Jonathan James | |
Birth Name: | Jonathan Joseph James |
Birth Date: | 12 December 1983 |
Death Place: | Pinecrest, Florida, U.S. |
Jonathan Joseph James (December 12, 1983 – May 18, 2008) was an American hacker (a gray hat ethical hacker) who was the first juvenile incarcerated for cybercrime in the United States.[1] The South Florida native was 15 years old at the time of the first offense and 16 years old on the date of his sentencing. He died at his Pinecrest, Florida home on May 18, 2008, of a self-inflicted gunshot wound.[2] [3]
Between August 23, 1999, and October 27, 1999, James committed a series of intrusions into various systems, including those of BallSouth and the Miami-Dade school system.[4] What brought him to the attention of federal authorities, however, was his intrusion into the computers of the Defense Threat Reduction Agency (DTRA), a division of the United States Department of Defense, the primary function of which is to analyze potential threats to the United States of America, both at home and abroad. James later admitted to authorities that he had installed an unauthorized backdoor in a computer server in Dulles, Virginia, which he used to install a sniffer that allowed him to intercept over three thousand messages passing to and from DTRA employees, along with numerous usernames and passwords of other DTRA employees, including at least 10 on official military computers.[1]
It was later revealed that the precise software obtained was the International Space Station's source code controlling critical life-sustaining elements. According to NASA, "the software supported the International Space Station's physical environment, including control of the temperature and humidity within the living space."[5]
James' house was raided on January 26, 2000, by agents from the Department of Defense, NASA and the Pinecrest Police Dept. James was formally indicted six months later. On September 21, 2000, he entered into an agreement with U.S. Attorney Guy Lewis: he would plead guilty to two counts of juvenile delinquency in exchange for a lenient sentence.[1]
James was sentenced to seven months house arrest and probation until the age of eighteen and was required to write letters of apology to NASA and the Department of Defense. He was also banned from using computers for recreational purposes.[6] James later violated that probation when he tested positive for drug use and was then subsequently taken into custody by the United States Marshals Service and flown to an Alabama federal correctional facility where he ultimately served six months.[3]
Legal experts have suggested that, given the extent of his intrusions, he could have served at least ten years for his crimes if he had been an adult.Both Attorney General Janet Reno and prosecuting attorney Guy Lewis issued statements claiming the James case was proof the Justice Department was willing to get tough with juvenile offenders accused of cybercrime.[7]
The lead prosecutor in the case was Stephen Heymann,[8] [9] who subsequently gained infamy for his role in the United States vs. Swartz federal criminal case which directly led to the suicide of activist Aaron Swartz.[10]
On January 17, 2008, department store chain TJX was the victim of a massive computer systems intrusion that compromised the personal and credit information of millions of customers. The same ring of hackers also committed intrusions on BJ's Wholesale Club, Boston Market, Barnes & Noble, Sports Authority, Forever 21, DSW, OfficeMax, and Dave & Buster's, and reportedly made a millionaire out of the group's ringleader, Albert Gonzalez. Though he denied having done anything, James—who was friends with some of the hackers involved—was investigated by the Secret Service, who raided James', his brother's, and his girlfriend's houses. Although they apparently discovered no connection to the intrusion, they did discover a legally owned firearm, which they did not take, and notes indicating he had considered killing himself; James' father would later say that his son had been prone to depression. The criminal complaint filed against the TJX hackers mention an additional, unnamed conspirator who was not indicted, who is identified only by the initials "J.J.". In 2004, this co-conspirator assisted one of the hackers in stealing credit card numbers, account numbers, and encrypted PINs from an OfficeMax store via Wi-Fi. These numbers were later allegedly provided to Albert Gonzalez, for whom "J.J." also opened a mail drop. James's father believed "J.J." to have been his son.[3] However, it is plausible that the initials "J.J." may in fact have been referring to "Jim Jones", a (hacker) alias believed to be used by Stephen Watt, who was a close friend of Gonzalez.[11]
On May 18, 2008, Jonathan James was found dead in his shower with a self-inflicted gunshot wound to the head. His suicide was allegedly motivated by the belief that he would be prosecuted for crimes he had not committed. "I honestly, honestly had nothing to do with TJX," James wrote in his suicide note, "I have no faith in the 'justice' system. Perhaps my actions today, and this letter, will send a stronger message to the public. Either way, I have lost control over this situation, and this is my only way to regain control."[3]