DOE Supercomputer Hack Results in Guilty Plea

By Tiffany Trader

August 30, 2013

On Wednesday, 24-year-old Pennsylvania man Andrew James Miller pleaded guilty to charges of hacking into Department of Energy supercomputers and attempting to sell stolen access credentials.

A member of the Underground Intelligence Agency hacking group, Miller was arrested and indicted in June 2012. The Federal Bureau of Investigation (FBI) accused Miller of illegally accessing supercomputers at the National Energy Research Scientific Computing Center (NERSC) at the Lawrence Berkeley National Lab in California.

Hopper is NERSC’s first petaflop system, a Cray XE6, with a peak performance of 1.28 petaflops. Hopper placed number 5 on the November 2010 TOP500 Supercomputer list. Source: NERSC

In May 2011, using the alias “Green,” Miller offered to sell an undercover FBI agent “login credentials to a series of computer networks that would enable remote access to the domain ‘nersc.gov'” for the sum of $50,000.

During the exchange, Miller claimed he and his partners had access to approximately half of the TOP500 supercomputers, with “root” access to some of them. Miller said that most of the sites were gov/edu type domains.

The government’s trial brief notes that “because Miller’s $50,000 price-tag was so steep, the FBI never transferred the money and therefore never obtained the NERSC log-in credentials.”

NERSC was not his only target. According to court documents obtained by Wired, from 2008 to 2011 “Miller and others allegedly remotely hacked into computer networks belonging to RNK Telecommunications Inc., a Massachusetts company; Crispin Porter and Bogusky Inc., a Colorado advertising agency; the University of Massachusetts; the U.S. Department of Energy; and other institutions and companies.”

Miller also bragged to the FBI that he’d broken into numerous corporate systems, including those of American Express, Yahoo, Google, Adobe, and WordPress. He would gain access by stealing employees’ credentials with a sniffer or keylogger or he’d get the log-in credentials directly from other hackers.

Miller was charged with one count of conspiracy and two counts of computer fraud, which combined carry a maximum penalty of 20 years in prison. The defendant has agreed to a plea deal in exchange for a lighter sentence: 12-18 months behind bars with 36-months of supervised release. Miller will also be responsible for fines and restitution in an amount to be determined. The defendant remains free pending a November 19 sentencing date.

Since the breach, NERSC has boosted its intrusion detection capability. The center uses a modified version of SSH that allows the content of interactive SSH sessions to be recorded and analyzed.

“Credential theft represents the single greatest threat to security here at NERSC,” remarks a webpage devoted to the topic. “We are addressing this problem by analyzing user command activity and looking for behavior that is recognizably hostile.”

An advanced intrusion detection system called Bro analyzes the session data and alerts NERSC officials when data appears compromised. Once a breach is confirmed, the session logs are used to identify what the intruder did and the extent of the compromise.

Related Content

Blue Waters: Security at Scale 

White Hats Warn of Cyber Carjackings 

GPU Monster Shreds Password Hashes 

Cloud Browser Hack Exposed 

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

Nvidia Debuts Turing Architecture, Focusing on Real-Time Ray Tracing

August 16, 2018

From the SIGGRAPH professional graphics conference in Vancouver this week, Nvidia CEO Jensen Huang unveiled Turing, the company's next-gen GPU platform that introduces new RT Cores to accelerate ray tracing and new Tenso Read more…

By Tiffany Trader

HPC Coding: The Power of L(o)osing Control

August 16, 2018

Exascale roadmaps, exascale projects and exascale lobbyists ask, on-again-off-again, for a fundamental rewrite of major code building blocks. Otherwise, so they claim, codes will not scale up. Naturally, some exascale pr Read more…

By Tobias Weinzierl

STAQ(ing) the Quantum Computing Deck

August 16, 2018

Quantum computers – at least for now – remain noisy. That’s another way of saying unreliable and in diverse ways that often depend on the specific quantum technology used. One idea is to mitigate noisiness and perh Read more…

By John Russell

HPE Extreme Performance Solutions

Introducing the First Integrated System Management Software for HPC Clusters from HPE

How do you manage your complex, growing cluster environments? Answer that big challenge with the new HPC cluster management solution: HPE Performance Cluster Manager. Read more…

IBM Accelerated Insights

Super Problem Solving

You might think that tackling the world’s toughest problems is a job only for superheroes, but at special places such as the Oak Ridge National Laboratory, supercomputers are the real heroes. Read more…

NREL ‘Eagle’ Supercomputer to Advance Energy Tech R&D

August 14, 2018

The U.S. Department of Energy (DOE) National Renewable Energy Laboratory (NREL) has contracted with Hewlett Packard Enterprise (HPE) for a new 8-petaflops (peak) supercomputer that will be used to advance early-stage R&a Read more…

By Tiffany Trader

STAQ(ing) the Quantum Computing Deck

August 16, 2018

Quantum computers – at least for now – remain noisy. That’s another way of saying unreliable and in diverse ways that often depend on the specific quantum Read more…

By John Russell

NREL ‘Eagle’ Supercomputer to Advance Energy Tech R&D

August 14, 2018

The U.S. Department of Energy (DOE) National Renewable Energy Laboratory (NREL) has contracted with Hewlett Packard Enterprise (HPE) for a new 8-petaflops (peak Read more…

By Tiffany Trader

CERN Project Sees Orders-of-Magnitude Speedup with AI Approach

August 14, 2018

An award-winning effort at CERN has demonstrated potential to significantly change how the physics based modeling and simulation communities view machine learni Read more…

By Rob Farber

Intel Announces Cooper Lake, Advances AI Strategy

August 9, 2018

Intel's chief datacenter exec Navin Shenoy kicked off the company's Data-Centric Innovation Summit Wednesday, the day-long program devoted to Intel's datacenter Read more…

By Tiffany Trader

SLATE Update: Making Math Libraries Exascale-ready

August 9, 2018

Practically-speaking, achieving exascale computing requires enabling HPC software to effectively use accelerators – mostly GPUs at present – and that remain Read more…

By John Russell

Summertime in Washington: Some Unexpected Advanced Computing News

August 8, 2018

Summertime in Washington DC is known for its heat and humidity. That is why most people get away to either the mountains or the seashore and things slow down. H Read more…

By Alex R. Larzelere

NSF Invests $15 Million in Quantum STAQ

August 7, 2018

Quantum computing development is in full ascent as global backers aim to transcend the limitations of classical computing by leveraging the magical-seeming prop Read more…

By Tiffany Trader

By the Numbers: Cray Would Like Exascale to Be the Icing on the Cake

August 1, 2018

On its earnings call held for investors yesterday, Cray gave an accounting for its latest quarterly financials, offered future guidance and provided an update o Read more…

By Tiffany Trader

Leading Solution Providers

SC17 Booth Video Tours Playlist

Altair @ SC17

Altair

AMD @ SC17

AMD

ASRock Rack @ SC17

ASRock Rack

CEJN @ SC17

CEJN

DDN Storage @ SC17

DDN Storage

Huawei @ SC17

Huawei

IBM @ SC17

IBM

IBM Power Systems @ SC17

IBM Power Systems

Intel @ SC17

Intel

Lenovo @ SC17

Lenovo

Mellanox Technologies @ SC17

Mellanox Technologies

Microsoft @ SC17

Microsoft

Penguin Computing @ SC17

Penguin Computing

Pure Storage @ SC17

Pure Storage

Supericro @ SC17

Supericro

Tyan @ SC17

Tyan

Univa @ SC17

Univa

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This