Security News > 2004 > May > Charges filed in 'Deceptive Duo' hacks
http://www.securityfocus.com/news/8559 By Kevin Poulsen SecurityFocus May 3 2004 A Florida man has been charged in federal court in Washington DC for his alleged role as one-half of the high-profile hacking team "The Deceptive Duo," responsible for defacing dozens of governmental and private Web sites with patriotically-themed messages exhorting the U.S. to shore up cyber defenses. Benjamin Stark, 22, faces a single count of breaking into and damaging computers in concert with an "unnamed individual" in the spring of 2002. A second unrelated count accuses him of trafficking in stolen credit card numbers a year earlier. The charges are in the form of an "information," rather than an indictment, which legal experts say telegraphs that Stark has likely entered into a plea agreement with prosecutors. A spokesman for the U.S. Attorney's Office in Washington declined to comment on the case. Reached by telephone, Stark referred inquiries to his mother, who also declined comment. The Deceptive Duo first drew public attention in April 2002 for cracking government websites and defacing them with a patriotic "mission outline" in which they described themselves as anonymous U.S. citizens determined to save the country from cyberterrorists by exposing security holes in critical infrastructures. "Tighten the security before a foreign attack forces you to," the Duo's defacements typically read. "At a time like this, we cannot risk the possibility of compromise by a foreign enemy." Accompanying the text was the group's logo: two handguns against the backdrop of a tattered American flag. Among their earliest hacks, the pair defaced a Federal Aviation Administration (FAA) server and posted samples from an FAA database detailing passenger screening activity at various U.S. airports in the year 2000, with each screener's name, the number of passengers he or she screened, and the number of guns, explosives or chemicals intercepted. At the time, the FAA downplayed the sensitivity of the database, claiming that it had been prepared for Congress, and was therefore public information. But in the charges against Stark filed earlier this month, prosecutors describe the list as a "sensitive database." The Deceptive Duo's campaign came to an abrupt end in May 2002, less than three weeks after it began, when FBI and Defense Department investigators raided Stark's home, and searched the California home of then 18-year-old Robert Lyttle, who was already on juvenile probation for an earlier Web site defacement spree. Using the handle "Pimpshiz," Lyttle had replaced some 200 Web pages with electronic graffiti supporting Napster. In early March, Lyttle said he expected to face federal charges in Northern California for some of the Deceptive Duo hacks, but that his case had been delayed when his prosecutor was reassigned. On Friday his attorney, Omar Figuroa, said he wasn't troubled by the prospect of Stark making a plea deal, even if it turns out he's rolling over on his former partner. "What's Ben going to say, that they hacked into the systems? Sure. But Robert has a great necessity defense," says Figuroa, who's argued that the Deceptive Duo's hacking was aimed at preventing terrorist attacks on the information infrastructure. "I'm confident that Robert would be completely exonerated if charges were filed." The Washington DC case charges Stark with a single felony for 10 of the Deceptive Duo's alleged intrusions. The U.S. government agencies listed as victims are the Federal Aviation Administration, the Department of Transportation's Federal Highway Administration, the Defense Logistics Agency, the Department of Defense's Health Affairs office, the Department of Energy's Sandia National Lab, the Naval Air Systems Command, and the Air Force Publishing Office. Two private companies are also listed: Dynamic Systems Inc., and Wisconsin-based Midwest Express. Bundled into the same offense is the 2001 defacement of a U.S. Army Corp of Engineers website under Stark's pre-Deceptive Duo moniker, "The-Rev." A second charge accuses Stark of another solo mission: allegedly selling a bundle of 447 stolen credit card numbers in an IRC chat room for $250 in June 2001. Each of the Deceptive Duo intrusions allegedly resulted in financial damage ranging from about $1,000 to $15,000 each, except for the Midwest Express hack, which cost the company $57,500, the government claims. In some intrusions, the pair gained access to personal identifiable information like passport and social security numbers. Stark is scheduled to enter a plea on May 19th. _________________________________________ ISN mailing list Sponsored by: OSVDB.org