Network Admin Allegedly Hacked Navy—While on an Aircraft Carrier

Image: Paul Farley/U.S. Navy

A former systems administrator on a Navy nuclear aircraft carrier has been charged with conspiring to hack into government systems during a digital joy ride that spanned several months in 2012.
Nicholas Paul Knight, 27, who referred to himself as a “nuclear black hat,” was discharged from the Navy after he allegedly attempted to hack into a Naval database while at sea serving as a systems administrator in the nuclear reactor department aboard the U.S.S. Harry S. Truman.
On Monday, he and Daniel Trenton Krueger, a community college student in Illinois, were charged with one count each of conspiracy to hack in the U.S. District Court for the Northern District of Oklahoma.
They were allegedly part of a hacker gang that went by the names Team Digi7al and Team Hav0k. According to court documents, the gang also included at least three minors who have not been identified or charged in the case. Authorities say they were motivated by a combination of anti-government sentiment, boredom, and thrill-seeking.
The gang is accused of using SQL-injection hacks and other methods to gain access to various systems including ones belonging to the U.S. National Geospatial Intelligence Agency, which provides maps and other intelligence to the military, and a system belonging to the Department of Homeland Security’s Transportation Worker Identification system. The latter contains biometric and other sensitive data on workers who are issued special credentials to access secure areas of maritime facilities and vessels.
The group also allegedly hacked or attempted to hack into systems belonging to Los Alamos National Lab, a number of universities and police departments, as well as the personal web site of Rashod Holmes, a musician who sold merchandise from his site.
But despite more than two dozens hacks, the group had sporadic success. During an attempted breach of a Los Alamos Lab computer in April 2012, a systems administrator detected the hack and halted it before they could steal much data, according to a court document (.pdf).
The hack of a computer at the National Geospatial Intelligence Agency got them the schematics for more than ten databases, but they failed to download the sensitive agency data they sought from the computer, authorities say.
A May 2012 breach of an AT&T Uverse computer, however, got them mobile phone numbers of about 7,500 customers, as well as some email addresses of customers, physical addresses and cleartext passwords, the government says.
Three months later, according to authorities, they hacked into the website of Rashod Holmes and stole data on 1,000 customers, including the private bank account information of about 70 customers. They also breached the email account of the Ambassador of Peru in Bolivia and made off with the entire email contents of his account.
The group boasted about their exploits through a Twitter account — @TeamDigi7al — and even published the personal information they stole to storage sites where others could access the data, authorities say.
Knight, known online as “Inertia” and “Logic,” began hacking at age 16, according to the government, and was allegedly the self-professed leader of the gang who handled much of the publicity. Krueger, who was studying to be a network administrator and was known online as “Thor” and “Gambit,” allegedly performed most of the technical hacking.
The investigation, conducted by the Naval Criminal Investigative Service, began in June 2012, when a breach of the Navy’s Smart Web Move website and database occurred. The system, also known as Navy-SWM, is used by the Navy to manage the transfer and relocation of personnel and their family members in all branches of the military — Navy, Army, Air Force, Marines and Coast Guard. The database contained more than a decade’s worth of stored sensitive personal data on about 220,000 service members and their families, including Social Security numbers and birth dates. It also stored the answers to security questions that members used to reset their passwords for the system — such as their mother’s maiden name or the names of their children.
The amount of account data the hackers obtained from the database is unknown, but once the breach was done, Knight allegedly boasted that the Navy.mil domain had been owned and that “MY OWN BOAT” had been hacked. After news of the hack broke, Knight and Krueger allegedly discussed it in private messages on Facebook, with Knight telling Krueger at the end of one conversation that “if anything happens…send me a message saying goodbye so wo know one of us is caught.”
Two months later, members of the team discussed laying low and allegedly began to destroy evidence to avoid arrest. In early February 2013, however, NCIS investigators caught up with them when they appeared at Knight’s Virginia residence with a search warrant.