although he is no doubt pretty genius) can do it, imagine how easy it would be for a Russian or Chinese spy team to do it.
This article does make both NASA and the Department of Defense look really bad. Like both previous posts have mentioned, the 16-year-old must be extremely intelligent to have done this, but that doesn't change the fact that he is still a teenager with little or no technical knowledge. Assuming he was using a regular internet connection from his home computer imagine the damage that could be done by someone looking to maliciously attack the United States with enough technical skill to do so. I also wonder, if he was able to steal so much data and software, how long was it before NASA realized that someone had invaded their system? I hope that both NASA and the Department of Defense have learned from this pretty embarrassing event and are doing some serious restructuring of their security systems.
ReplyDeleteConsidering that the US does boast about being pretty technologically-advanced, I agree with previous comments that this is an embarrassing situation to have, particularly since NASA and Department of Defense are the *last* things that we want people to be hacking into. As the previous poster pointed out, I'm wondering how long it took these departments to realize that they had been hacked into, as it might suggest that they have not been a good job in keeping updated firewalls and other useful security measures. In retrospect, this event was probably a good thing, and it was probably even more fortunate that it was only a 16 year old that broke into the system, and not a malicious foreign attacker. However, I doubt that NASA or the DOD is about to admit that to the public, much less to the juvenile Jonathon James. I'm just wondering what they are doing to try to prevent this from happening again.
ReplyDeleteThis is a great story and a really impressive kid. I'm amazed that anyone could break into NASA and the Department of Defense because of their role in national security, much less a 16 year old. I do agree that it was fortunate for the US that such a seemingly harmless individual authored the security breach, but it does raise questions about the competence of the people who are supposed keep such events from happening.
ReplyDeleteI am very interested in knowing how this individual was not caught doing something illegal prior to these episodes. Certainly, he must have practiced hacking on a smaller scale before taking on such an prestigious institution and should, therefore, have been caught during one of those times.
As posted before, this kid is very impressive. What I am curious about is how the kid was caught? Could the security team track it back to his home computer when he was viewing the emails? I believe the kid was a gray hat hacker because he did not have malicious intent behind his actions. The article said that the kid copied the NASA software and he was downloading the source codes in order to improve his computer programming skills. If he wasn't a gray hat hacker he would have exploited the information he was using for personal gain or malicious intent, which he did not do.
ReplyDeleteFirst, I think this young man qualifies as a gray hat hacker, as his intent was only to gain entrance and practice with code, even though he inadvertently cost NASA a pretty hefty loss.
ReplyDeleteIt's pretty amazing that we see multimillion corporations and major US federal bureaucratic branches invaded in this manner. It highlights the disparity within organizations with regards to information security and physical security (it would be hard to imagine a 16 year old sneaking into the Pentagon or Cape Canaveral). As crime continues to go virtual, all organizations must either improve information security or face similar threats.