Feeds

'Deceptive duo' hacker pleads guilty

Benjamin Stark in plea bargain deal

  • alert
  • submit to reddit

Security for virtualized datacentres

A Florida man pleaded guilty in federal court in Washington D.C. on Wednesday to charges stemming from his role as one half of the high-profile hacking team "The Deceptive Duo", responsible for obtaining sensitive information from government systems, and defacing dozens of governmental and private websites with patriotically-themed messages exhorting the U.S. to shore up cyber defenses.

In a plea agreement with prosecutors, Benjamin Stark, 22, admitted to cracking eleven computer networks belonging to nine US government departments and private commercial entities. He faces a likely prison term of 24 to 30 months in custody under federal sentencing guidelines.

The Deceptive Duo drew public attention in April 2002 for defacing government websites with a patriotic "mission outline" in which they described themselves as anonymous citizens determined to save the country from cyberterrorists by exposing security holes in critical infrastructures. "Tighten the security before a foreign attack forces you to," the Duo's defacements typically read. "At a time like this, we cannot risk the possibility of compromise by a foreign enemy." Accompanying the text was a graphic of two handguns against the backdrop of a tattered American flag.

Federal prosecutor John Carlin declined to comment on Stark's motives, but he said there was no mention of the hacker's purported patriotism at Wednesday's plea hearing. "It's not in the plea agreement, and it wasn't mentioned in the statement of facts that were given in the hearing today," Carlin noted.

As part of the plea, Stark admitted to working with an unnamed partner to crack systems at the Federal Aviation Administration (FAA), the Federal Highway Administration, the Defense Logistics Agency; the Department of Defense's Health Affairs office, the Department of Energy's Sandia National Lab, the Naval Air Systems Command, the Air Force Publishing Office, Dynamic Systems Inc. and Midwest Express.

Compromised database

At the FAA, the Duo cracked a server run by the administration's security force, and posted and posted samples from a compromised FAA database detailing passenger screening activity at various US airports in the year 2000, with each screener's name, the number of passengers he or she screened, and the number of guns, explosives or chemicals intercepted. In other intrusion, the pair demonstrated access to passport and social security numbers and other private data.

Each of the charged Deceptive Duo intrusions allegedly resulted in financial damage ranging from about $1,000 to $15,000, except for the Midwest Express hack, which cost the company $57,500, the government claims.

Stark's plea agreement contains no language indicating that he's agreed to testify against his partner in the hacks, believed to be 20-year-old Robert Lyttle, a prolific website defacer raided by the FBI along with Stark. Lyttle has yet to be charged federally for the hacks, and if he is, his attorney has promised to demonstrate that the Deceptive Duo's intrusions were genuinely aimed at preventing terrorist attacks on the information infrastructure. "Robert has a great necessity defense," San Francisco lawyer Omar Figuroa said earlier this month. "I'm confident that Robert would be completely exonerated if charges were filed."

In addition to the Deceptive Duo hacks, Stark admitted to two solo missions. In February 2001 he defaced a U.S. Army Corp of Engineers website under his online moniker "The-Rev". And in December of that year he sold a bundle of 447 stolen credit card numbers to an undercover FBI agent in a chat room for $250.

Stark's sentencing is scheduled for 24 September.

Copyright © 2004, 0

Related stories

'Deceptive Duo' hacker charged
FAA hacked by patriots

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.