Feeds

'Deceptive Duo' hacker charged

US 'patriot' in the dock

  • alert
  • submit to reddit

Build a business case: developing custom apps

A Florida man has been charged in federal court in Washington DC for his alleged role as one half of the high-profile hacking team "The Deceptive Duo" - responsible for defacing dozens of governmental and private websites with patriotically-themed messages exhorting the US to shore up cyber defenses.

Benjamin Stark, 22, faces a single count of breaking into and damaging computers in concert with an "unnamed individual" in the spring of 2002. A second unrelated count accuses him of trafficking in stolen credit card numbers a year earlier. The charges are in the form of an "information", rather than an indictment, which legal experts say telegraphs that Stark has likely entered into a plea agreement with prosecutors. A spokesman for the US Attorney's Office in Washington declined to comment on the case. Reached by telephone, Stark referred inquiries to his mother, who also declined comment.

The Deceptive Duo first drew public attention in April 2002 for cracking government websites and defacing them with a patriotic "mission outline" in which they described themselves as anonymous US citizens determined to save the country from cyberterrorists by exposing security holes in critical infrastructures. "Tighten the security before a foreign attack forces you to," the Duo's defacements typically read. "At a time like this, we cannot risk the possibility of compromise by a foreign enemy." Accompanying the text was the group's logo: two handguns against the backdrop of a tattered American flag.

Among their earliest hacks, the pair defaced a Federal Aviation Administration (FAA) server and posted samples from an FAA database detailing passenger screening activity at various U.S. airports in the year 2000, with each screener's name, the number of passengers he or she screened, and the number of guns, explosives or chemicals intercepted. At the time, the FAA downplayed the sensitivity of the database, claiming that it had been prepared for Congress, and was therefore public information. But in the charges against Stark filed last month, prosecutors describe the list as a "sensitive database".

The Deceptive Duo's campaign came to an abrupt end in May 2002, less than three weeks after it began, when FBI and Defense Department investigators raided Stark's home, and searched the California home of then 18-year-old Robert Lyttle, who was already on juvenile probation for an earlier Web site defacement spree. Using the handle "Pimpshiz", Lyttle had replaced some 200 Web pages with electronic graffiti supporting Napster.

In early March, Lyttle said he expected to face federal charges in Northern California for some of the Deceptive Duo hacks, but that his case had been delayed when his prosecutor was reassigned. On Friday his attorney, Omar Figuroa, said he wasn't troubled by the prospect of Stark making a plea deal, even if it turns out he's rolling over on his former partner. "What's Ben going to say, that they hacked into the systems? Sure. But Robert has a great necessity defense," says Figuroa, who's argued that the Deceptive Duo's hacking was aimed at preventing terrorist attacks on the information infrastructure. "I'm confident that Robert would be completely exonerated if charges were filed."

The Washington DC case charges Stark with a single felony for 10 of the Deceptive Duo's alleged intrusions. The US government agencies listed as victims are the Federal Aviation Administration, the Department of Transportation's Federal Highway Administration, the Defense Logistics Agency, the Department of Defense's Health Affairs office, the Department of Energy's Sandia National Lab, the Naval Air Systems Command, and the Air Force Publishing Office. Two private companies are also listed: Dynamic Systems Inc., and Wisconsin-based Midwest Express.

Bundled into the same offense is the 2001 defacement of a US Army Corp of Engineers' website under Stark's pre-Deceptive Duo moniker, "The-Rev". A second charge accuses Stark of another solo mission: allegedly selling a bundle of 447 stolen credit card numbers in an IRC chat room for $250 in June 2001.

Each of the Deceptive Duo intrusions allegedly resulted in financial damage ranging from about $1,000 to $15,000 each, except for the Midwest Express hack, which cost the company $57,500, the government claims. In some intrusions, the pair gained access to personal identifiable information like passport and social security numbers.

Stark is scheduled to enter a plea on 19 May.

Copyright © 2004, 0

Related stories

FAA hacked by patriots

The essential guide to IT transformation

More from The Register

next story
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.