JPL Computer Penetrated by a ‘Hacker’

A “hacker” prowling through a network that connects thousands of computers at U.S. military installations, defense contractors, think-tanks and universities broke into the Jet Propulsion Laboratory’s computer system last month, provoking a scramble for safeguards that a laboratory executive said may eventually cost millions of dollars.

Investigators know the intruder violated at least three computer systems in a single foray, including one belonging to the U.S. Navy, but they have not determined if even more systems were involved, a JPL spokesman said Thursday.

“It could be a series of penetrations,” JPL Deputy Director Peter Lyman said.

‘Unauthorized Access’

A spokeswoman for the Department of Defense said the Pentagon is investigating the break-in because it “regards any attempt to gain unauthorized access to computer systems as serious.”

JPL officials first blamed the intrusion on the Chaos Computer Club, based in Hamburg, West Germany. The club of hackers--who use personal computers and telephone links to gain unauthorized access to other people’s computers--admitted breaking into National Aeronautics and Space Administration computer systems last year.

A JPL spokesman later backed away from the allegation, saying the break-in bore similarities to the Chaos club’s techniques, but also differences.

(A spokesman for the club told the Associated Press in Bonn that he was unaware of the break-in but would check into the matter further.)

JPL, a Caltech facility near Pasadena, is the nation’s leading space research laboratory.

The break-in began sometime before midnight May 16 and lasted until about 7:30 a.m., JPL spokesman George Alexander said.

No classified material was compromised, and no serious harm appeared to have been done, Lyman said.

However, Lyman said, the intruder left behind an “insidious Trojan horse,” a modification in the computer’s program that would have permitted easy, untraceable access to the computer in the future.

‘Master Key’

“It was sort of like a burglar getting a master key to your house and the key to the alarm system,” Lyman said. “After that, he could have come and gone at will, without our knowing anything about it.

Alexander said JPL investigators found traces of the break-in only minutes after the intruder had signed off, and they “rebuilt the system” within days.

“We were not going to continue using the operating system they had been mucking around with,” Alexander said, in case the hackers had planted a computer “virus”--a coding change that multiplies like its namesake and damages programs.

“Now we’ve nailed the door shut--knock, knock,” Lyman said.

However, he said, the laboratory is investigating even more security measures, which will cost “between the hundreds of thousands of dollars and the low millions--2, 3, maybe 4 million” over the next two or three years.

A JPL engineer, who asked not to be identified, said officials worried that an intruder could learn “how to send bogus commands” to the spacecraft the laboratory controls. The lab currently has eight unmanned interplanetary explorers in space.

Daily Checks

The task is so complex that it is probably impossible for an outsider, but it is at least theoretically feasible, the source said, adding that the laboratory has now assigned an engineer to make daily checks of spacecraft communications.

Lyman confirmed that “this has always been a concern.”

“It would be theoretically possible, but the chances are extremely remote,” he said, because there are so many safeguards in the spacecraft’s computers against obeying unauthorized commands.

Lyman said the intruder gained access to the JPL computer from the Advanced Research Projects Agency network, a “huge party line for researchers’ computers.”

Those with access to computer terminals at any of the institutions affiliated with the agency can link up in turn with the network. Using the network as a pathway, they can seek out the computer systems of other affiliated agencies and sign onto them if they are authorized.

A spokeswoman for SRI Inc., which administers the network for the Department of Defense, said there are “thousands and thousands” of affiliated computer systems, too many to count because so many are connected in turn to yet other networks.

Trade Information

Researchers use the link to trade unclassified information, which would be of little interest to spies, Alexander said.

“It would be like the KGB listening in on a Pizza Hut or Domino’s telephone,” he said. “Lots of orders for one with cheese, one with pepperoni, not much very interesting.”

However, he said, the intruder appeared to be using the network to gain access to other computer systems with more sensitive material.

Once signed on to JPL’s computer, the intruder illicitly gained access to the file of passwords the laboratory’s researchers use to identify themselves to the computer, despite programming designed to shield that file from any observer, Lyman said. Knowledge of other persons’ passwords is forbidden, even to high-ranking JPL supervisors, he said.

Extent Unknown

The intruder browsed through programming intended to aid engineers in designing microchips, Alexander said. But there is no way to determine all the files the hacker may have read, Lyman said.

“There’s a lot to indicate we were just a way station,” Alexander said. “It’s like finding a burglar came in through the kitchen window. You don’t know if he’s after the pots and pans or if it was just easy to get in there and he’s heading for the bedroom.”

The identity of the computer system where the intruder came from was not established, Alexander said. But he left by using his false identity in the JPL computer to sign onto a U.S. Navy computer at the Patuxent River, Md., Naval Air Station.

He said JPL officials alerted the Navy station, the home of the Space and Naval Warfare Systems Command. Bill Frierson, a spokesman for the base, said officials were checking “to determine if there has been a breach here.”

It was the third such break-in in two years at JPL. One was detected and terminated within a few minutes, Alexander said.

Last year, a West German prosecutor revealed that West German hackers associated with Chaos had gained access to an international computer network, based on NASA files, and entered about 135 computer systems around the world, including those of JPL, three British research institutes, the European space operations center near Frankfurt, the Air Force Systems Command in El Segundo and the Lawrence Berkeley Laboratory in Berkeley.

Alexander called Chaos “a worrisome group to American computer experts.”

Raided Homes

In response to the outcry last year, West German Federal Criminal Bureau agents twice raided club members’ homes. In August, 1986, computer hacking was made a criminal offense, punishable by up to three years in prison.

The Hamburg public prosecutor’s office opened a long-running investigation into the activities of the club. But no arrests have been made.

However, one of the club leaders, Steffen Wernery, 26, was arrested by French police in March when he arrived in Paris to attend a computer conference. He was originally charged with theft and damaging computer wares after complaints were lodged against him by the French subsidiary of Phillips Electronics Co., one of the Hamburg hackers’ targets.

He was subsequently released, and the current status of the charges is unclear.

Times staff writer William Tuohy in Bonn contributed to this article.