KANSAS CITY, Mo. – Todd P. Graves, United States Attorney for the Western District of Missouri, announced today that a St. Joseph man has been indicted for unauthorized computer intrusion. Graves noted that this is the first case of computer hacking ever prosecuted in the Western District of Missouri, which recently launched a new Cyber Crimes and Child Exploitation Unit.

     Richard W. Gerhardt, 43, of St. Joseph, Mo., was charged in an indictment returned under seal by a federal grand jury on December 19, 2002. That indictment was unsealed and made public today upon Gerhardt’s arrest and initial court appearance before U.S. Magistrate Judge Sarah W. Hays.

     The indictment alleges that Gerhardt gained unauthorized access to the network computer system of Nestle USA while employed as an information systems consultant, working primarily at the Friskies Petcare plant in St. Joseph. Friskies Petcare is a corporate subsidiary of Nestle USA, which in turn is a subsidiary of Nestle S.A. of Vevey, Switzerland.

     On five separate occasions between August 12, 2001, and June 10, 2002, the indictment alleges, Gerhardt gained access to the Nestle network computer system without authorization and in excess of his authorized access. Gerhardt allegedly downloaded approximately 5,000 user account passwords from Nestle’s system, costing the firm more than $5,000 to conduct a damage assessment of, verify the security of, and restore the integrity of its computer system.

     The various offices and facilities of Nestle USA and Nestle S.A. throughout the United States and the world, including the Friskies Petcare plant in St. Joseph, are linked together by a network computer system. Any computer or server connected to that system, Graves explained, is thus a “protected computer” under federal law.

     Gerhardt allegedly used a password-cracking software called “L0phtCrack” to retrieve the passwords for user accounts on the system. Gerhardt then created a database containing the user account passwords, the indictment alleges, and stored the database in a file on a computer server connected to the system and in a file located on a laptop computer issued to him by Nestle.

     While on the system, Gerhardt allegedly ran at least one password recovery utility program and then stored the results in at least one .zip file, creating a file which contained passwords he had obtained.

     Without authorization, the indictment alleges, Gerhardt loaded and installed a program called “pwdump.exe” on the Nestle network computer system and on the laptop computer issued to him by Nestle. According to the indictment, the “pwdump.exe” program is associated with an automated command that, at a preset time each day, communicated to other computers on the Nestle network computer system and downloaded active accounts and passwords. On June 3, 2002, Gerhardt allegedly caused the output from the “pwdump.exe” program to be stored on a computer server connected to the Nestle computer network system. Approximately 5,000 passwords associated with users of the Nestle computer network system were allegedly accessed and stored by Gerhardt.

     The indictment alleges that on June 4, 2002, Gerhardt used a dial-up connection to log onto the Nestle network computer system from a remote location. While on the system, Gerhardt allegedly created a new and unauthorized administrator account.

     Graves cautioned that the charge contained in the indictment is simply an accusation, and is not evidence of guilt. Evidence supporting the charges must be presented to a federal trial jury, whose duty is to determine guilt or innocence.

     The case is being prosecuted by Assistant U.S. Attorney Gene Porter. The case was investigated by the Federal Bureau of Investigation.

****************

     This news release, as well as additional information about the office of the United States Attorney for the Western District of Missouri, is available on-line at www.usdoj.gov/usao/mow

###

• More information on:  Computer Crime
• More information on: Computer Crime Cases
  

Want to receive news of updates to the cybercrime.gov website? Send a blank message to: cybercrime-subscribe@topica.com and we will add you to our email newsletter list. (Mailing list privacy information)

Go to . . . CCIPS Home Page  || Justice Department Home Page