, SecurityFocus 2004-05-19
A Florida man pleaded guilty in federal court in Washington D.C. on Wednesday to charges stemming from his role as one-half of the high-profile hacking team "The Deceptive Duo," responsible for obtaining sensitive information from government systems, and defacing dozens of governmental and private Web sites with patriotically-themed messages exhorting the U.S. to shore up cyber defenses.In a plea agreement with prosecutors, Benjamin Stark, 22, admitted to cracking eleven computer networks belonging to nine U.S. government departments and private commercial entities. He faces a likely prison term of 24 to 30 months in custody under federal sentencing guidelines.
The Deceptive Duo drew public attention in April 2002 for defacing government websites with a patriotic "mission outline" in which they described themselves as anonymous U.S. citizens determined to save the country from cyberterrorists by exposing security holes in critical infrastructures. "Tighten the security before a foreign attack forces you to," the Duo's defacements typically read. "At a time like this, we cannot risk the possibility of compromise by a foreign enemy." Accompanying the text was a graphic of two handguns against the backdrop of a tattered American flag.
Federal prosecutor John Carlin declined to comment on Stark's motives, but he said there was no mention of the hacker's purported patriotism at Wednesday's plea hearing. "It's not in the plea agreement, and it wasn't mentioned in the statement of facts that were given in the hearing today," said Carlin.
As part of the plea, Stark admitted to working with an unnamed partner to crack systems at the Federal Aviation Administration (FAA), the Federal Highway Administration, the Defense Logistics Agency; the Department of Defense's Health Affairs office, the Department of Energy's Sandia National Lab, the Naval Air Systems Command, the Air Force Publishing Office, Dynamic Systems Inc. and Midwest Express.
At the FAA, the Duo
Each of the charged Deceptive Duo intrusions allegedly resulted in financial damage ranging from about $1,000 to $15,000, except for the Midwest Express hack, which cost the company $57,500, the government claims.
Stark's plea agreement contains no language indicating that he's agreed to testify against his partner in the hacks, believed to be 20-year-old Robert Lyttle, a prolific website defacer
In addition to the Deceptive Duo hacks, Stark admitted to two solo missions. In February 2001 he defaced a U.S. Army Corp of Engineers website under his online moniker "The-Rev." And in December of that year he sold a bundle of 447 stolen credit card numbers to an undercover FBI agent in a chat room for $250.
Stark's sentencing is scheduled for September 24th.