A computer security specialist who claimed he hacked into top-secret military computers to show how vulnerable they were to snooping by terrorists was arrested and charged Monday with six felony counts that could bring a 30-year prison sentence.
Brett Edward O’Keefe, 36, president of ForensicTec Solutions, a start-up company here, is accused of hacking into computers of the Navy, the Army, the Department of Energy, the National Aeronautics and Space Administration and several private companies.
Before his arrest, O’Keefe told reporters that he had hacked into the computers to drum up business for his fledgling company and to show that the nation’s top military secrets are not safe, despite pronouncements that security has been tightened since the terrorist attacks of Sept. 11, 2001.
“All I wanted to do was to show America how weak our computer defenses are,” O’Keefe said. “My hope was that, if I embarrassed the government, they would tighten up their precautions.”
But Assistant U.S. Atty. John Parmley said O’Keefe could have indicated that the computers were vulnerable to hacking without going in and downloading information.
“It’s like going down the street and jiggling doors to see if they’re open,” Parmley said. “That’s one thing. But if you go and start taking things, that’s different.”
O’Keefe is charged with conspiring with two employees to gain unauthorized access to the computers of government agencies, the military and private companies and to obtaining information from those computers for financial gain. The two employees of his company pleaded guilty in federal court last week and agreed to assist the prosecutors.
Bruce Schneier, chief technical officer of Counterpane Internet Security Inc., based in Cupertino in Northern California, said the ease with which military computers can be hacked into is not a secret.
“The military uses the ... technology that everybody else does,” said Schneier, author of the book “Beyond Fear: Thinking Sensibly About Security in an Uncertain World.” Schneier called O’Keefe’s explanation “the classic defense” of the hacker: that he was hacking into computers only to show how easy it is.
“While it’s a kind of a defense, it doesn’t make a lot of sense,” Schneier said. “Nobody asked these guys to do this.”
O’Keefe said he and his employees had stumbled across the easy entry into military computers while working for a private client. Among other things, the three allegedly downloaded encryption information used by the military to keep its computer transmissions from being intercepted by hostile forces.
Parmley noted that the ForensicTec case is different from other hacker cases because commonly the government has to investigate to find the identity and location of the hacker. In this case, O’Keefe made his exploits known through media interviews.
After being arrested, O’Keefe was taken to the Metropolitan Correctional Center to await arraignment today in U.S. District Court.
O’Keefe’s two co-defendants, Aljosa Medvesek and Margaret Ann Lauffer, pleaded guilty to a single count each of unauthorized access to governmental and military computers. A single count carries a possible maximum sentence of five years; O’Keefe faces six counts.
Schneier noted that the San Diego case comes amid a crackdown on hackers by federal authorities.
“The federal government is not amused by these cases and they shouldn’t be,” Schneier said. “It’s like coming home and finding that a burglar has left a note on your refrigerator. You feel violated.”