First Computer Wiretap Yields Hacking Charges

Struggling to cope with crime on the Internet, the government for the first time has used a court-ordered wiretap on a computer network, leading to charges Friday against a young resident of Argentina for allegedly penetrating Harvard University’s computers and sensitive U.S. government files.

Atty. Gen. Janet Reno announced the filing of a criminal complaint against Julio Cesar Ardita, 22. A motive for the alleged offenses was not clear. Ardita, who remains in his country, is the son of a retired Argentine military officer who serves as a consultant to the Argentine Congress, officials said.

Although U.S. authorities issued a warrant for Ardita’s arrest, the charges against him are not covered by extradition treaties. However, the Justice Department said that Argentine prosecutors have seized his computer files and equipment and are investigating his conduct.

The Justice Department views this “cyber-sleuthing” by the FBI and military investigators as a groundbreaking case that is “a glimpse of what computer crime-fighting will look like in the coming years,” as one official put it.

Reno and U.S. Atty. Donald K. Stern of Boston said a federal wiretap order, typically employed to monitor telephone conversations of organized crime and drug suspects, was used in this case to trace and identify the illegal intruder while preserving the confidentiality of legitimate communications.

*

Using Harvard as a “staging point,” Ardita is believed to have illegally entered computer systems linked to the university through the Internet. These systems were at other U.S. universities, including Caltech’s Jet Propulsion Laboratory, the University of Massachusetts, Northeastern University in Boston and computer sites in other countries such as Mexico, Taiwan, Chile, Brazil and South Korea, the Justice Department said.

Ardita obtained “important and sensitive information in government research files on satellites, radiation and energy-related engineering,” Reno said. However, he was not accused of obtaining any classified data relating to national security.

Ardita was charged with unlawful interception of electronic communications, destructive activity in connection with computer files and possession of unauthorized access devices. If arrested in the United States, tried and convicted, Ardita would face maximum possible penalties totaling 20 years in prison.

Court papers filed in Boston that were made public by the department show that the investigation began last August after the Naval Command, Control and Ocean Surveillance Center in San Diego detected an unauthorized intrusion into its computer network.

According to the complaint, the international hacker--based in Buenos Aires--had invaded the Harvard computer through a broadly accessible modem bank and the Internet, and there stole a series of accounts and passwords. Using these purloined accounts, he then gained unauthorized access to computers at U.S. military sites across the country, including the San Diego Naval Center, Los Alamos National Laboratory and the Naval Research Laboratory.

*

Investigators said Ardita referred to himself as “gritton”--Spanish for “screamer”--from four computer systems in Buenos Aires. They traced the same password to its use by Ardita years before on a computer bulletin board posted publicly on the Internet.

Although the Harvard computer is widely accessible to 16,500 account holders and the intruder was stealing and using many different account-holders’ passwords, an analysis of his electronic habits revealed certain patterns, the complaint said.

Investigators were able to identify words and phrases used by Ardita that were not in common usage among those with legitimate access to the Harvard system.

With a court-authorized wiretap, “we intercepted only those communications which fit the pattern,” said Stern, describing a protective technique that prosecutors call “minimization.”

“We limited our initial examination . . . around the telltale sign to further protect the privacy of innocent communications,” he said.

Reno told reporters that court authorization was deemed necessary because the Harvard computer system does not post a notice informing users who log into the system that their communications might be monitored.