RealTime IT News

Accused EBay Hacker Maintains His Innocence

The computer whiz kid accused of hacking eBay and five other Internet firms said Friday that the Federal Bureau of Investigation has the wrong man.

"I'm pretty confident they don't have much of a case. They just want to look good and find someone who's the perfect scapegoat," Jerome Heckenkamp said in an interview with InternetNews Radio Friday.

A computer security expert who graduated from college at the age of 18, Heckenkamp was charged this week with 16 counts of various computer crimes. Besides eBay, his alleged victims include Qualcomm, Lycos, Exodus and E-Trade. He faces a maximum sentence of 85 years in prison and fines up to $4 million, although it's highly unlikely he'd receive those penalties even if convicted.

Heckenkamp appeared before a judge in Albuquerque, New Mexico on Thursday and has been ordered to show up for court hearings in two weeks in California, which is where some of his alleged victims are headquartered.

Heckenkamp, who has been working as a network security expert for Los Alamos National Labs since June, was released from jail without bond on the condition that he show up for his future court dates, find a new job, and stay away from computers.

Although he admits to being a white-hat hacker and publishing information about software vulnerabilities using the hacker nickname "Sk8," Heckenkamp denied that he is MagicFX, the hacker who took credit for the Ebay defacement which occurred in March of 1999. He similarly denied any responsibility for the other crimes, which include computer intrusions, intercepting electronic communications, and witness tampering over a period of several months in 1999.


According to Heckenkamp, the FBI followed a false trail of electronic evidence that pointed to the dorm-room computer he used in 1999 as a graduate student in computer science at the University of Wisconsin.

The machine, connected to the school's high-speed network, was running a default install of Red Hat Linux, which Heckenkamp says way likely vulnerable to a number of security exploits. He claims he didn't give much thought to the machine's security because his primary computer was in his graduate school office.

"I didn't worry about people breaking in. I'd been at the university for years and never had any problems," said Heckenkamp, who claims that before the FBI confiscated the computer last year, he discovered the system's log files showed intrusions from numerous unauthorized outsiders -- a fact he says the FBI has ignored.

"When they tried to scare me into confessing, their proof was pathetic. It did not point to me at all. I told them, 'go back and trace these back to where they came from. My computer is not the originating point,'" said Heckenkamp, who believes his machine may have been targeted randomly by an attacker who scanned the university's network. Alternately, he speculates he might have been targeted by someone who wanted to show him up because he has posted information about security vulnerabilities on the popular Bugtraq security mailing list, using the hacker handle "SK8."

Jim Gast, a 50-year-old former Novell storage architect who's currently a Ph.D student in Wisconsin's computer science program, says he worked with Heckenkamp on several course projects last year, including a lecture Heckenkamp gave on internet security. According to Gast, Heckenkamp was "a bright kid, if a bit of a classic geek." While Gast says he has no reason to believe Heckenkamp would be involved in computer crimes, he finds it a bit incredible that a machine