[ISN] Massachusetts Teen Convicted for Hacking into Internet and Telephone Service Providers and Making Bomb Threats

InfoSec News isn at c4i.org
Tue Sep 13 02:41:23 EDT 2005


By News Staff 
Sept 11, 2005 

A Massachusetts juvenile pled guilty in federal court and was
sentenced Thursday in connection with a series of hacking incidents
into Internet and telephone service providers; the theft of an
individual's personal information and the posting of it on the
Internet; and making bomb threats to high schools in Florida and
Massachusetts; all of which took place over a 15-month period. Victims
of the juvenile's conduct have suffered a total of approximately $1
million in damages, according to a release from the U.S. Attorney's

United States Attorney Michael J. Sullivan for the District of
Massachusetts; United States Attorney H. E. Bud Cummins, III for the
Eastern District of Arkansas; United States Attorney R. Alexander
Acosta for the Southern District of Florida; Steven D. Ricciardi,
Special Agent in Charge of the U.S. Secret Service in New England;  
Kenneth W. Kaiser, Special Agent in Charge of the Federal Bureau of
Investigation in New England; William Sims, Special Agent in Charge of
the Secret Service in Miami, Florida; and William C. Temple, Special
Agent in Charge of the Federal Bureau of Investigation in Little Rock,
Arkansas, announced today that in a sealed court proceeding a
Massachusetts teenager pled guilty before U.S. District Judge Rya W.  
Zobel to an Information charging him with nine counts of juvenile

By statute, federal juvenile proceedings and the identity of juvenile
defendants are under seal. The Court has authorized limited disclosure
in this case at the request of the government and defendant.

Judge Zobel also imposed a sentence today of 11 months' detention in a
juvenile facility, to be followed by two years of supervised release.  
During his periods of detention and supervised release, the juvenile
is also barred from possessing or using any computer, cell phone or
other electronic equipment capable of accessing the Internet.

Had the juvenile been an adult, the underlying charges would have been
charged as three counts of making bomb threats against a person or
property, three counts of causing damage to a protected computer
system, two counts of wire fraud, one count of aggravated identity
theft, and one count of obtaining information from a protected
computer in furtherance of a criminal act.

"Computer hacking is not fun and games," stated U.S. Attorney
Sullivan. "Hackers cause real harm to real victims as graphically
illustrated in this case." "Would-be hackers, even juveniles when
appropriate, should be put on notice that such criminal activity will
not be tolerated and that stiff punishments await them if they are

As a result of this bomb threat, the school was closed for two days,
while a bomb squad, a canine team, the fire department and Emergency
Medical Services were called in.

In August, 2004, the juvenile logged into the Internet computer system
of a major Internet Service Provider ("ISP") using a program he had
installed on an employee's computer. This program allowed the juvenile
to use the employee's computer remotely to access other computers on
the internal network of the ISP and gain access to portions of the
ISP's operational information.

In January, 2005, the juvenile gained access to the internal computer
system of a major telephone service provider that allowed him to look
up account information of the telephone service provider's customers.  
He used this computer system to discover key information about an
individual who had an account with the telephone service. He then
accessed the information stored on this individual's mobile telephone,
and posted the information on the Internet.

During this same time period, the juvenile used his access to the
telephone company's computer system to set-up numerous telephone
accounts for himself and his friends, without having to pay for the

Also in January, 2005, an associate of the juvenile set-up accounts
for the juvenile at a company which stores identity information
concerning millions of individuals allowing the juvenile to look at
the identity information for numerous individuals, some of which he
used for the purpose of looking up the account information for the
victim whose personal information he posted on the Internet.

In the spring of 2005, the juvenile, using a portable wireless
Internet access device, arranged with one or more associates to place
a bomb threat to a school in Massachusetts and local emergency
services, requiring the response of several emergency response units
to the school on two occasions and the school's evacuation on one.

In June, 2005, the juvenile called a second major telephone service
provider because a phone that a friend had fraudulently activated had
been shut off. In a recorded telephone call, the juvenile threatened
the telephone service provider that if the provider did not provide
him access to its computer system, he would cause its Web service to
collapse through a denial of service attack -- an attack designed to
ensure that a Website is so flooded with request for information that
legitimate users cannot access the Website. The telephone service
provider refused to provide the requested access. Approximately ten
minutes after the threat was made, the juvenile and others initiated a
denial of service attack that succeeded in shutting down a significant
portion of the telephone service provider's Web operations.

More information about the ISN mailing list