In the heat of a months-long hacker investigation into an extraordinary break-in at a leading wireless carrier's network, an Internet informant approached the Secret Service with startling news: The targeted hackers were reading some of the agency's own e-mails and computer files.
The trove of illicit government data included a "highly sensitive" internal Secret Service memorandum and part of a mutual assistance legal treaty from Russia, according to court records. A hunted hacker turned his sights on his pursuers, targeting at one point the desktop computer of a Secret Service agent on his trail.
The original break-in targeted the network of Bellevue, Wash.-based T-Mobile USA, which has 16.3 million customers nationwide. It was discovered during a broader Secret Service investigation, "Operation Firewall," which targeted underground hacker organizations known as Shadowcrew, Carderplanet and Darkprofits.
But in a twist, one of the government's investigators was also a T-Mobile customer and sometimes used the wireless network to communicate about the case, unaware it wasn't safe.
A Secret Service spokesman emphasized to CBS News that it was not the Secret Service e-mail system that was compromised, but material that had been kept on a personal handheld computer, or PDA, used by agent Peter Cavicchia.
"That is inconsistent with Secret Service policy," spokesman Jonathan Cherry said. "The agent should not have had that on the PDA. No investigative operations were compromised in regard to this particular intrusion."
Nicolas Lee Jacobsen, 21, of Santa Ana, Calif., a computer engineer, has been charged with the T-Mobile break-in in U.S. District Court in Los Angeles. Investigators said they traced the hacker's online activities to a hotel near Buffalo, N.Y., where Jacobsen was staying.
Jacobsen, who was arrested in October in California, has been released on a $25,000 bond posted by his uncle, who was ordered to keep his own personal computer locked up so Jacobsen couldn't use it. A court hearing is set for Feb. 14.
T-Mobile acknowledged the hacker was able to view the names and Social Security numbers of 400 customers, all of whom it said were notified in writing about the break-in. It said customer credit card numbers and other financial information never were revealed.
"Safeguarding T-Mobile customer information is a top priority for the company," spokesman Peter Dobrow said. Dobrow said T-Mobile discovered a break-in late in 2003 and "immediately took steps that prevented any further access to this system." But another break-in — believed to be connected to the first — occurred in 2004, Dobrow said. The company still is investigating.
Court records said the hacker in the second break-in had access to T-Mobile customer information from at least March through October last year.
In March 2004, an informant reported to the Secret Service an online offer that court papers said was traced to Jacobsen. A hacker claimed he could look up the name, Social Security number, birth date and passwords for voice mails and e-mails for T-Mobile customers. Prosecutors contend Jacobsen was behind the offer, shielding his identity using aliases that included "Anyonman" and "Ethics."
Cavicchia, who has specialized in tracking hackers, was a T-Mobile customer who coincidentally was investigating the T-Mobile break-in, according to court papers and Secret Service spokesman Cherry.
Cavicchia, who won the Secret Service's medal of valor for his actions in the Sept. 11, 2001, terror attacks, resigned to work in the private sector. He told The Associated Press he was not asked to leave and said he was cleared during an internal investigation into whether he had improperly revealed sensitive information or violated agency rules.
"Unfortunately, I was the victim of a crime," said Cavicchia, angry that his name appears in court papers in the case. "Over my career with the Secret Service, I continually made personal and family sacrifices to do my job above and beyond the call of duty. My reputation and record speaks for itself. It's unfortunate that the Secret Service didn't take more steps to protect me."
Cavicchia's T-Mobile handheld computer contained "very limited investigative material" that was obtained by the hacker, Cherry said, adding that no government investigations were compromised. Cherry said Secret Service policies prohibit agents from keeping work-related files on personal computers.
Cavicchia said Secret Service supervisors frequently e-mailed documents and other files to his wireless computer to review while he was traveling. "The only way for me to review documents while I was on the road was for them to send them to that address, which they knew wasn't an agency address," Cavicchia said.
The incident wasn't all bad, Cherry said.
"Attempted intrusions on one of our systems or our employees' accounts at times works to our investigative advantage," he told CBS News. "It puts us into the position of being able to obtain information."
He said this investigation was "immensely successful."