A Pennsylvania man affiliated with the Underground Intelligence Agency hacker collective has pleaded guilty in connection to selling access to US Energy Department servers he infiltrated illegally.
Andrew James Miller, 24, pleaded guilty to offering an undercover Federal Bureau of Investigation agent “root” access to the so-called supercomputers at the National Energy research Scientific Computing Center at the Lawrence Berkley National Lab California in exchange for $50,000, according to Wired. Some of the world’s most powerful computers are housed at the research center, where high-end computing power is fostered for Energy department projects.
Miller, who used the alias “Green” in the online chats, pasted a document confirming he had access to the restricted computers, according to the prosecution. He told the undercover FBI agents that he also had access to computers at Harvard University and the University of California at Davis. He also claimed to have infiltrated servers at Yahoo, American Express, Google, Adobe, and WordPress, among others.
Another member of the Underground Intelligence Agency, known only as “Intel,” helped authorities piece together the investigation.
“Miller and other members of the conspiracy remotely, surreptitiously, and without authorization, installed ‘backdoors’ onto computer servers and created ‘magic passwords’ that provided ‘root’ access to these compromised servers,” according to the original indictment. “Miller and other members of the conspiracy sold, or otherwise transferred, these ‘magic passwords’ and other stolen login credentials to others, including to an undercover agent from the FBI.”
He was also accused of bragging to agents of accessing the entire corporate network of RNKTel, a Massachusetts telecommunication firm.
“According to RNKTel, with that administrator-level access, a bad actor could not only have access RNKTel’s confidential business records but could also have altered customer accounts to obtain, for free, the telecommunication services that RNKTel sells it to customers,” prosecutors said, as quoted by Wired.
The NERSC admitted on its website that the temptation of breaking onto the center’s servers is sometimes too much for hackers to overcome.
“Both because of our unique computing resources, and simply because we are a government institution, attackers target NERSC systems,” they wrote. “In particular, smart attackers who have time and resources have been known to target our systems.”