, SecurityFocus 2005-04-11
Family and colleagues of a Venezuelan security expert known for defacing Web sites under the name "Rafa" have launched a campaign to highlight the one-time vandal's more benevolent acts.Family and colleagues of a Venezuelan security expert accused of defacing Web sites under the name "Rafa" launched a campaign on Monday to highlight their view that the one-time vandal has reformed himself.
U.S. immigration officials arrested Rafael Nuñez on April 2 on charges related to the Web defacement of a U.S. Air Force site in June 2001. The Immigration and Customs Enforcement Division of the U.S. Department of Homeland Security took the 25-year-old Venezuelan into custody when he arrived in Miami, Florida for a conference.
While colleagues and family acknowledged Nuñez's past, they hoped that his more recent actions aiding cybercrime and child-pornography investigations will convince U.S. officials to treat him more leniently.
"If he did the crime, he has to face those charges," said Seth Pack, director of the Counter Pedophilia Investigative Unit (CPIU), an independent organization that aims to aid child pornography investigations. Nuñez is the deputy director of the organization. "It seemed like he wanted to turn a leaf and do good things with his talent. I was really shocked to find out that he was under investigation."
Under the monicker "Rafa," Nuñez joined a hacker group known as World of Hell, which prided itself on highlighting weaknesses in the security of government and corporate computers, according to Nuñez's federal indictment. A site run by the Defense Information Systems Agency (DISA) for the U.S. Air Force was among the Web sites defaced by Rafa, the indictment stated.
Nuñez is charged with two violations of the Computer Crimes and Abuse Act and could, if found guilty, be sentenced to up to 11 years in prison and a fine of up to $350,000. He is currently awaiting transfer from Miami to Denver, Colorado, where he will be tried.
"This is a significant arrest," said Jeff Dorschner, spokesman for the U.S. Attorney's Office in Denver, Colorado. Dealing with the international aspect of the case made it more difficult, he said.
Anne Lyons, the public defender assigned to Nuñez's case, could not be reached for comment.
The family hopes to start a Web site that lists the aid that Nuñez provided to other investigations. In an online chat, a person identifying himself as Juan Vicente Nuñez, the brother of the suspect, said that the family would be seeking an expert attorney to defend Nuñez.
Other colleagues also spoke highly of Nuñez.
"We are as surprised by this event as anyone else," Tony J. de Castro, president of Scientech de Venezuela C.A. and its subsidiaries, said in an e-mail. Nuñez worked for Scientech until November 2003, when he left to join the Venezuelan telecommunications company CANTV, de Castro said. "As far as we know, Mr. Nunez is an extremely capable professional dedicated to the 'ethical' investigation of security issues in the Internet."
The hacking group World of Hell defaced a number of sites in 2001, including a mass defacement using an automated script that replaced hundreds of site's home pages with a message from the group. On June 10, 2001, a U.S. Air Force site had its home page replaced by the message, "woh is Back...and kiss my a** cause I just Owned yours! - America's Air Force Department of Defense computer system 0wn3d by [RaFa]," according to a complaint filed by Joseph Diebert, a special agent with the Defense Criminal Investigative Service.
A comment posted on the group's Web site by one of the members of World of Hell helped investigators crack the case, according to the complaint. In the online posting, the founder of the group, Cowhead2000, stated he had a run-in with police at the DEFCON hacking conference in Las Vegas during the summer of 2001. The investigators were able to find the police records, which led them to the home of the 15-year-old founder, the complaint stated.
A search of the teenager's computer disks found several Internet Relay chat (IRC) and I Seek You (ICQ) logs between Rafa and Cowhead2000, providing further links between Rafael Nuñez, Rafa and the defacement of the Air Force Web site.
In August 2002, Cowhead2000 pled guilty to 133 counts of sexual exploitation of a minor and 176 counts of identity theft, charges stemming from images and credit-card numbers, respectively, found on the teenager's hard drive, stated the complaint.
Investigators don't currently believe that the World of Hell was broadly involved in child pornography, said a source, and CPIU's Pack said he did not believe Nuñez would have involved himself with child pornographers.
"If he had known about that, he would not have been cool with that at all," Pack said.
However, another agency may press other serious charges against Nuñez. The National Aeronautics and Space Administration (NASA) may attempt to hold Nuñez responsible for sensitive documents stolen and posted to the Internet in 2002. Rafa allegedly stole over 40MB of data regarding NASA's next-generation launch vehicles from a contractor's computer.
While the space agency would not comment on potential charges -- calling the investigation "ongoing" -- investigators from NASA's Office of the Inspector General interviewed CPIU's Pack two days after Nuñez was taken into custody, but before Pack knew about the arrest.
Pack cooperated with investigators, but intends to help out Nuñez. Along with Perverted-Justice, a group that attempts to aid child-pornography investigations, Pack drafted a letter calling others to help.
"It is the hopes of many that, in the pursuit of justice, Rafael Nuñez is allowed to someday continue to use his talents as an ethical professional in this field, just as he has in the last couple years," the letter stated.