JONATHAN JAMES
Behavioral Archetype
THE MINOR WHO BREACHED THE PENTAGON AND WAS NEVER ALLOWED TO STOP PAYING – Subject was a genuine intruder. Unlike the builders on this list, he did commit the acts he was punished for. At fifteen he installed a backdoor on a Defense Threat Reduction Agency server and read three thousand internal messages; he broke into NASA and pulled source code for the International Space Station’s life-support environment. Those are real intrusions with real reach. He served his time as a minor. The problem was the aftermath: years later, with a federal record already attached to his name, he was investigated in connection with a breach he insisted he had nothing to do with. He was never charged. He shot himself at twenty-four, convinced the record would convict him regardless of the facts.
Essence Indicators
- Handle “c0mrade”; born December 12, 1983, Pinecrest, Florida
- The first juvenile incarcerated for computer crime in the United States
- Intrusions committed as a fifteen-to-sixteen-year-old, 1999-2000
- Installed a backdoor and packet sniffer on a Defense Threat Reduction Agency (a DoD agency) server in Dulles, Virginia; intercepted over 3,000 messages and numerous credentials
- Intruded into NASA and downloaded source code supporting the International Space Station’s physical environment (temperature and humidity control of the living space); NASA took systems offline to respond
- Sentenced as a minor to house arrest and probation; served six months in federal detention after a probation violation (a positive drug test)
- January 2008: Secret Service searched his home, his brother’s, and his girlfriend’s in connection with the TJX / Albert Gonzalez credit-card breach. He was investigated but never charged
- Died by self-inflicted gunshot on May 18, 2008, age 24, leaving a note denying TJX involvement and stating he had no faith in the justice system
Social Persona / Impression Management
Immediate impression: A precocious, curious teenager who wanted to see inside systems he was not supposed to see, and did. Not a criminal enterprise, not an ideologue – a bright kid who treated the Department of Defense as a place to look around.
Energy: Restless, capable, and by the end, cornered. Friends and family described intelligence far ahead of his years. The later correspondence and the suicide note describe a person who had concluded the outcome was fixed before it began.
Impression management strategy: MINIMAL, THEN NONE. As a minor he used a handle and did not court publicity. By 2008 he was not managing an impression at all; he was documenting, in a note, that he expected to be made a scapegoat and did not intend to be present for it.
Forensic Archetype Comparison
| Pattern | Match Level | Evidence |
|---|---|---|
| The Curious Intruder | EXTREME | The intrusions were exploratory, not extractive. He read messages and pulled code; there is no evidence of sale, sabotage, or extortion. |
| The Accidental Revolutionary | MODERATE | A minor demonstrating that DoD and NASA systems could be entered by a teenager was a policy fact whether or not he meant it to be. |
| The Martyr Complex | LOW-MODERATE | He did not seek martyrdom. The note frames the death as regaining control of a situation he believed was already decided, not as a message he set out to send. |
| The Social Engineer | LOW | The work was technical – backdoors, sniffers, source access – not manipulation of people. |
Psychometric Assessment
Big Five (OCEAN):
| Trait | Score | Evidence |
|---|---|---|
| Openness | 90/100 | Self-taught intrusion into DoD and NASA systems at fifteen. High curiosity, high capability, minimal formal instruction. |
| Conscientiousness | 45/100 | Capable of sustained technical work, but the probation violation and the exploratory, consequence-light intrusions point to weak impulse regulation. Sixteen years old. |
| Extraversion | 45/100 | Moderate-to-low. Operated quietly under a handle; not a performer or a self-promoter. |
| Agreeableness | 55/100 | The intrusions were not malicious in payload. No data sold, no systems wrecked. The harm was in the access itself. |
| Neuroticism | 80/100 | High by the end. The note describes lost control and fixed outcomes – the language of someone in acute distress who had concluded the future was foreclosed. |
Dark Triad:
| Trait | Score | Notes |
|---|---|---|
| Narcissism | 25/100 | Low. Used a handle, avoided publicity, apologized to NASA and DoD as ordered. Not a glory-seeker. |
| Machiavellianism | 20/100 | Low. No strategic manipulation; the intrusions were direct and technical, not schemed. |
| Psychopathy | 15/100 | Low. Genuine crimes, but no callousness or predation in the record – exploration, not harm. |
MBTI: INTP (“The Logician”) – Dominant introverted thinking driving systems analysis for its own sake, auxiliary extraverted intuition chasing the next reachable system. The INTP failure mode here is engaging a problem (can this be entered?) without weighting the external consequences of solving it.
Why This Profile Matters
Lurk More is dedicated to the dead hackers, and only two on that list have a dossier. The other is Aaron Swartz. The pair is instructive precisely because they are not the same case. Swartz was a builder prosecuted for downloading papers a database did not want him prosecuted for. James was a real intruder who read DoD mail and took NASA code, served his sentence as a minor, and then died years later over a breach he was never charged in. One did nothing that should have been a felony; the other did things that were genuinely crimes. The through-line is not innocence. It is disproportion and permanence. A federal record attached to a teenager does not expire when the sentence does; it becomes a standing presumption. James read the situation exactly: with a prior conviction, he would not be presumed innocent of TJX, and the investigation alone was enough. The same office that prosecuted James later prosecuted Swartz – AUSA Stephen Heymann worked both – and both defendants died. The system logs one prosecutor’s career advancing and two young men dead, and records that the handling was “appropriate.” That is the point of putting these two files next to each other: the machine does not need you to be guilty. It needs you to be reachable.
Threat Assessment
| Category | Level | Notes |
|---|---|---|
| Physical threat | NONE | A teenager with a keyboard. |
| Institutional threat | HIGH (actual) | This is the honest divergence from Swartz. A fifteen-year-old holding a DTRA backdoor and NASA life-support source code is real reach into real systems, whatever the intent. The intrusions were serious. |
| Memetic threat | MODERATE | “The kid who hacked NASA” is a durable case study in every intro security course. The lesson taught, though, is usually the technical feat, not the ending. |
| Posthumous threat | ONGOING | The note – “I have no faith in the ‘justice’ system” – is the enduring artifact. The scapegoat-in-waiting mechanism it names (a prior record converting an investigation into a foregone conclusion) is not a bug that was fixed. It is how the system still works. |
Flame Warrior Classification
Primary: Hacker / Target Secondary: Target (designated in advance, never charged) Notes: ATK 8 – breaching a DoD agency and NASA as a minor, backdoor plus source-code access to ISS life-support systems, is genuine reach; this is not a builder’s score and should not be graded as one. DEF 1 – almost none. A minor first, then a person with a federal record and no institutional protection, investigated for a breach he was never charged in and unable to shed the presumption the record created. HP 0. Dead at twenty-four. The HP stat is what a permanent record does to a person the system has already decided it can reach.
Sources: Wikipedia: Jonathan James; Control Engineering: “Throwback Attack: A Florida teen hacks the Department of Defense and NASA”; Cybernews: “How a Florida teenager hacked NASA’s source code”.
Prefer RSS? Subscribe here.