Feeds

'Deceptive Duo' hacker charged

US 'patriot' in the dock

  • alert
  • submit to reddit

Seven Steps to Software Security

A Florida man has been charged in federal court in Washington DC for his alleged role as one half of the high-profile hacking team "The Deceptive Duo" - responsible for defacing dozens of governmental and private websites with patriotically-themed messages exhorting the US to shore up cyber defenses.

Benjamin Stark, 22, faces a single count of breaking into and damaging computers in concert with an "unnamed individual" in the spring of 2002. A second unrelated count accuses him of trafficking in stolen credit card numbers a year earlier. The charges are in the form of an "information", rather than an indictment, which legal experts say telegraphs that Stark has likely entered into a plea agreement with prosecutors. A spokesman for the US Attorney's Office in Washington declined to comment on the case. Reached by telephone, Stark referred inquiries to his mother, who also declined comment.

The Deceptive Duo first drew public attention in April 2002 for cracking government websites and defacing them with a patriotic "mission outline" in which they described themselves as anonymous US citizens determined to save the country from cyberterrorists by exposing security holes in critical infrastructures. "Tighten the security before a foreign attack forces you to," the Duo's defacements typically read. "At a time like this, we cannot risk the possibility of compromise by a foreign enemy." Accompanying the text was the group's logo: two handguns against the backdrop of a tattered American flag.

Among their earliest hacks, the pair defaced a Federal Aviation Administration (FAA) server and posted samples from an FAA database detailing passenger screening activity at various U.S. airports in the year 2000, with each screener's name, the number of passengers he or she screened, and the number of guns, explosives or chemicals intercepted. At the time, the FAA downplayed the sensitivity of the database, claiming that it had been prepared for Congress, and was therefore public information. But in the charges against Stark filed last month, prosecutors describe the list as a "sensitive database".

The Deceptive Duo's campaign came to an abrupt end in May 2002, less than three weeks after it began, when FBI and Defense Department investigators raided Stark's home, and searched the California home of then 18-year-old Robert Lyttle, who was already on juvenile probation for an earlier Web site defacement spree. Using the handle "Pimpshiz", Lyttle had replaced some 200 Web pages with electronic graffiti supporting Napster.

In early March, Lyttle said he expected to face federal charges in Northern California for some of the Deceptive Duo hacks, but that his case had been delayed when his prosecutor was reassigned. On Friday his attorney, Omar Figuroa, said he wasn't troubled by the prospect of Stark making a plea deal, even if it turns out he's rolling over on his former partner. "What's Ben going to say, that they hacked into the systems? Sure. But Robert has a great necessity defense," says Figuroa, who's argued that the Deceptive Duo's hacking was aimed at preventing terrorist attacks on the information infrastructure. "I'm confident that Robert would be completely exonerated if charges were filed."

The Washington DC case charges Stark with a single felony for 10 of the Deceptive Duo's alleged intrusions. The US government agencies listed as victims are the Federal Aviation Administration, the Department of Transportation's Federal Highway Administration, the Defense Logistics Agency, the Department of Defense's Health Affairs office, the Department of Energy's Sandia National Lab, the Naval Air Systems Command, and the Air Force Publishing Office. Two private companies are also listed: Dynamic Systems Inc., and Wisconsin-based Midwest Express.

Bundled into the same offense is the 2001 defacement of a US Army Corp of Engineers' website under Stark's pre-Deceptive Duo moniker, "The-Rev". A second charge accuses Stark of another solo mission: allegedly selling a bundle of 447 stolen credit card numbers in an IRC chat room for $250 in June 2001.

Each of the Deceptive Duo intrusions allegedly resulted in financial damage ranging from about $1,000 to $15,000 each, except for the Midwest Express hack, which cost the company $57,500, the government claims. In some intrusions, the pair gained access to personal identifiable information like passport and social security numbers.

Stark is scheduled to enter a plea on 19 May.

Copyright © 2004, 0

Related stories

FAA hacked by patriots

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.