Feeds

'Deceptive duo' hacker pleads guilty

Benjamin Stark in plea bargain deal

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

A Florida man pleaded guilty in federal court in Washington D.C. on Wednesday to charges stemming from his role as one half of the high-profile hacking team "The Deceptive Duo", responsible for obtaining sensitive information from government systems, and defacing dozens of governmental and private websites with patriotically-themed messages exhorting the U.S. to shore up cyber defenses.

In a plea agreement with prosecutors, Benjamin Stark, 22, admitted to cracking eleven computer networks belonging to nine US government departments and private commercial entities. He faces a likely prison term of 24 to 30 months in custody under federal sentencing guidelines.

The Deceptive Duo drew public attention in April 2002 for defacing government websites with a patriotic "mission outline" in which they described themselves as anonymous citizens determined to save the country from cyberterrorists by exposing security holes in critical infrastructures. "Tighten the security before a foreign attack forces you to," the Duo's defacements typically read. "At a time like this, we cannot risk the possibility of compromise by a foreign enemy." Accompanying the text was a graphic of two handguns against the backdrop of a tattered American flag.

Federal prosecutor John Carlin declined to comment on Stark's motives, but he said there was no mention of the hacker's purported patriotism at Wednesday's plea hearing. "It's not in the plea agreement, and it wasn't mentioned in the statement of facts that were given in the hearing today," Carlin noted.

As part of the plea, Stark admitted to working with an unnamed partner to crack systems at the Federal Aviation Administration (FAA), the Federal Highway Administration, the Defense Logistics Agency; the Department of Defense's Health Affairs office, the Department of Energy's Sandia National Lab, the Naval Air Systems Command, the Air Force Publishing Office, Dynamic Systems Inc. and Midwest Express.

Compromised database

At the FAA, the Duo cracked a server run by the administration's security force, and posted and posted samples from a compromised FAA database detailing passenger screening activity at various US airports in the year 2000, with each screener's name, the number of passengers he or she screened, and the number of guns, explosives or chemicals intercepted. In other intrusion, the pair demonstrated access to passport and social security numbers and other private data.

Each of the charged Deceptive Duo intrusions allegedly resulted in financial damage ranging from about $1,000 to $15,000, except for the Midwest Express hack, which cost the company $57,500, the government claims.

Stark's plea agreement contains no language indicating that he's agreed to testify against his partner in the hacks, believed to be 20-year-old Robert Lyttle, a prolific website defacer raided by the FBI along with Stark. Lyttle has yet to be charged federally for the hacks, and if he is, his attorney has promised to demonstrate that the Deceptive Duo's intrusions were genuinely aimed at preventing terrorist attacks on the information infrastructure. "Robert has a great necessity defense," San Francisco lawyer Omar Figuroa said earlier this month. "I'm confident that Robert would be completely exonerated if charges were filed."

In addition to the Deceptive Duo hacks, Stark admitted to two solo missions. In February 2001 he defaced a U.S. Army Corp of Engineers website under his online moniker "The-Rev". And in December of that year he sold a bundle of 447 stolen credit card numbers to an undercover FBI agent in a chat room for $250.

Stark's sentencing is scheduled for 24 September.

Copyright © 2004, 0

Related stories

'Deceptive Duo' hacker charged
FAA hacked by patriots

Intelligent flash storage arrays

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.