Hacker charged with selling access to Energy, other networks

The Justice Department has a charged a 23-year-old Philadelphia-area man with hacking into networks run by the Energy Department, the University of Massachusetts and other organizations, and selling access to those networks.

An indictment unsealed June 14 alleges that Andrew James Miller, 23, of Devon, Pa., and others broke into computer networks belonging to Energy, UMass, RNK Telecommunications, advertising agency Crispin Porter and Bogusky, and other institutions and companies between 2008 and 2011, according to DOJ.

At one point, he allegedly tried to sell an undercover FBI agent access to a DOE supercomputer for $50,000, ThreatPost reported.

Related stories:

Cyber threats in 2012: 5 pain points

Energy lab releases open-source tool for tracking cyberattacks

According to the indictment, Miller and his co-conspirators stole users’ credentials when he hacked into the systems and used them to sell access. Dealing with the undercover FBI agent, he received two payments of $500 each via Western Union for a list of RNK user names and passwords, requested two payments of $600 for UMass data, and sought $1,000 for access to the advertising agency, ThreatPost reported.

The alleged attempt to sell access to a supercomputer involved networks at Energy’s National Energy Research Scientific Computing Center.

Miller, who was arrested June 14, is charged with one count of conspiracy, two counts of computer fraud and one count of access device fraud. If convicted, he faces up to five years in prison for the conspiracy count and one of the computer fraud charges, and up to 10 years on the other computer fraud counts and the access device fraud count.

Hackers selling access to compromised systems, even government systems, isn’t entirely new. In January 2011, security company Imperva reported that access to dozens of compromised government, military and education networks in the United States and Europe was up for sale.

Access was being offered for between $55 and $499 per site, Imperva said, and some hackers were offering personally identifiable information from the sites at a rate of $20 per 1,000 records.

The apparently compromised sites included the Defense Department’s Pharmacoeconomic Center, the Army’s Communications-Electronics Command, and the main website of the Italian government.

One twist with the sites Imperva found for sale, however, was that some of the URLs being offered included typos, leading to speculation that, in some cases at least, the hackers weren’t really selling access but were just trying to rip off other hackers.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Tue, Jun 19, 2012

Hacking is a job interview isn't it?

Tue, Jun 19, 2012

Until we clamp down on this it will continue to happen. This moron stole personal information and put it up for sale. I envision 93 year old ladies with drained bank accounts and people living on the financial edge finding a 0 checking account balance or, worse, a new $10,000 Credit card bill. Five years in prison is saying ... If you can make $50,000 10 times before getting caught, you get a 3 year vacation all expenses paid, and get to keep the money. I say a $50,000 fine that MUST be paid back in 20 years.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group