Jonathan Joseph James
|Born||December 12, 1983|
|Died||May 18, 2008 (aged 24)|
Pinecrest, Florida, U.S.
Jonathan Joseph James ( Gray Hat Ethical Hacker ) (December 12, 1983 – May 18, 2008) was an American hacker who was the first juvenile incarcerated for cybercrime in the United States. The South Florida native was 15 years old at the time of the first offense and 16 years old on the date of his sentencing. He died at his Pinecrest, Florida home on May 18, 2008, of a self-inflicted gunshot wound.
Initial Department of Defense intrusion
Between August 23, 1999, and October 27, 1999, James committed a series of intrusions into various systems, including those of BellSouth and the Miami-Dade school system. What brought him to the attention of federal authorities, however, was his intrusion into the computers of the Defense Threat Reduction Agency (DTRA), a division of the United States Department of Defense, the primary function of which is to analyze potential threats to the United States of America, both at home and abroad. James later admitted to authorities that he had installed an unauthorized backdoor in a computer server in Dulles, Virginia, which he used to install a sniffer that allowed him to intercept over three thousand messages passing to and from DTRA employees, along with numerous usernames and passwords of other DTRA employees, including at least 10 on official military computers.
It was later revealed that the precise software obtained was the International Space Station's source code controlling critical life-sustaining elements. According to NASA, "the software supported the International Space Station's physical environment, including control of the temperature and humidity within the living space."
Arrest, conviction and sentencing
James's house was raided on January 26, 2000, by agents from the Department of Defense, NASA and the Pinecrest Police Dept. James was formally indicted six months later. On September 21, 2000, he entered into an agreement with U.S. Attorney Guy Lewis: he would plead guilty to two counts of juvenile delinquency in exchange for a lenient sentence.
James was sentenced to seven months' house arrest and probation until the age of eighteen, and was required to write letters of apology to NASA and the Department of Defense. He was also banned from using computers with MODS for recreational purposes. James later violated that probation when he tested positive for drug use and was then subsequently taken into custody by the United States Marshals Service and flown to an Alabama federal correctional facility where he ultimately served six months.
Legal experts have suggested that, given the extent of his intrusions, he could have served at least ten years for his crimes if he had been an adult. Both Attorney General Janet Reno and prosecuting attorney Guy Lewis issued statements claiming the James case was proof the Justice Department was willing to get tough with juvenile offenders accused of cybercrime.
On January 17, 2007, department store chain TJX was the victim of a massive computer systems intrusion that compromised the personal and credit information of millions of customers. The same ring of hackers also committed intrusions on BJ's Wholesale Club, Boston Market, Barnes & Noble, Sports Authority, Forever 21, DSW, OfficeMax, and Dave & Buster's, and reportedly made a millionaire out of the group's ringleader, Albert Gonzalez. Though he denied having done anything, James—who was friends with some of the hackers involved—was investigated by the Secret Service, who raided James', his brother's, and his girlfriend's houses. Although they apparently discovered no connection to the intrusion, they did discover a legally registered firearm, which they did not take, and notes indicating he had considered killing himself; James's father would later say that his son had been prone to depression. The criminal complaint filed against the TJX hackers mention an additional, unnamed conspirator who was not indicted, who is identified only by the initials "J.J.". In 2004, this co-conspirator assisted one of the hackers in stealing credit card numbers, account numbers, and encrypted PINs from an OfficeMax store via Wi-Fi. These numbers were later allegedly provided to Albert Gonzalez, for whom "J.J." also opened a mail drop. James's father believes "J.J." to have been his son. However, it is plausible that the initials "J.J." may in fact have been referring to "Jim Jones", a (hacker) alias believed to be used by Stephen Watt who was a close friend of computer hacker and criminal Albert Gonzalez.
On May 18, 2008, Jonathan James was found dead in his shower with a self-inflicted gunshot wound to the head. His suicide was allegedly motivated by the belief that he would be prosecuted for crimes he had not committed. "I honestly, honestly had nothing to do with TJX," James wrote in his suicide note, "I have no faith in the 'justice' system. Perhaps my actions today, and this letter, will send a stronger message to the public. Either way, I have lost control over this situation, and this is my only way to regain control."
- Newton, Michael (2004). The Encyclopedia of High-Tech Crime and Crime-Fighting. Checkmark Books, an imprint of Facts on File Inc. ISBN 0-8160-4979-3.
- "Obituary: Jonathan Joseph James". The Miami Herald. 2008-05-21. Retrieved 2008-05-21.
- Poulsen, Kevin (2009-07-09). "Former Teen Hacker's Suicide Linked to TJX Probe". Wired. Retrieved 2015-01-02.
- Grossman, M. "Computer crime: Changing the pub s perception" Archived 2007-09-28 at the Wayback Machine. The Miami Herald, October 12, 2000.
- Top 10 Most Famous Hackers of All Time. The Register, September 22, 2000. Retrieved March 4, 2007.
- Lynch, I. ""Nasa hacker gets six months downtime"". Archived from the original on March 13, 2007. Retrieved 2007-03-05.CS1 maint: BOT: original-url status unknown (link). Information World Review, November 21, 2000. Retrieved March 4, 2007.
- Stout, D. (2000). "Youth Sentenced in Government Hacking Case". The New York Times, September 23, 2000. Retrieved March 4, 2007.
- Zetter, Kim (2009-06-18). "TJX Hacker Was Awash in Cash; His Penniless Coder Faces Prison". Wired. Retrieved 2013-01-26.