3 February 2004 A London teenager who hacked into 17 computer systems at a US government-funded laboratory carrying out nuclear weapons research was sentenced yesterday to a mere 200 hours community service.
Joseph James McElroy, told Southwark Crown Court that that his reason for hacking into the systems of the Fermi National Accelerator Laboratory (Fermilab) near Chicago, Illinois over a two-week period in June 2002, was to store and exchange hundreds of gigabytes worth of music and film files with his friends.
A joint investigation between the US Department of Energy and New Scotland Yard’s Computer Crime Unit in the UK traced the originating IP address to McElroy, an Exeter University undergraduate.
Fermilab, known for its advanced research into subatomic particles and nuclear weapons, stores huge amounts of research data in what is one of the largest computer facilities on the planet. The laboratory demanded $38,000 in compensation for the hack, which shut down a section of its computer network for three days, the court heard.
McElroy pleaded guilty to violating the Computer Misuse Act, which covers a wide range of computer crimes and carries sentences of up to five years. He said he was unaware that the computers belonged to a government-funded research laboratory.
But Judge Andrew Goymer put aside the Department of Energy’s demands maintaining that the breach in no way compromised the laboratory’s confidential research data.
The verdict shocked some observers. “It is very worrying that appropriate compensation or a custodial sentence has not been issued in this case,” said David Williamson, director of sales at managed security services provider Ubizen. “The hacker community… will view this outcome as a green light to break the law.”
Hackers have for many years stolen broken into poorly protected servers to store large caches of pirated films, music and games. But a lack of manpower to review network logs and to patch in secure systems means most cases go unnoticed or unsolved.
“Ultimately, organisations need to ensure there are no ‘open doors’ in the network for the hacker to walk through,” said Williamson.