Jonathan James – The teenager who hacked NASA for fun

Reading Time: 5 Minutes

Introduction

Hacking Alias: c0mrade

Jonathan James was a prolific young hacker who was hacking NASA at night while being at school in the morning. He went on to be the first juvenile to be sentenced federally to a term of confinement for computer hacking.

Early Life – The start of his hacking journey

Jonathan James was born on December 12, 1983, in a small Village called Pinecrest that is located in Miami-Dade County, Florida.

His father was a computer programmer and his mother was a housewife.

Pinecrest, Miami-Dade County, Florida – source: exploremiamirealestate.com

His interest in computers began at the age of 6 when he would regularly use his father’s computer to play video games.
James’s parents quickly realized that their son was spending too much time in front of the computer screen and tried to impose restrictions, which eventually James bypassed using his hacking “charisma” from a very young age.

His interests gradually changed with age, from playing games to learning the C language. His curiosity about computers came to light as a surprise to his father when he came home one day to see that his personal computer was converted from windows OS to Linux OS. James installed Linux on his father’s computer out of curiosity to test the unfamiliar operating system and understand how it works.

During his teen years, he became obsessed with computers and technology as he was spending most of his free time day and night on his computer. At the age of 13, this led his parents to take stronger measures and took away his computer. He ran away from home refusing to come back until his parents returned his computer, insisting that programming and video games weren’t affecting his grades (as he was getting high marks).

Young Jonathan James – source: medium.com

Later it was found that he hacked into the network of educational institutions in Miami-Dade County and corrected his scores in the reports.

Around that time, James came up with his own hacking alias “c0mrade”, as he spent most of his time communicating with other hackers online and learning more about hacking day by day.

Hacking Activity

At the age of 15, James had enough of hacking his educational institutions and set bigger hacking goals. Between June 23, 1999, and October 27, 1999, he committed a series of intrusions into various systems.

His first target was AT&T BellSouth, one of the largest telecommunications companies at the time in the US.

The hacking details are not completely known, but C0mrade hacked into the company’s servers without doing any damage. His main goal was not to profit or steal information but more about testing his hacking abilities on a bigger target like AT&T Bellsouth.

In June 1999, he was looking for vulnerable servers to connect by bypassing their firewalls. When he found one in Huntsville, Alabama, he went on and installed malware on it. He managed to escalate his privileges into the system and then pivoted to another 13 computers on the compromised network.

The network surprisingly belonged to a unit of NASA, the Marshall Space Flight Center, located in Huntsville, Alabama. The unit has a lot of importance for NASA as it is the place where they develop and test rocket engines as well as communication systems for the ISS (International Space Station).

Marshall Space Flight Center, located in Huntsville, Alabama – source: nasa.gov

C0mrade gained access to a program’s source code which controlled critical elements of life support of the ISS. The system was designed to maintain the physical environment in the living rooms of the ISS, and It was first estimated to be worth millions of dollars.

After NASA security experts discovered that their network was compromised, they disconnected the server, alongside the compromised machines for a period of 3 weeks to analyze the intrusion which led to 40 thousand dollars in direct damages for NASA.

FBI and further hacking intrusions

FBI was working with NASA as they informed them as soon as they detected the intrusion and began tracking down the “dangerous” hacker.
James was still a schoolboy, as he would attend classes in the morning and hacking for fun at night.

At the end of his hacking journey, in September 1999, C0mrade detected a backdoor install on a server in Dulles, Virginia, letting every user on the Internet connect to it. Without a second thought, he connected to the server and installed a sniffing program to intercept all the network traffic that was going through the server, including login credentials, etc.

The compromised server belonged to DTRA (Defense Threat Reduction Agency), a hugely significant division of the US Department of Defense that was analyzing external threats to the country’s National Security.

James went on and intercept numerous credentials of DTRA users, leading to him getting access to dozens of computers of the Department of Defense. He managed to download thousands of letters from email users working for the Pentagon.

That was the first successful intrusion into the internal networks of one of the Pentagon’s external units.

DTRA Headquarters – source: emptywheel.net

Arrest and charges

This hack went on to be his last one, the last intrusion didn’t go unnoticed because of the importance of the target. In January 2000, Defense Department agents, along with Pinecrest police proceeded to order an arrest for James.

On January 26th, agents with bulletproof vests and guns raided his home and arrested him. They seized four PCs, a laptop, and one pocket computer from the house.

That made James the first juvenile to be sentenced federally to a term of confinement for computer hacking.  James was actively cooperating with the investigators and explained to them in detail how he was able to hack them.

Sentences and Aftermath

After the news of his arrest, he became famous at his school and also made public comments to the media, accusing the government of not taking security measures on their computer network seriously.

He pointed out that he knew the C computer programming language like the back of his hand, tirelessly studying all day and night in order to be in a position to easily compromise insecure systems.

During the investigation, it was cleared out that James didn’t run viruses, didn’t delete files, or change passwords. He did not cause any damage in any of the compromised systems, and being only 16 years old at the time served him well on the day of the announcement of the verdict.  If he were an adult, he could face at least 10 years in prison and a hefty fine.

He voluntarily pleaded guilty to two incriminated accusations, for hacking NASA and then the US Department of Defense. Adding to that, James’s cooperation with the government officials on the investigation made the court find him guilty of crimes committed by minors.

James received 6 months of house arrest and a ban on the use of a computer machine for entertainment purposes, but only for studies. The court also made him issue a written apology to NASA and the US Department of Defense for his actions.

jooble.org Looking for a job? Check Jooble

Prison time

The court judges show leniency to James by giving him only 6 months of house arrest, but that did not go as planned. He was soon detained by the police on the streets for violating the terms of the house arrest. It was also found later from his blood work that he used some kind of drugs.

The court went on and suspended the old sentence and replaced it with jail time for six months, in a juvenile correctional center in Alabama. That was also the first time in the US that a teenager went to prison for committing a computer-related crime, making the story’s attention bigger all over the media/press.

He told reporters that he was determined to stop hacking after he was caught as it wasn’t worth the hassle and he was just doing it for fun, like playing video games.

James served the full sentence and was released after six months from the juvenile correctional center avoiding the media in order to lead an ordinary life in his parents’ house in Pinecrest.

TJX hack and Secret Service raid in James’s home

Sadly, the ordinary life that James wanted to live did not last long.

In January 2007, the Secret Service was on the trail of an enormous cyber theft gang that was led by Albert Gonzalez, who was responsible for the massive credit card breaches at companies like TJX, Boston Market, Dave & Buster’s, DSW OfficeMax, etc. The damage was significant to the customers of the firms and also to the firms themselves as the hackers stole the credit card information of millions of users and used them illegally.

Albert Gonzalez – source: media.wired.com

Some of James‘s colleagues and friends were supposedly members of the gang. The Secret Service agents were on track to uncover the gang and contacted Gonzalez associates involved in the cybercrime. Several of them said that they knew James from the hacking forums, which also gave attention to the agents for the case.

The fact that led the investigators to be suspicious of James was the fact that an unknown hacker who was collaborating with Gonzales had the pseudonym “JJ”. The pseudonym coincided with the initials of James (Jonathan James) and that was enough for the Secret Service to issue a warrant to search his house.

In January 2007, secret service agents raided James’, his brother’s, and his girlfriend’s houses to investigate his potential role in the credit card breaches. During the raid on his house, they found a gun and a suicide note from a previous suicide attempt. James was claiming his innocence at the time of the ongoing raids.

As it was found later, the unknown “JJ” was Steven Watts, who often signed on the network with the pseudonym “Jim Jones”.

The agents could not find anything to connect James with the ongoing crimes and the rifle found was also officially registered, thus dropping any warrants.

Unfortunate Death of c0mrade

The events caused James’ severe depression. He was often anxious in a depressed state following the incidents with the Secret ervice again.

On May 18, 2008, James was found dead in the bathroom of his home with a self-inflicted gunshot wound to the head from the same rifle that the agents found during the raid.

A suicide note was found near him along with his passwords to PayPal, and several other accounts.

The note wrote: “I do not believe in our ‘justice’ system – perhaps my actions today and this letter will be a serious signal to the public, but I have lost control of the situation, and this is my only way to fix it. To be honest, I have nothing to do with this whole TJX story. Even though Chris (Scott) and Albert Gonzales are the most dangerous and destructive hackers the feds have ever caught, I am far more seductive [as a victim] to public opinion than these two random idiots. That is life. Remember, it’s not that you win or lose, but that I personally win or lose by being in prison for 20, 10, or even 5 years for a crime that I didn’t commit. This is my way of winning, but at least I’ll die free. “

Last thoughts

Jonathan James – source: creocyber.blogspot.com

During the following years, many unverified rumors circulate about the circumstances of his death. Claims like, it was staged, and the real cause of his death was allegedly top-secret information that he managed to get when he hacked NASA and the Pentagon.

The official investigation ruled out any of those claims as pure speculations and ruled that James’ death was a suicide.

A short obituary was published by the Miami Herald after James passed away, describing him as an exceptionally intelligent young man, a computer genius who will be missed by his family and friends.

The short life of Jonathan James will remain forever engraved in the hacking community world, not because of the way that James passed, but for his pure hacking genius and his genuine character that was more than enough for this cruel world.

Apparently, his hacking activities did not cause any damage since his goal was not profit but the pure joy of hacking and testing his own limitations. A prolific hacker with bad luck, born in a harsh world.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

If you enjoyed it, the best way that you can support us is to share it! If you’d like to hear more about us, you can find us on LinkedIn, Twitter, YouTube.