[ISN] Charges filed in 'Deceptive Duo' hacks

InfoSec News isn at c4i.org
Mon May 3 03:33:06 EDT 2004


By Kevin Poulsen
May 3 2004 

A Florida man has been charged in federal court in Washington DC for
his alleged role as one-half of the high-profile hacking team "The
Deceptive Duo," responsible for defacing dozens of governmental and
private Web sites with patriotically-themed messages exhorting the
U.S. to shore up cyber defenses.

Benjamin Stark, 22, faces a single count of breaking into and damaging
computers in concert with an "unnamed individual" in the spring of
2002. A second unrelated count accuses him of trafficking in stolen
credit card numbers a year earlier. The charges are in the form of an
"information," rather than an indictment, which legal experts say
telegraphs that Stark has likely entered into a plea agreement with
prosecutors. A spokesman for the U.S. Attorney's Office in Washington
declined to comment on the case. Reached by telephone, Stark referred
inquiries to his mother, who also declined comment.

The Deceptive Duo first drew public attention in April 2002 for
cracking government websites and defacing them with a patriotic
"mission outline" in which they described themselves as anonymous U.S.  
citizens determined to save the country from cyberterrorists by
exposing security holes in critical infrastructures. "Tighten the
security before a foreign attack forces you to," the Duo's defacements
typically read. "At a time like this, we cannot risk the possibility
of compromise by a foreign enemy." Accompanying the text was the
group's logo: two handguns against the backdrop of a tattered American

Among their earliest hacks, the pair defaced a Federal Aviation
Administration (FAA) server and posted samples from an FAA database
detailing passenger screening activity at various U.S. airports in the
year 2000, with each screener's name, the number of passengers he or
she screened, and the number of guns, explosives or chemicals
intercepted. At the time, the FAA downplayed the sensitivity of the
database, claiming that it had been prepared for Congress, and was
therefore public information. But in the charges against Stark filed
earlier this month, prosecutors describe the list as a "sensitive

The Deceptive Duo's campaign came to an abrupt end in May 2002, less
than three weeks after it began, when FBI and Defense Department
investigators raided Stark's home, and searched the California home of
then 18-year-old Robert Lyttle, who was already on juvenile probation
for an earlier Web site defacement spree. Using the handle "Pimpshiz,"  
Lyttle had replaced some 200 Web pages with electronic graffiti
supporting Napster.

In early March, Lyttle said he expected to face federal charges in
Northern California for some of the Deceptive Duo hacks, but that his
case had been delayed when his prosecutor was reassigned. On Friday
his attorney, Omar Figuroa, said he wasn't troubled by the prospect of
Stark making a plea deal, even if it turns out he's rolling over on
his former partner. "What's Ben going to say, that they hacked into
the systems? Sure. But Robert has a great necessity defense," says
Figuroa, who's argued that the Deceptive Duo's hacking was aimed at
preventing terrorist attacks on the information infrastructure. "I'm
confident that Robert would be completely exonerated if charges were

The Washington DC case charges Stark with a single felony for 10 of
the Deceptive Duo's alleged intrusions. The U.S. government agencies
listed as victims are the Federal Aviation Administration, the
Department of Transportation's Federal Highway Administration, the
Defense Logistics Agency, the Department of Defense's Health Affairs
office, the Department of Energy's Sandia National Lab, the Naval Air
Systems Command, and the Air Force Publishing Office. Two private
companies are also listed: Dynamic Systems Inc., and Wisconsin-based
Midwest Express.

Bundled into the same offense is the 2001 defacement of a U.S. Army
Corp of Engineers website under Stark's pre-Deceptive Duo moniker,
"The-Rev." A second charge accuses Stark of another solo mission:  
allegedly selling a bundle of 447 stolen credit card numbers in an IRC
chat room for $250 in June 2001.

Each of the Deceptive Duo intrusions allegedly resulted in financial
damage ranging from about $1,000 to $15,000 each, except for the
Midwest Express hack, which cost the company $57,500, the government
claims. In some intrusions, the pair gained access to personal
identifiable information like passport and social security numbers.

Stark is scheduled to enter a plea on May 19th.

More information about the ISN mailing list