London, England Hacker Indicted Under Computer Fraud and Abuse Act For Accessing Military Computers (November 12, 2002)
DOJ Seal
November 12, 2002

U.S. Department of Justice
United States Attorney
Eastern District of Virginia
2100 Jameison Avenue
Alexandria, VA 22314
Contact: Sam Dibbley
Phone: (703) 299-3822

London, England Hacker Indicted Under Computer Fraud and Abuse Act For Accessing Military Computers

Paul J. McNulty, United States Attorney for the Eastern District of Virginia, announced that Gary McKinnon, of London, England, was indicted in Alexandria today by a federal grand jury on seven counts of computer fraud and related activity. McKinnon faces on each count a maximum sentence of 10 years of imprisonment and a $250,000 fine. The United States intends to formally request that the United Kingdom extradite McKinnon. According to the indictment, between March of 2001 and March of 2002, Gary McKinnon accessed and damaged without authorization 92 computers belonging to the United States Army, Navy, Air Force, Department of Defense and NASA, and 6 computers belonging to a number of private businesses. One count charges McKinnon with accessing and damaging without authorization a computer used by the military for national defense and security. Other computers hacked by McKinnon include computers located at military bases throughout the United States and the Pentagon. The indictment alleges that Gary McKinnon scanned a large number of computers in the .mil network, was able to access the computers and obtained administrative privileges. Once he was able to access the computers, McKinnon installed a remote administration tool, a number of hacker tools, copied password files and other files, deleted a number of user accounts and deleted critical system files. Once inside a network, McKinnon would then use the hacked computer to find additional military and NASA victims. Ultimately, McKinnon caused a network in the Washington D.C. area to shutdown, resulting in the total loss of Internet access and e-mail service to approximately 2000 users for three days. The estimated loss to the various military organizations, NASA and the private businesses is approximately $900,000. The case was indicted as the result of a 17 month investigation by the U.S. Army Criminal Investigation Command’s Computer Crime Investigative Unit (CCIU), NASA Office of the Inspector General, Naval Criminal Investigative Service, 902nd Military Intelligence Group-Information Warfare Branch, Defense Criminal Investigative Service, the Air Force Office of Special Investigations and the United Kindom’s National High Tech Crime Unit. Also assisting in the investigation were the U.S. Army Computer Emergency Response Team located at Fort Belvoir, Va., the Army Regional Computer Emergency Response Team at Fort Huachuca, the Naval Computer Incident Response Team, and the Department of Defense Computer Emergency Response Team. The case will be prosecuted by the United States Attorney’s Office for the Eastern District of Virginia and the Computer Crime and Intellectual Property Section for the Department of Justice.