Hacker pleads guilty, targeted DOE

A 23-year-old Pennsylvania man pleaded guilty Aug. 27 to charges he had hacked into supercomputers owned by the Department of Energy and planned to sell access to them for tens of thousands of dollars.

Andrew James Miller, 23, of Devon, Pa., pleaded guilty in U.S. District Court to one count of conspiracy and two counts of computer intrusion.

From 2008 to 2011, according to a statement from the U.S. attorney’s office, Miller and co-conspirators remotely hacked into computers in Massachusetts and elsewhere. In some instances, it said, Miller secretly installed back doors in the computers to allow later access to them with administrator-level, or “root,” privileges.  

Miller was indicted for allegedly remotely hacking into computer networks that belonged to Massachusetts-based RNK Telecommunications Inc.; Colorado-based advertising agency Crispin Porter and Bogusky Inc.; the University of Massachusetts; U.S. Department of Energy (DOE) facilities; and other institutions and companies, according to the Justice Department.

Although the U.S. attorney didn’t identify the specific computers Miller admitted to accessing, Wired  reported that Miller pleaded guilty to propositioning an undercover FBI agent during an online chat, asking the agent to pay $50,000 for root access to the supercomputers at the National Energy Research Scientific Computing Center (NERSC) at the Lawrence Berkeley National Laboratory in Berkeley, Calif.

NERSC is home to several powerful computers used in unclassified research projects.

The lab is a member of the national laboratory system supported by the U.S. Department of Energy through its Office of Science and managed by Cal. It is charged with conducting unclassified research across a wide range of scientific disciplines. All research projects funded by the DOE Office of Science and that require high performance computing support are eligible to apply to use NERSC resources, according to the lab.

Wired also said Miller bragged to FBI agents online that he had also broken into corporate servers at American Express, Yahoo, Google, Adobe, WordPress and other companies and universities.

The U.S. attorney’s office in Boston said Miller got his hands on log-in credentials to the compromised computers and he and his co-conspirators sold access to the back doors, as well as other log-in credentials. The access Miller and his co-conspirators sold allowed unauthorized people to access various commercial, education and government computer networks, it said.

Miller is scheduled for sentencing Nov. 19.  According to the U.S. attorney in Boston, the maximum penalty for the conspiracy count is five years in prison.  One of the computer intrusion counts carries a maximum penalty of five years and the other, involving intentional damage to a private computer, carries a maximum of 10 years.

This article was updated to correct the identification of Lawrence Berkeley National Laboratory.