A former US military contractor has pleaded guilty to exceeding authorized access to a computer and aggravated identity theft after he was accused of selling names and Social Security numbers of 17,000 military employees, the US Department of Justice said.
Randall Craig, 41, of Houston, pleaded guilty over the weekend to both counts of an indictment returned in April by a grand jury in US District Court for the Southern District of Texas. Craig acknowledged selling information contained in a military database to a person he believed to represent a foreign government, according to the US Attorney's Office for the Southern District of Texas and the US Federal Bureau of Investigation.
The person who purchased the names and Social Security numbers from Craig was an undercover FBI agent, they said.
Craig worked as a private computer contractor at the Marine Corps Reserve Center in San Antonio, Texas, in September 2007, and he had access to personal information of US Marines in the center's database, the DOJ said.
On February 6, Craig met with someone he believed to be a representative of a foreign government at the Houston airport to discuss the sale of a thumb drive containing the information Craig had obtained from the military database, the DOJ said. Craig sold the thumb drive for US$500, the agency said.
"Our personal identification information is readily available to those who have a legitimate use for it as well as those who do not, such as Mr. Craig," US Attorney Don DeGabrielle said in a statement. "Because he sought to profit from this identity theft, we moved swiftly and justly -- as we will in all such cases -- to protect our military heroes and to protect everyone in the conduct of their personal affairs."
A forensic examination conducted by the Naval Criminal Investigative Service determined the data was from the Marine Corps Reserve Center where Craig worked, the DOJ said. The thumb drive contained personal information of 17,000 people assigned to the Battalion of the US Marine Corps in San Antonio, the DOJ said. The investigation found that none of the information obtained by Craig was sold to others or otherwise compromised.
At a February 22 meeting with the FBI undercover agent, Craig said he had made efforts to contact other foreign countries in an attempt to offer his services, the DOJ said. The undercover agent and Craig discussed future contact, using cell phones and e-mail.
The conviction for exceeding authorized access to a computer for financial gain carries a maximum sentence of five years in prison. Aggravated identity theft carries a mandatory two year-sentence that must be served consecutive to any sentence imposed for the charge of exceeding authorized access. Both counts also include maximum fines of US$250,000.
Craig is scheduled to be sentenced July 28. He is being held in federal custody without bond, the DOJ said.