Andrew Miller, 23, of Devon, Pa., was charged with one count each of conspiracy and access device fraud and two counts of computer fraud, according to a statement issued last Thursday by the U.S. Justice Department. If convicted on all counts, Miller could face up to 30 years in prison and a $250,000 fine.
According to the federal grand jury indictment unsealed last week, Miller hacked into two government supercomputers associated the National Energy Research Scientific Computing Center, an Oakland, Calif.-based facility which runs projects for the DoE. He bragged about the feat during an IRC conversation with an undercover FBI agent last year.
"Miller then pasted a network notification banner and file system information into the chat to demonstrate his access to nersc.gov," according to the indictment.
In subsequent conversations, Miller allegedly claimed he was working with an unidentified co-conspirator, and they had obtained root access and other user logins to several supercomputers owned by the government and educational institutions. At one point, he offered to sell access to the DoE systems to the undercover agent for $50,000, the indictment said.
Miller is an example of how criminals are chasing in on the value of access to corporate and government networks, Michael Sutton, vice president of security research at Zscaler, told SCMagazine.com. Hackers are increasingly targeting networks with "high-value intellectual property," as others will pay handsomely for the data even if it is not directly valuable to the attacker, Sutton said.
"Digital assets are easier to pilfer and can readily be turned into cash," said Sutton.