Feeds

'Deceptive duo' hacker pleads guilty

Benjamin Stark in plea bargain deal

  • alert
  • submit to reddit

Intelligent flash storage arrays

A Florida man pleaded guilty in federal court in Washington D.C. on Wednesday to charges stemming from his role as one half of the high-profile hacking team "The Deceptive Duo", responsible for obtaining sensitive information from government systems, and defacing dozens of governmental and private websites with patriotically-themed messages exhorting the U.S. to shore up cyber defenses.

In a plea agreement with prosecutors, Benjamin Stark, 22, admitted to cracking eleven computer networks belonging to nine US government departments and private commercial entities. He faces a likely prison term of 24 to 30 months in custody under federal sentencing guidelines.

The Deceptive Duo drew public attention in April 2002 for defacing government websites with a patriotic "mission outline" in which they described themselves as anonymous citizens determined to save the country from cyberterrorists by exposing security holes in critical infrastructures. "Tighten the security before a foreign attack forces you to," the Duo's defacements typically read. "At a time like this, we cannot risk the possibility of compromise by a foreign enemy." Accompanying the text was a graphic of two handguns against the backdrop of a tattered American flag.

Federal prosecutor John Carlin declined to comment on Stark's motives, but he said there was no mention of the hacker's purported patriotism at Wednesday's plea hearing. "It's not in the plea agreement, and it wasn't mentioned in the statement of facts that were given in the hearing today," Carlin noted.

As part of the plea, Stark admitted to working with an unnamed partner to crack systems at the Federal Aviation Administration (FAA), the Federal Highway Administration, the Defense Logistics Agency; the Department of Defense's Health Affairs office, the Department of Energy's Sandia National Lab, the Naval Air Systems Command, the Air Force Publishing Office, Dynamic Systems Inc. and Midwest Express.

Compromised database

At the FAA, the Duo cracked a server run by the administration's security force, and posted and posted samples from a compromised FAA database detailing passenger screening activity at various US airports in the year 2000, with each screener's name, the number of passengers he or she screened, and the number of guns, explosives or chemicals intercepted. In other intrusion, the pair demonstrated access to passport and social security numbers and other private data.

Each of the charged Deceptive Duo intrusions allegedly resulted in financial damage ranging from about $1,000 to $15,000, except for the Midwest Express hack, which cost the company $57,500, the government claims.

Stark's plea agreement contains no language indicating that he's agreed to testify against his partner in the hacks, believed to be 20-year-old Robert Lyttle, a prolific website defacer raided by the FBI along with Stark. Lyttle has yet to be charged federally for the hacks, and if he is, his attorney has promised to demonstrate that the Deceptive Duo's intrusions were genuinely aimed at preventing terrorist attacks on the information infrastructure. "Robert has a great necessity defense," San Francisco lawyer Omar Figuroa said earlier this month. "I'm confident that Robert would be completely exonerated if charges were filed."

In addition to the Deceptive Duo hacks, Stark admitted to two solo missions. In February 2001 he defaced a U.S. Army Corp of Engineers website under his online moniker "The-Rev". And in December of that year he sold a bundle of 447 stolen credit card numbers to an undercover FBI agent in a chat room for $250.

Stark's sentencing is scheduled for 24 September.

Copyright © 2004, 0

Related stories

'Deceptive Duo' hacker charged
FAA hacked by patriots

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.