07/18/03
Two
Romanian citizens accused of hacking into the National
Science Foundation’s Amundsen-Scott South Pole Station
science research facility were arrested in a joint FBI/Romanian
police operation last month.
On May 3, 2003, an anonymous email was simultaneously received
by the Foundation’s U.S. Antarctic Program network
operations center and by technical staff at the South Pole. “I’ve
hacked into the server of your South Pole Research Station,” it
read. “Pay me off, or I will sell the station’s
data to another country.” The email contained data
found only on South Pole computer systems, demonstrating
that it was not a hoax. The threat hinted that the South
Pole network had been widely penetrated, potentially with
harmful software that would cause harm if triggered by the
hacker.
NSF and its contractor, Raytheon Polar Services Company,
immediately isolated the entire station’s computer
network to prevent future moves by the hacker. For part of
each day the station is naturally isolated from the Internet
because of limited satellite coverage, and by the time satellite
access returned the next day the NSF team had locked down
the station while beginning to restore essential services
such as email and telemedicine and to isolate the known hacked
computers from the local network.
A case of unusual circumstances
In May, South Pole Station is closed to the outside world – temperatures
approach 70 degrees below zero; aircraft cannot land for
another six months except in extreme cases for medical emergencies;
and the computer network is the main connection for the 58
wintering scientists and support contractors to maintain
a lifeline to the outside world for scientific data transmission,
station operations, medical support and emotional contact
with family and friends.
The South Pole Station is a unique laboratory for scientific
research where scientists deploy powerful radio telescopes
that look out to the fringes of the universe to study its
birth, sensitive seismometers that probe for earthquakes
around the globe, detectors buried in the ice that measure
neutrinos from cataclysmic events in outer space, and make
long-term observations to document the changing composition
of the pristine atmosphere.
The chase is on
While the network was being secured and service restored
to the personnel isolated at the bottom of the world, the
NSF contacted the FBI, and the agencies worked together to
find those behind the scheme. The Washington Field Office
helped the NSF preserve evidence and use cyber-investigative
techniques to track the path of the extortionist’s
emails. The FBI Information Technology Division and the Cyber
Division collaborated to determine that the hackers were
accessing their emails from a cyber café in Romania.
A call to the FBI Legal Attaché in Bucharest revealed
that the Romania suspects were the target of other investigations
out of the Mobile and Los Angeles Field Offices. The investigation
was so far along in Mobile that the agents working with the
Romania police had already made controlled payments to the
suspects in an effort to flush them out further.
In executing a search warrant of the suspects’ residence,
the Romanian authorities seized documents, a credit card
used in the extortion scheme, and a computer that contained
the very email account that was used to make the demands
of NSF. The Romanian police had all they needed and arrested
two individuals and charged them with the crimes. The two
are scheduled to stand trial.
International partners close the net
What did it take to track down these extortionists willing
to endanger the well being of the South Pole researchers
and threaten the public investment in scientific research
that benefits all mankind? It took the concerted efforts
on a global scale of a diverse group of individuals: the
National Science Foundation’s Computer Incident Response
Team (CIRT), which includes NSF’s Security Officer,
and representatives from the Office of Inspector General,
the Office of Polar Programs and the Division of Information
Services, all located in Arlington, Virginia; NSF’s
Raytheon contractor support personnel in Colorado, Maryland,
and Antarctica; NSF’s scientific researchers in Antarctica
and across the U.S.; FBI Agents in Washington, Mobile, Alabama,
and Los Angeles; the FBI Legal Attaché in Romania,
and the Romanian police. This case exemplifies how the FBI
works in conjunction with its fellow government agencies
as well as the international law enforcement community to
bring cyber criminals to justice.
|