From: frissell@panix.com (Duncan Frissell) Newsgroups: ailab.cypherpunks Subject: British Hacker Article Date: 4 Jan 1995 13:38:58 -0500 Organization: MIT Artificial Intelligence Lab NNTP-Posting-Host: life.ai.mit.edu From The Independent (London) Tuesday 3 January 1995 - Front Page [Banner Headlines] BRITISH BOY `RAIDED US DEFENCE SECRETS' by Tim Kelsey A 16-year-old Briton allegedly hacked into some of the US government's most sensitive computers and was able to watch secret communications between US agents in north Korea during the crisis over nuclear inspection last spring. After reading them, he put them onto a bulletin board of the Internet, an international computer network accessible by 35 million users. _The_Independent_ has learnt that Scotland Yard has arrested the boy and has sent a report to the Crown Prosecution Service. Officers expect to be told whether he can be charged this month. In what US officials have conceded is one of the most serious breaches of computer security in recent years, the boy accessed several defence department systems for at least seven months without detection. The systems he obtained access to included those for ballistic weapons research, and aircraft design, payroll, procurement, personnel records and electronic mail. The boy, who was arrested in Tottenham, north London in July, was, according to US officials, one of a number of people who broke into US defence computers in the latter months of 1993 and the early months of 1994. But it is understood that he was responsible for most of the damage. In all, more than a million user passwords were compromised. The US Defence Information Systems Agency admitted in a private briefing, which has been confirmed, that the hackers had affected the Department's "military readiness." The boy was first detected in March 1994, and the Air Force Office of Special Investigations (OSI) was appointed to investigate. The OSI is a special task force, based at Bolling Air Force Base in Washington DC. It mounts special "raids" on classified computer sites to test their security. A spokesman said yesterday that the boy, who was nicknamed "Datastream" by friends on the Internet, needed "more knowledge than the average home computer owner would possess" to hack the computers. It is understood that he invented a "sniffer" programme which searched across hundreds of computers attached to the Internet for passwords and user names. He was finally caught because he left his terminal on-line to a US defence computer over night. Another British hacker, aged 22, who is acquainted with "Datastream", read some of the messages accessed by him. "They contained information about firing sites in North Korea and stuff like that. Field intelligence. He kept detailed logs of communication traffic. He really couldn't believe his luck. The Americans thought he was a spy but he told them he was just doing it for fun. The OSI said in a statement: "It is unknown if any hacker actually read, copied or took any other action with the Korean files or any other sensitive data. The Korean files were on the Girths Air Force Base computer system and therefore the could have been accessed. It is our opinion that the hacker who accessed the Korean file system learned of its existence form a bulletin board system or another hacker. It is possible the hacker could have read the Korean files." Scotland Yard's Computer Crime Unit is able to prosecute the boy under the terms of the Computer Misuse Act, which allows for crimes committed overseas by Britons to be dealt with in UK courts. A spokesman confirmed that a report had been sent to the CPS. The Internet, designed in the 1960s by US Defence engineers to enable them to communicate quickly by computer, is now available to anyone who pays a small fee.