LISTEN TO EPISODE 2 OF THE INCIDENT REPORT

TRANSCRIPT-ISH (IT’S BASICALLY WHAT I SAID ON THE PODCAST, BUT NOT VERBATIM)

The internet was born January 1, 1983.

1983 was a huge year for technology.

That was the year Microsoft introduced the Word Application Program. Some of us wouldn’t have office jobs without that program, just saying.

Also in that year, Apple released the Lisa – the first commercial home computer with graphical user interface, or GUI.

Something major also happened that year, but the world didn’t know it yet. Born on December 12, 1983 in Pinecrest, Florida, Jonathan Joseph James came into the world. It wouldn’t be until he became a teen when he would change the world.

His dad, Robert James, was a programmer, and his mom, Joanne, a housewife.

Jonathan had a normal and comfortable childhood. His family were a typical upper-middle class Jewish family working to make life comfortable for Jonathan and his brother, Josh. Robert had a government job working as a programmer for Miami-Dade County.

Both Robert and Joanne wanted the best they could offer their boys, so the kids had the privilege of attending a nice private school in the area – Beth Temple Am.

In a Wired.com article, Robert said that growing up, his son Jonathan was passionate about computers, and started tinkering around on the family’s PC at around six-years-old.

Now any young person fiddling around with a home computer back in the late 80s was special. It was rare to go into someone’s home and see a home computer. And the World Wide Web had just been born in 1989. So whatever Jonathan was doing on his family’s PC was still a major thing for a first grader.

Now that’s not to say no kids ever tinkered around on a PC in the late 80s. Schools during this time were also acclimating to the technology age. After all, they had no problem having us kids get dysentery on the Oregon Trail game.

And Jonathan’s brilliance kept enhancing as he aged. By middle school, he was changing his operating system from Windows to Linux. As a child of the 80s and 90s, I can say that most of us were not changing operating systems on our home computers.

The kid was on fire!

But he was still a kid, and his parents worried about him spending so much time on the computer, often through the night.

Jonathan’s parents had moments when they took his computer away. After all, he was a growing boy who needed to discover life outside of his computer, and maybe sleep sometimes, too. And being a typical kid, he got pissed with them for taking away his computer. One time, he ran away from home, vowing never to come back until his mom and dad gave his computer back.

His folks, with the help of law enforcement, tracked him down to a local Border’s Books store, and took him home.

Other than an extraordinary passion for computers, everything seemed to be fine with young Jonathan.

What Jonathan’s parents did not know was that as a 14-year-old, his addiction to computers was blossoming. He began reading books on programming and learning Unix.

To simplify, a programmers job is to basically code instructions for the computer to follow. On the other hand, Unix is one of the oldest operating systems out there, and even though it was developed in the 60s, it continues to evolve and remain a popular operating system choice among programmers.

It was while reading his books and learning his programming that Jonathan discovered something interesting about the internet – there were no checks or balances for internet security. He could just roam anywhere, and tinker around in someone else’s computer programs, because who was going to stop him? And isn’t doing all of this a good thing? He thought companies running these programs deserved to know how they’re not protecting their own data and could potentially be exploited?

What Jonathan was doing is the definition of gray hat hacking. Gray hat hackers are people who use their technical knowledge to illegally break into computer programs and systems in order to tell businesses about vulnerabilities. The hacker will of course fix the flaw themselves for a fee, but they’ve also been known to make the company’s vulnerability public if they don’t pay them. As you could imagine, a company paying someone to fix a software vulnerability that they never asked any hacker fix makes the relationship between their business and the gray hat hacker complicated.

And according to Jonathan’s dad, getting paid to hack wasn’t his style.

Jonathan admitted that much in an interview with Frontline. At the time, the interview was anonymous, as he was still a minor. In the interview, he told Frontline that hacking was thrilling. He said,

“I would target a place because it looks like a challenge. Like, if I say, “The navy has a computer network in Jacksonville, maybe that would be fun to poke around.” And then I’d target them. I’d look at their computers and I’d see what I can do there.”

As a teen, Jonathan started taking college-level courses at Miami-Dade Community College. He said that he said his earlier work included penetrating BellSouth and Miami-Dade School District.

Of course his parents were none the wiser in about his hacking abilities. But on January 26, 2000, Joanne and Robert would discover the extent of their son’s abilities.

That’s when the James household was raided by federal agents. Law enforcement entered the house armed to the teeth with bullet proof vests, and guns drawn. They seized five of Jonathan’s computers and his Star Trek Klingon dictionary that the government thought he was using as a tool to help him hack government computers.

It was an uncomfortable scene, as Joanne was recovering from her mastectomy surgery due to breast cancer. Jonathan was home from school that day, after being suspended for stealing school computers.

It was that day when Jonathan’s folks learned the truth about their child.

In a September 2000 article, AP news said

“Jonathan had entered the computer network run by the Defense Threat Reduction Agency, which monitors the threat from nuclear, biological, chemical, conventional and special weapons. In a plea bargain, he admitted to entering 13 computers at the Marshall Space Flight Center in Huntsville, Ala., for two days in June 1999 and downloading $1.7 million in NASA proprietary software that supports the space station’s environmental systems.”

AP News

And that wasn’t all he was accused of. No, Jonathan went large with his hacking activities.

Jonathan also installed a back door into a computer server located in Dulles, Va. It was there that he was able to install a sniffer, and intercept more than 3,000 emails between government employees, and obtain usernames and passwords.

A back door is a method that allows an authorized or unauthorized user to bypass normal network security parameters to gain access to a computer system, network, or software application.

A sniffer is basically a way to intercept, or eavesdrop, on a network.

“The code itself was crappy . . . certainly not worth $1.7 million like they claimed,” Jonathan said about hacking NASA in his Frontline interview.

“The only reason I was downloading the source code in the first place was because I was studying C programming. And what better way to learn than reading software written by the government?”

While NASA wasn’t new to being hacked – a teenaged Albert Gonzalez had hacked them in 1995 – they did throw the book at Jonathan. He was the first juvenile in the US to serve time for a hacking conviction.

He served six months in juvenile detention, ordered to serve probation until 21, and was ordered to write apology letters to NASA and the Department of Defense.

Surprisingly, Jonathan’s dad wasn’t that upset about the issue. I’d imagine that the feelings of your kid being so smart that they hacked the government would yield mixed feelings from a parent. Should you be mad that they did it, or proud that they’re that smart? That’s where Robert and Joanne were at with their son. Robert told Wired that he was actually proud of what his boy was able to do.

Then-US Attorney General Janet Reno seemed satisfied with Jonathan’s punishment. She went on record to say,

“Breaking into someone else’s property, whether it’s a robbery or a computer intrusion, is a serious crime…The prosecution “shows that we take computer intrusion seriously and are working with our law enforcement agencies to aggressively fight this problem.”

ABC News

Jonathan said that he actually had five minutes of fame behind the hacking stunts too. He became sort of a celebrity among his classmates at Miami-Dade Community College

Girls thought it was cool that he was hacking computer systems and whatnot. The day after his sentencing, he called the Miami Herald to brag a little.

But his folks were still concerned for him. After all, he still did something illegal. And I’d imagine as a programmer himself, Robert felt some kind of way about his kid gray hat hacking, as gray hat hackers weren’t considered the popular kids in 2000. Robert and Joanne were going through some things with their child.

But according to Jonathan, he actually felt bad about what he did. He told the Miami Herald,

“Never again. It’s not worth it, because all of this was for fun and games, and they’re putting me in jail for it. I don’t want that to happen again. I can find other stuff for fun.”

Jonathan James

As brilliant as Jonathan was, he wasn’t infallible. While gray hat hacking was the thing that he was passionate about, having to answer for the illegal part of his crimes seemed to have made him feel uneasy.

Jonathan had it rough after serving time in detention and on probation.

On February 10, 2002, Joanne died from breast cancer complications. Ever the doting mother, Joanne was sure to leave a house in Jonathan’s name after she passed. And being the brilliant woman that she was, it was a good thing she did, too. Robert described Jonathan as one of those kids who would rather live without money than work for a living. (Wired)

Once released, he was nabbed for violating probation numerous times. Once he was caught smoking pot.

You would think that after infiltrating the government, Jonathan would never have to worry about school or a job. But he never went to school after his conviction, or found a job.

On January 17, 2007, TJX, the company that owns TJ Max, Marshalls, and Home Goods Department stores, faced a massive breach.

Author Mike Chapple noted that the breach included stolen credit card data, and was considered the largest breach in history at the time. TJX told regulators the breach impacted more than $45 million customers.

But according to the banks impacted by the breach, that number was way off. In a lawsuit, banks said that the breach actually impacted more than 94 million customers, with losses totaling between $68 and $83 million dollars.

While the details were still emerging, federal agents apprehended Jonathan. He was one of their prime suspects.

Jonathan said he had zero to do with the breach, and even Robert agreed. The breach made the hackers behind the incident rich, and poor Jonathan didn’t appear to be balling out of control, according to Robert.

He told the Miami New Times,

“Jonathan took living with no cash to a new extreme. He was even scarfing wireless Internet from the neighbors.”

At that point, Robert and Jonathan had a strained relationship, and considering the circumstances that Jonathan was facing, it’s not hard to image why the two were at odds.

But Robert still wanted to have his sons back. So he asked him straight up – did he have anything to do with that TJX data breach?

Jonathan said no. Robert seemed satisfied with his 25-year-old son’s answer.

But the perps involved in the TJX breach were busy wardriving.

Wardriving is when a hacker drives around in a car looking for businesses with a weak Wi-Fi signal. At the time, TJX’s stores used Wired Equivalency Protocol, or WEP – one of the weakest Wi-Fi security protocols.

It’s so weak, that around 2007, German researchers were able to crack a 104-bit WEP key in 3 seconds.

In 2007, Tech Journalist Tom Espiner write for ZD Net,

“Hackers cracked the WEP encryption protocol used to transmit data between price-checking devices, cash registers and computers at a store in Minnesota.

“The intruders then collected information submitted by employees logging on to the company’s central database in Massachusetts, stealing usernames and passwords.”

And what exactly were these hackers doing with the collected data, again? Getting rich.

With the data, hackers made fake cards and withdrew money from ATMs, Albert Gonzalez – the ring leader of the gang, and the same kid who hacked NASA in ‘95 – moved to a swanky hotel with his girlfriend, rented a luxury BMW, and threw himself a lavish $75,000 birthday party.

While federal agents worked to bring the Gonzalez gang down – which included a Ukrainian member of the gang intercepting unencrypted funds and redirecting them in international bank accounts – Jonathan spent some time trying to figure out why he was even being targeted.

Jonathan, who was already having a tough time with the legal system, was not trying to go to jail. But he did run in the same hacking circles as Albert’s gang.

It wasn’t until May 18, 2008 where Jonathan was able to read Albert’s federal indictment online that he discovered why agents were targeting him.

He journaled,

“When I Googled ‘cumbajohny,’ what I saw blew my mind. Albert had been working with the feds since 2003. That means that for five years, he had been having people like Chris (Scott) hack credit cards for him while he made money selling them over the Internet and then at the same time has his buyers arrested to please the feds…Talk about entrapment!””

James continued that he didn’t want to serve time for a crime he didn’t commit.

And with all the courage he could muster, Jonathan James took his own life, with a gunshot to the head.

In a strange twist, Jonathan’s family friend caught two men red handed working under Jonathan’s car 10 days after his death.

The family friend confronted the strangers. He did not have permission to be messing with Jonathan’s personal property.

Robert says that the strangers advised they were with secret service, and was removing the tracking device from Jonathan’s car.

I did not look up any current information about Robert or Jonathan’s brother Josh. Because honestly, they deserve peace, and to bask in all the good memories their brother and son gave them while he was still living.

The Justice Department notes that in 2010, Albert Gonzalez was sentenced to 20 years in prison for conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft related to hacks into numerous major U.S. retailers, including the TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority.

Robert and Joanne probably didn’t think their son Jonathan’s birth was an extraordinary moment in the evolution of American technology. After all, many babies are born in the US every year.

But Jonathan, in all of his gray hacking glory, helped change conversations around cyber attacks and cyber security. Today, it’s not uncommon to hear about teen prodigies helping to shape technology, and without punishment.

But in Jonathan’s case, he was punished for doing so.