A Pennsylvania man was arrested yesterday after a Massachusetts grand jury issued a four-count indictment alleging that he hacked into computer networks belonging to the U.S. Department of Energy (DoE) and the University of Massachusetts and tried to sell access to a DoE supercomputer for $50,000 to an undercover FBI agent.
Andrew James Miller, a 23 year-old resident of the Philadelphia suburbs, was charged with one count of conspiracy, two counts of computer fraud and one count of access device fraud. The indictment claims that between 2008 and 2011 Miller and unnamed co-conspirators hacked into networks belonging to the DoE, U-Mass as well as private firms including RNK Telecommunications Inc. (RNK) and Colorado advertising agency Crispin Porter and Bogusky Inc. (CPB Group).
After gaining unauthorized access to these systems, Miller is alleged to have installed Trojan horse programs that gave him access to the networks which he and his co-conspitrators sold online.
Miller and his co-conspirators were discovered after they attempted to sell access to the victim networks to an undercover FBI agent. Specifically, the indictment details an IRC conversation between Miller and an undercover agent in which Miller exchanges access to RNK’s servers and a list of hundreds of user names and passwords for two payments of $500.00. Payment was to be made to Andrew Miller of Lancaster, PA, via Western Union. Miller later requested two payments of $600 via Western Union in exchange for a U-Mass database dump and $1,000.00 for access to CPB Group. At one point, Miller attempted to sell the FBI access to a supercomputer belonging to the DoE’s National Energy Research Scientific Computing Center for $50,000.
Miller could face five years in prison for the conspiracy count and one of the computer fraud counts and an additional ten years in prison for the second computer fraud count and the access device fraud count, which would then be followed by three years of supervised release and some $250,000 in restitution.