[ISN] Hacker teenager pleads guilty

Mon May 16 04:14:56 EDT 2005

http://www.phillyburbs.com/pb-dyn/news/112-05142005-489320.html

By DAVID LEVINSKY
Burlington County Times
5/14/2005 

Away from the computer, investigators said Jasmine Singh looked and 
acted like most any other 17-year-old. 

In cyberspace, however, investigators said Singh was known both by his 
online aliases "Jatt" and "Pherk" and for his reputation as a hacker 
capable and willing to inflict havoc on computer systems of his or 
others choosing.

The Middlesex County teenager pleaded guilty in state Superior Court 
this month to carrying out a series of online attacks between July and 
December 2004 that targeted a online clothing store based in Delran 
and other e-commerce businesses, according to the New Jersey Attorney 
General's Office.

The attacks caused the Delran business and some 2,000 other online 
companies to suffer in excess of $1 million in damages and losses, 
investigators said.

More troubling still, investigators say, is that the number of 
so-called cyber criminals like Singh are on the rise and their schemes 
are becoming more sophisticated.

"It's becoming a growing problem, and we're taking it very seriously," 
said Special Agent Timothy Nestor, supervisor of cyber crime 
investigations at the FBI Field Office in Newark.

Hackers are no longer just bored teenagers trying to sneak into 
computer networks for fun. There are now cyber mobs on the loose that 
actively try to steal identities or extort companies with the threat 
of malicious online attacks, he said.

Law enforcement has had to adapt, Nestor said, noting that cyber crime 
is now the FBI's third highest priority behind counter-terrorism and 
counter-intelligence. "We're pouring lots and lots of resources into 
this," he said.

The Singh case was an example of an online attack called a denial of 
service or DOS. During a DOS, an attacking computer program, called a 
"bot net," is used to flood the victim's computer network with large 
amounts of data or specific commands, causing it to overload and 
crash.

According to a U.S. Department of Justice survey, DOS attacks like the 
one committed by Singh caused $26 million in losses last year, and 
Nestor said many hackers now use the threat of them to try to extort 
money or services. He said Singh's case was one of only a few 
instances where a hacker was "contracted" to conduct an attack against 
specific targets.

According to investigators and court papers, Singh was hired over the 
Internet by 18-year-old Jason Arabo of Southfield, Mich., to conduct 
the DOS attacks against Delran-based Jersey-Joe.com and other online 
companies that sell retro sports apparel in competition with his own 
online businesses, www.customleader.com and www.jerseydomain.com. 

In return for conducting the attacks, Arabo, who used the computer 
aliases "cl.com" and "Jaytheplaya," paid Singh in sneakers, sports 
jerseys and jewelry, according to court papers.

Officials from Jersey-Joe.com declined to comment on the attacks.

FBI investigators were informed of the attacks by Jersey-Joe.com and, 
with assistance from the New Jersey State High Technology Crimes Unit, 
were able to trace the attacks to Singh and Arabo.

Singh, who was tried as an adult, is scheduled to be sentenced Aug. 12 
for second-degree computer theft in connection with the attacks. The 
charge carries a maximum sentence of 10 years imprisonment.

Arabo was charged in March with conspiring to transmit a program to 
damage a computer. He is currently free on a $50,000 bond, authorities 
said.

Nestor said another problem cyber crime is "phishing" - an 
identity-theft ruse involving official-looking e-mails and Web sites 
that solicit personal information such as computer passwords, Social 
Security numbers, credit-card numbers and other forms of financial 
data from unsuspecting computer users.

A report last year by Gartner Inc., an information technology market 
research firm, estimated phishing cost U.S. banks and credit card 
issuers about $1.2 billion in 2003. At least 2,870 active phishing 
sites were reported in March, according to the Anti-Phishing Working 
Group, a nonprofit organization of corporations and government 
agencies trying to eliminate cyber fraud and identity theft.

Nestor said most phishing schemes now originate with organized crime 
syndicates that work and communicate almost solely via the Internet. 
Members of one such "cyber mob" that was broken up last year were 
charged with stealing and selling approximately 1.7 million credit 
card numbers that generated total losses in excess of $4 million.

Just as cyber crooks are becoming more sophisticated, Nestor said 
federal investigators are also developing new methods to detect and 
trace their infringements. He said state, county, and local law 
enforcement agencies are also now getting involved in cyber crime 
crackdowns.