[ISN] Government-computer hacker sentenced

InfoSec News isn at c4i.org
Wed Aug 3 06:04:26 EDT 2005


By Ray Huard
August 2, 2005 

The co-founder of a San Diego computer security firm was sentenced by
a federal judge yesterday to 60 days in a work-release program for
hacking into government and private computers to show they were
vulnerable and to drum up business.

U.S. District Judge John S. Rhoades also placed Brett Edward O'Keefe
on probation for two years, ordered him to perform 100 hours of
community service and instructed him to refrain from doing any work
involving computer security while he's on probation.

The judge left it to probation officials to determine the specifics of
O'Keefe's work-release program and community service.

O'Keefe, who has moved to Phoenix, told the judge, "I've learned my
lesson far more than you can imagine."

As a result of his September 2003 arrest, O'Keefe said, "I was
financially and emotionally ruined," adding, "I've lost nearly
everything I worked my entire life for."

O'Keefe, 38, said he was humiliated by the experience. He said he
meant no harm but hacked into government computers "to say that
something more needed to be done to protect our country."

A co-founder of ForensicTec Solutions, O'Keefe pleaded guilty earlier
this year to one misdemeanor count of gaining unauthorized access to
U.S. Army computers.

In exchange for the guilty plea, Assistant U.S. Attorney John Parmley
dismissed six felony counts of gaining unauthorized access to scores
of military and government computer systems.

Parmley said O'Keefe caused $95,624 in expenses to various government
agencies, including the U.S. Army, the National Institutes of Health
and NASA, because of the time they spent "trying to figure out what
had happened to their computers."

Judge Rhoades called O'Keefe's actions "a serious crime" but said the
harm O'Keefe caused was partially offset by the value federal agencies
gained from learning that their computers were vulnerable.

"If he hadn't done what he did or his company did, they'd still be
subject to the same sort of intrusions," Rhoades said. "I think the
government got something out of it."

Defense attorney Matthew Winter said two other ForensicTec principals,
Aljosa Medvesek and his wife, Margaret Ann Medvesek, took advantage of
O'Keefe and were the ones largely responsible for hacking government

The Medveseks each pleaded guilty in September 2003 to one count of
conspiracy to gain unauthorized access to computers for financial
gain. Parmley said they are scheduled to be sentenced in September and
face a maximum penalty of five years in prison.

Winter said O'Keefe was "a trusting person" and that hacking into the
government computers was out of character for him.

In August 2002, O'Keefe revealed to The Washington Post that his
company had gained unauthorized access to government computers as a
way to expose lax security. Prosecutors said the idea behind seeking
publicity was to attract new clients for the security firm and
increase profits.

More information about the ISN mailing list