22-year-old hacks into NASA

A Nigerian national has just been sentenced to 18 months in prison for seducing a NASA employee so that he could plant malware onto her work computer and retrieve passwords, banking information and about 25,000 screen shots.

Nasa mission control in TexasAkeem Adejumo, the 22-year-old Nigerian citizen, pled guilty to two counts of obtaining goods by false pretenses and forgery and was sentenced to 18 months in prison by the Lagos State High Court in late April.

Jeff Taylor, the U.S. Attorney for the District of Columbia, said Adejumo did not pursue the woman because she worked for the government but rather, he attempted to scam several hundred women and was successful with several others. Taylor made it a point to state that this case was focused on the NASA employee but two other victims were involved in the same scheme so there will probably be no further prosecution. The scamming began in November of 2006 on a dating site called Singlesnet.com.

Adejumo, who feigned being a Texan for some time, courted the woman for several weeks before he sent the fateful email to her work address with an attachment that was supposed to be a picture of the himself. As soon as she opened the attachment to view the picture, her system was automatically infected with a popular piece of spy ware that is available for sale.

The spyware, which did not infiltrate other computers on the network, was first logged as being downloaded to her computer on November 21, 2006. It collected private e-mail, personal passwords, her Social Security number, driver's license information, and her home address before it was finally discovered on December 7. During that time, it also captured 25,000 screen shots of whatever she was doing at the time, according to a Department of Justice official.

NASA was very fortunate that the worker did not have any access to vital information. Their IT security team caught on when sensors detected that screenshots were leaving the network. Once NASA's security team discovered the spyware, investigators obtained search warrants and subpoenas to gather information from the email accounts that the attacker was using. Adejumo mainly used a Yahoo account. From those accounts, investigators were able to secure his IP addresses and then were in contact with the Nigerian Economic and Financial Crime Division, who then took over the case.

Both countries noted that it was a big step for U.S. investigators and prosecutors to work so closely with Nigerian officials. Taylor said, "It's important no matter where it happens," he added. "To the extent that there has been a good deal of [computer crime] in Nigeria, it's important that the Nigerian authorities caught him and are sending him to prison."