At the tender age of 15, Jonathan James, from Pinecrest, Florida, managed to install a backdoor in US military servers and access the source code of the International Space Station (ISS).
As such, this week’s hacking of Uber by an 18-year-old is hardly the first instance of a teenager penetrating deep into a large organization.
James, better known by his alias “c0mrade”, found his way into computers operated by the US Department of Defense (DoD) in 1999. While most teens his age worried about fitting in, James spent much of his time testing the limits of enterprise cybersecurity.
The affection for computers was hardly a surprise. Since his father was a computer programmer, the future hacker was exposed to the world of computing from a very early age: one of the first times James used his hacking skills to his own benefit was when he bypassed restrictions his parents had put on the home computer, to prevent him spending too much time playing video games.
By the age of 13, James was fully immersed in what was then the novel world of hacking. Known as c0mrade online, he would use hacking to challenge himself and obtain a sense of control over his own life.
When James’s parents tried to redirect his attention away from computers, he pointed out that despite his interest in them, his grades had not suffered. But later it turned out that c0mrade had hacked into his school’s network and altered his marks.
“You can control all these computers from the government, the military, large corporations,” James told PBS in a 2001 interview. “And if you know what you’re doing, you can travel through the internet at your will, with no restrictions. That’s power.”
However, what earned c0mrade his place in the hacker pantheon was not his fascination with computers. Prowling the web for an ever greater challenge, he decided to take on the US government.
Between August and October of 1999, James accessed the computers of the Defense Threat Reduction Agency (DTRA), a division of the DoD responsible for analyzing potential threats to the United States.
Not even 16 at the time, James found a vulnerability on a government server in Virginia. Exploiting the flaw, c0mrade put a backdoor leading straight to the government’s backyard, intercepting thousands of messages between DTRA employees.
Using collected user credential data, he carried out privilege-escalation attacks to access other government computers, including ones operated by NASA at the Marshall Space Flight Center in Alabama.
On one of the 13 hacked devices, c0mrade found source code in the software running the International Space Station’s critical modules, such as temperature and humidity control within its living quarters.
“The government didn’t take too many measures for security on most of their computers,” James said.
Made an example of
What was a thrilling adventure for James turned out to be a major headache for NASA. Once the agency’s security team discovered the compromise, they disconnected the server and breached devices, prompting a three-week-long investigation that cost NASA $40,000.
Breaching NASA and the DoD drew the attention of the FBI, which came knocking on James’s door in 2000, just several weeks after he turned 16.
Special agents with bulletproof vests raided the teenage hacker’s home and arrested him, making James the first juvenile in the US to be sentenced for hacking. Since he was underage and cooperated with the authorities, he was put under house arrest for seven months followed by a two-year probation period.
At the time of James’s conviction, Assistant US Attorney Richard Boscovich said that had he been an adult he would have been sentenced to 10 years or even longer. However, James later violated probation, testing positive for drugs, which resulted in a six-month stint in a juvenile detention facility.
In 2008, the secret service investigated James over suspected involvement in the hacking of Texas department store chain TJX. He denied involvement in the cyberattack, although he was familiar with some of the hackers involved.
James’s story had a tragic ending. In May of the same year, he was found dead in his home from a self-inflicted gunshot wound. In his suicide note, he denied having had anything to do with the TJX hack, adding that taking his own life was the only way to “regain control” of the situation. He was 24 years old.
More from Cybernews:
Subscribe to our newsletter