NORFOLK — A former sailor aboard the aircraft carrier Truman led an anti-government hacking group that breached computer systems and then posted personal details of thousands of service members and citizens for the public to see, authorities said Wednesday.
Nicholas Paul Knight, 27, formerly of Norfolk and the self-professed leader of the hacking group, Team Digi7al, is expected to plead guilty in Tulsa, Okla., in two weeks to a federal conspiracy charge. He has not been arrested. Authorities said he is living in Chantilly, Va.
The scope of the damage caused by the hacking is not known, nor whether classified national security information was involved.
The main breach occurred when members of Team Digi7al (pronounced "digital") hacked into a Navy-managed database containing the transfer information of 220,000 service members from every branch of the military. The database is housed in a server in Tulsa.
Information taken from the military database included full names, dates of birth, passwords and password reminders, such as maiden names and children's names. Some of it was uploaded to cloud storage sites that were publicly accessible, according to the charging documents.
"We don't know one way or another whether individuals were damaged," said Ryan Souders, the assistant U.S. attorney in Tulsa prosecuting the case.
But Souders and other authorities say the group wreaked havoc on computer systems, causing some to shut down and others to be reprogrammed. The Navy alone spent more than $500,000 responding to the attack.
According to the charging documents, Knight or members of his group are accused of hacking into more than 30 computers belonging to government agencies, companies or individuals, including a popular Christian musician. A second group member from Illinois also was charged.
Digi7al "was a criminal association organized to hack protected computers, steal sensitive and private information, and commit various other crimes," prosecutors said in the documents.
Knight and other members often boasted of their hacks, mostly on Twitter, even issuing warnings before they were about to enter a government or corporate computer system.
"We have one hell of a #hack coming up in the next few hours. Stay tuned," said one tweet from the group on June 3, 2012. They then hacked into the Department of Homeland Security's Transportation Worker Identification Credential network, downloading a database and making public disclosure of what's known as the database schema, or blueprint, "making it more vulnerable to future attacks," according to the court filing.
Other computers hacked include the Library of Congress, an email account of the Peruvian ambassador to Bolivia, Harvard and Stanford universities and several other colleges, the World Health Organization, AT&T, and the Toronto and Montgomery, Ala., police departments.
From the Toronto police computer, a group member obtained the names, phone numbers and email addresses of more than 500 informants and other personal information of thousands of staff and citizens who provided tips. The member then tweeted his success.
From AT&T, the group obtained the personal information, including passwords, of 7,500 customers.
One group member told authorities that there were political motivations, but their anti-government sentiments were not fully explained. Three minors were also involved but not charged.
"They were somewhat politically inclined. We were not able to identify a particular political stance that this group took," Souders said. "From online interviews and Twitter, it appears the primary purpose was, in a sense, for fun or boredom."
Norfolk-based agents with the Naval Criminal Investigative Service began investigating the hacking group in June 2012 after discovering a breach of a Navy database.
Agents identified the group quickly, in part because Knight tweeted that the group hacked "my own boat," court records say. Agents raided Knight's home in Norfolk in February 2013.
Court records say he admitted to many of the group's activities and agreed to cooperate in the investigation. However, the records say he and other group members began destroying their computer records containing the hacking activity.
The Navy and NCIS declined to comment on specifics of the case.
Knight, who worked as a systems administrator in the Norfolk-based Truman's nuclear reactor department, was discharged in May 2013. He has not yet made a court appearance in Tulsa but records filed say he plans to plead guilty on May 20.
Knight called himself the "nuclear black hat" and used aliases and nicknames such as Inertia, Logic, nickmc01, Solo and Iner7ia.
Daniel Trenton Krueger, accused of being his Illinois accomplice, and other group members obtained names, addresses, phone numbers, email addresses, passwords and bank account information and uploaded the data to a cloud that was made available to the public, court records say.
Krueger is also expected to plead guilty May 20.
Knight's Tulsa lawyer did not return a phone call.
His service record says he was raised in Taft, Calif., and joined the Navy in April 2009. After basic training, he went straight into nuclear field training in Charleston, S.C., and joined the Truman in September 2011. He was discharged as a petty officer third class.
Tim McGlone, 757-446-2343, firstname.lastname@example.org