Feeds

Web defacer sentenced, facing deportation

Still that NASA business though...

Securing Web Applications Made Simple and Scalable

Rafael Nuñez-Aponte will soon be going home to Caracas after spending seven months in a U.S. jail for compromising a computer belonging to the Department of Defense, but only if the National Aeronautics and Space Administration decides not to pursue charges against him.

Last week, a U.S. district court sentenced the Venezuelan security professional to time served - about seven months - for defacing an Air Force training Web site in June 2001 under the monicker "Rafa" as part of the online vandal group, World of Hell. The sentence followed a plea agreement between prosecutors and Nuñez signed in July.

"We were happy with the court's sentence," said Scott T. Varholak, the public defender representing Nuñez. "I think the court took into account Mr. Nuñez's character and that he has done a lot of good things since that time."

U.S. immigration officials have taken custody of Nuñez and he will be deported, Varholak said. The process typically takes about two weeks. However, other security incidents attributed to Rafa could delay his departure from the United States. The National Aeronautics and Space Administration (NASA) could attempt to hold Nuñez responsible for sensitive documents allegedly stolen by Rafa in 2002. Rafa allegedly took over 40MB of data regarding NASA's next-generation launch vehicles from a contractor's computer, according to press reports at the time.

A source at the U.S. Department of Justice stressed that the plea agreement and conviction only apply to the incident involving the U.S. Air Force. The source, who asked not to be named, said that Nuñez could be charged for other crimes. However, NASA investigators refused to comment on any possible future prosecution.

Nuñez's sentencing is the latest success for U.S. prosecutors against online vandals and cybercriminals. In February, prosecutors elicited a guilty plea from Nicolas Lee Jacobsen on charges of unauthorized access into the computers of telecommunications company T-Mobile. Microsoft helped German authorities track down and convict the creator of the Sasser worm, Sven Jaschan. In Europe, prosecutors have brought cases against the alleged online attackers suspected of creating networks of compromised computers, known as bot nets.

U.S. immigration officials arrested Nuñez on April 2 when he arrived in Miami for a conference. Nuñez had been working for Venezuelan telecommunications company CANTV in computer security and had previously worked for the Venezuelan subsidiary of Scientech. Law enforcement officials then moved the 26-year-old Venezuelan to Denver, Colorado, where he was charged.

The plea agreement, announced in July, stipulated that, under the monicker "Rafa," Nuñez joined a hacker group known as World of Hell, which prided itself on highlighting weaknesses in the security of government and corporate computers. A site run by the Defense Information Systems Agency (DISA) for the U.S. Air Force was among the Web sites defaced by Rafa, the agreement stated. Nuñez plead guilty to "intentionally damaging" that computer and causing $10,548 in damage.

"The plea agreement simply addresses his admission regarding this crime," said Jeffrey Dorschner, spokesman for the U.S. Attorney's office in Denver. "The U.S. sentencing guidelines takes into account his prior criminal history and the financial impact of the crime, but also whether he takes responsibility for his actions."

The smart choice: opportunity from uncertainty

More from The Register

next story
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Boffins build FREE SUPERCOMPUTER from free cloud server trials
Who cares about T&Cs when there's LIteCoin to mint?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.