Devon man, computer hacker known as 'Green,' sentenced for stealing usernames

A judge has sentenced a Pennsylvania man to 18 months in prison for a hacking scheme in which he stole login credentials for a number of computer networks, then sold access to them to third parties.

Andrew James Miller, 24, of Devon, pleaded guilty in August to conspiracy and computer fraud.   

According to court documents, Miller — who primarily used the online nickname "Green" — was a member of a computer hacking group known as the "Underground Intelligence Agency." Prosecutors described the collective as "a small, loosely organized group" consisting of at least three members "that hacked into commercial, government, military, university, and individual computer systems."

The UIA between 2008 and 2011 remotely bypassed security measures for a number of computer networks and stole users' login credentials, often by using sniffers or keystroke loggers. In some cases, the group installed backdoors into servers and gained unauthorized access to administrator-level accounts. They then sold the backdoor access and credentials to others.

In one online chat in October 2010, Miller bragged he'd hacked into corporate servers belonging to companies ranging from American Express, Yahoo, Google, Adobe, Wordpress, Barracuda and Cicso.

FBI agents in 2010 identified one of the collective's members — nicknamed "Intel" — as Boston resident Robert Burns, who agreed to assist with the government's investigation. A third member, who went by "Mod" or "Modem" remains unidentified but is believed to live in Australia.

Burns in 2011 introduced an undercover FBI agent to Miller during an online chat. For the next three months, Miller sold the agent credentials enabling unauthorized access to numerous networks and domains, including those owned by Massachusetts-based RNK Telecommunications, the University of Massachusetts-Amherst and Domino's Pizza. The agent during each transaction wired cash payments ranging from $1,000 to $1,200 via Western Union to Miller, who lived in Lancaster at the time.

Miller in July of 2011 upped the ante, offering to sell the agent for $50,000 login credentials for a series of networks that would enable access to two government super computers. Miller told the agent he also had for sale access to about half of the top 500 super computers, most of them .gov or .edu domains.

"Because Miller's $50,000 price-tag was so steep, the FBI never transferred the money and therefore never obtained the NERSC log-in credentials," court documents state. 

FBI agents several months later executed a search warrant on Miller's Devon home. During an interview, Miller admitted to many of the accusations and said he hacked into the networks because "he saw himself as 'an information broker.'" A grand jury subsequently indicted Miller and he was arrested in June of 2012.

Miller in a letter attached to a presentence memorandum begged the judge for leniency, noting he was only 19 years old when his criminal activities began. He called the arrest "a critical and defining moment in [his] life" and said he was "sincerely apologetic for the trouble [he has] caused."