St. Joseph, Missouri Man Charged in Western District's First Computer Hacking Indictment (December 20, 2002)
DOJ Seal
December 20, 2002

U.S. Department of Justice
United States Attorney
Western District of Missouri
Todd P. Graves
400 East Ninth Street, Room 5510
Kansas City, MO 64106
Contact: Don Ledfordl
Public Affairs
Phone: (816) 426-4220

St. Joseph Man Charged in District’s First Computer Hacking Indictment

     KANSAS CITY, Mo.  Todd P. Graves, United States Attorney for the Western District of Missouri, announced today that a St. Joseph man has been indicted for unauthorized computer intrusion. Graves noted that this is the first case of computer hacking ever prosecuted in the Western District of Missouri, which recently launched a new Cyber Crimes and Child Exploitation Unit.      Richard W. Gerhardt, 43, of St. Joseph, Mo., was charged in an indictment returned under seal by a federal grand jury on December 19, 2002. That indictment was unsealed and made public today upon Gerhardt’s arrest and initial court appearance before U.S. Magistrate Judge Sarah W. Hays.      The indictment alleges that Gerhardt gained unauthorized access to the network computer system of Nestle USA while employed as an information systems consultant, working primarily at the Friskies Petcare plant in St. Joseph. Friskies Petcare is a corporate subsidiary of Nestle USA, which in turn is a subsidiary of Nestle S.A. of Vevey, Switzerland.      On five separate occasions between August 12, 2001, and June 10, 2002, the indictment alleges, Gerhardt gained access to the Nestle network computer system without authorization and in excess of his authorized access. Gerhardt allegedly downloaded approximately 5,000 user account passwords from Nestle’s system, costing the firm more than $5,000 to conduct a damage assessment of, verify the security of, and restore the integrity of its computer system.      The various offices and facilities of Nestle USA and Nestle S.A. throughout the United States and the world, including the Friskies Petcare plant in St. Joseph, are linked together by a network computer system. Any computer or server connected to that system, Graves explained, is thus a protected computer under federal law.      Gerhardt allegedly used a password-cracking software called L0phtCrack to retrieve the passwords for user accounts on the system. Gerhardt then created a database containing the user account passwords, the indictment alleges, and stored the database in a file on a computer server connected to the system and in a file located on a laptop computer issued to him by Nestle.      While on the system, Gerhardt allegedly ran at least one password recovery utility program and then stored the results in at least one .zip file, creating a file which contained passwords he had obtained.      Without authorization, the indictment alleges, Gerhardt loaded and installed a program called pwdump.exe on the Nestle network computer system and on the laptop computer issued to him by Nestle. According to the indictment, the pwdump.exe program is associated with an automated command that, at a preset time each day, communicated to other computers on the Nestle network computer system and downloaded active accounts and passwords. On June 3, 2002, Gerhardt allegedly caused the output from the pwdump.exe program to be stored on a computer server connected to the Nestle computer network system. Approximately 5,000 passwords associated with users of the Nestle computer network system were allegedly accessed and stored by Gerhardt.      The indictment alleges that on June 4, 2002, Gerhardt used a dial-up connection to log onto the Nestle network computer system from a remote location. While on the system, Gerhardt allegedly created a new and unauthorized administrator account.      Graves cautioned that the charge contained in the indictment is simply an accusation, and is not evidence of guilt. Evidence supporting the charges must be presented to a federal trial jury, whose duty is to determine guilt or innocence.      The case is being prosecuted by Assistant U.S. Attorney Gene Porter. The case was investigated by the Federal Bureau of Investigation.

****************      This news release, as well as additional information about the office of the United States Attorney for the Western District of Missouri, is available on-line at