On Wednesday, 24-year-old Pennsylvania man Andrew James Miller pleaded guilty to charges of hacking into Department of Energy supercomputers and attempting to sell stolen access credentials.
A member of the Underground Intelligence Agency hacking group, Miller was arrested and indicted in June 2012. The Federal Bureau of Investigation (FBI) accused Miller of illegally accessing supercomputers at the National Energy Research Scientific Computing Center (NERSC) at the Lawrence Berkeley National Lab in California.
|Hopper is NERSC’s first petaflop system, a Cray XE6, with a peak performance of 1.28 petaflops. Hopper placed number 5 on the November 2010 TOP500 Supercomputer list. Source: NERSC|
In May 2011, using the alias “Green,” Miller offered to sell an undercover FBI agent “login credentials to a series of computer networks that would enable remote access to the domain ‘nersc.gov'” for the sum of $50,000.
During the exchange, Miller claimed he and his partners had access to approximately half of the TOP500 supercomputers, with “root” access to some of them. Miller said that most of the sites were gov/edu type domains.
The government’s trial brief notes that “because Miller’s $50,000 price-tag was so steep, the FBI never transferred the money and therefore never obtained the NERSC log-in credentials.”
NERSC was not his only target. According to court documents obtained by Wired, from 2008 to 2011 “Miller and others allegedly remotely hacked into computer networks belonging to RNK Telecommunications Inc., a Massachusetts company; Crispin Porter and Bogusky Inc., a Colorado advertising agency; the University of Massachusetts; the U.S. Department of Energy; and other institutions and companies.”
Miller also bragged to the FBI that he’d broken into numerous corporate systems, including those of American Express, Yahoo, Google, Adobe, and WordPress. He would gain access by stealing employees’ credentials with a sniffer or keylogger or he’d get the log-in credentials directly from other hackers.
Miller was charged with one count of conspiracy and two counts of computer fraud, which combined carry a maximum penalty of 20 years in prison. The defendant has agreed to a plea deal in exchange for a lighter sentence: 12-18 months behind bars with 36-months of supervised release. Miller will also be responsible for fines and restitution in an amount to be determined. The defendant remains free pending a November 19 sentencing date.
Since the breach, NERSC has boosted its intrusion detection capability. The center uses a modified version of SSH that allows the content of interactive SSH sessions to be recorded and analyzed.
“Credential theft represents the single greatest threat to security here at NERSC,” remarks a webpage devoted to the topic. “We are addressing this problem by analyzing user command activity and looking for behavior that is recognizably hostile.”
An advanced intrusion detection system called Bro analyzes the session data and alerts NERSC officials when data appears compromised. Once a breach is confirmed, the session logs are used to identify what the intruder did and the extent of the compromise.