The Case of the Hacked South Pole
The Case of the Hacked South Pole
Two Romanian citizens accused of hacking into the National Science Foundation’s Amundsen-Scott South Pole Station science research facility were arrested in a joint FBI/Romanian police operation last month.
On May 3, 2003, an anonymous email was simultaneously received by the Foundation’s U.S. Antarctic Program network operations center and by technical staff at the South Pole. “I’ve hacked into the server of your South Pole Research Station,” it read. “Pay me off, or I will sell the station’s data to another country.” The email contained data found only on South Pole computer systems, demonstrating that it was not a hoax. The threat hinted that the South Pole network had been widely penetrated, potentially with harmful software that would cause harm if triggered by the hacker.
NSF and its contractor, Raytheon Polar Services Company, immediately isolated the entire station’s computer network to prevent future moves by the hacker. For part of each day the station is naturally isolated from the Internet because of limited satellite coverage, and by the time satellite access returned the next day the NSF team had locked down the station while beginning to restore essential services such as email and telemedicine and to isolate the known hacked computers from the local network.
A case of unusual circumstances
In May, South Pole Station is closed to the outside world – temperatures approach 70 degrees below zero; aircraft cannot land for another six months except in extreme cases for medical emergencies; and the computer network is the main connection for the 58 wintering scientists and support contractors to maintain a lifeline to the outside world for scientific data transmission, station operations, medical support and emotional contact with family and friends.
The South Pole Station is a unique laboratory for scientific research where scientists deploy powerful radio telescopes that look out to the fringes of the universe to study its birth, sensitive seismometers that probe for earthquakes around the globe, detectors buried in the ice that measure neutrinos from cataclysmic events in outer space, and make long-term observations to document the changing composition of the pristine atmosphere.
The chase is on
While the network was being secured and service restored to the personnel isolated at the bottom of the world, the NSF contacted the FBI, and the agencies worked together to find those behind the scheme. The Washington Field Office helped the NSF preserve evidence and use cyber-investigative techniques to track the path of the extortionist’s emails. The FBI Information Technology Division and the Cyber Division collaborated to determine that the hackers were accessing their emails from a cyber café in Romania. A call to the FBI Legal Attaché in Bucharest revealed that the Romania suspects were the target of other investigations out of the Mobile and Los Angeles Field Offices. The investigation was so far along in Mobile that the agents working with the Romania police had already made controlled payments to the suspects in an effort to flush them out further.
In executing a search warrant of the suspects’ residence, the Romanian authorities seized documents, a credit card used in the extortion scheme, and a computer that contained the very email account that was used to make the demands of NSF. The Romanian police had all they needed and arrested two individuals and charged them with the crimes. The two are scheduled to stand trial.
International partners close the net
What did it take to track down these extortionists willing to endanger the well being of the South Pole researchers and threaten the public investment in scientific research that benefits all mankind? It took the concerted efforts on a global scale of a diverse group of individuals: the National Science Foundation’s Computer Incident Response Team (CIRT), which includes NSF’s Security Officer, and representatives from the Office of Inspector General, the Office of Polar Programs and the Division of Information Services, all located in Arlington, Virginia; NSF’s Raytheon contractor support personnel in Colorado, Maryland, and Antarctica; NSF’s scientific researchers in Antarctica and across the U.S.; FBI Agents in Washington, Mobile, Alabama, and Los Angeles; the FBI Legal Attaché in Romania, and the Romanian police. This case exemplifies how the FBI works in conjunction with its fellow government agencies as well as the international law enforcement community to bring cyber criminals to justice.