Feeds

Web defacer sentenced, facing deportation

Still that NASA business though...

Combat fraud and increase customer satisfaction

Rafael Nuñez-Aponte will soon be going home to Caracas after spending seven months in a U.S. jail for compromising a computer belonging to the Department of Defense, but only if the National Aeronautics and Space Administration decides not to pursue charges against him.

Last week, a U.S. district court sentenced the Venezuelan security professional to time served - about seven months - for defacing an Air Force training Web site in June 2001 under the monicker "Rafa" as part of the online vandal group, World of Hell. The sentence followed a plea agreement between prosecutors and Nuñez signed in July.

"We were happy with the court's sentence," said Scott T. Varholak, the public defender representing Nuñez. "I think the court took into account Mr. Nuñez's character and that he has done a lot of good things since that time."

U.S. immigration officials have taken custody of Nuñez and he will be deported, Varholak said. The process typically takes about two weeks. However, other security incidents attributed to Rafa could delay his departure from the United States. The National Aeronautics and Space Administration (NASA) could attempt to hold Nuñez responsible for sensitive documents allegedly stolen by Rafa in 2002. Rafa allegedly took over 40MB of data regarding NASA's next-generation launch vehicles from a contractor's computer, according to press reports at the time.

A source at the U.S. Department of Justice stressed that the plea agreement and conviction only apply to the incident involving the U.S. Air Force. The source, who asked not to be named, said that Nuñez could be charged for other crimes. However, NASA investigators refused to comment on any possible future prosecution.

Nuñez's sentencing is the latest success for U.S. prosecutors against online vandals and cybercriminals. In February, prosecutors elicited a guilty plea from Nicolas Lee Jacobsen on charges of unauthorized access into the computers of telecommunications company T-Mobile. Microsoft helped German authorities track down and convict the creator of the Sasser worm, Sven Jaschan. In Europe, prosecutors have brought cases against the alleged online attackers suspected of creating networks of compromised computers, known as bot nets.

U.S. immigration officials arrested Nuñez on April 2 when he arrived in Miami for a conference. Nuñez had been working for Venezuelan telecommunications company CANTV in computer security and had previously worked for the Venezuelan subsidiary of Scientech. Law enforcement officials then moved the 26-year-old Venezuelan to Denver, Colorado, where he was charged.

The plea agreement, announced in July, stipulated that, under the monicker "Rafa," Nuñez joined a hacker group known as World of Hell, which prided itself on highlighting weaknesses in the security of government and corporate computers. A site run by the Defense Information Systems Agency (DISA) for the U.S. Air Force was among the Web sites defaced by Rafa, the agreement stated. Nuñez plead guilty to "intentionally damaging" that computer and causing $10,548 in damage.

"The plea agreement simply addresses his admission regarding this crime," said Jeffrey Dorschner, spokesman for the U.S. Attorney's office in Denver. "The U.S. sentencing guidelines takes into account his prior criminal history and the financial impact of the crime, but also whether he takes responsibility for his actions."

SANS - Survey on application security programs

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.