One prominent computer hacker has been sentenced and a suspected hacker was indicted in the past week, both of them saying their cyber exploits were designed to point out security deficiencies.
Infamous hacker Adrian Lamo, 23, who was known as “the helpful hacker” because he reported his exploits to his victims, was sentenced Thursday in U.S. District Court in Manhattan to six months of home confinement with his parents in California, two years of probation and a fine.
Lamo, who was charged last year, has been linked to breaches at some of the world’s largest companies, including Microsoft, WorldCom, SBC, Citigroup, H&R Block and others, faced as many as five years and US$250,000 in fines for hacking the New York Times’ internal network and databases.
In a another hacking development, the U.S. Attorney’s Office for the NorthernDistrict of California announced that a grand jury had indicted Robert Lyttle, 20, on allegations that he hacked government computers — including the DOD’s Defense Logic Information Service (DLIS), NASA Ames Research Center, and the Office of Health Affairs — and gained access in order to deface government Web sites.
Lyttle, who also is known as allegedly part of “The Deceptive Duo,” a hacking team that claimed responsibility for government Web site hacks in April 2002, faces a maximum penalty of 10 years imprisonment and $250,000 fine. The government contends that Lyttle caused $70,000 of damage with the alleged intrusions.
Poking Holes and Paying
Lyttle was scheduled to enter a plea to the federal hacking charges today.
Benjamin Stark, 22, is the supposed other half of “The Deceptive Duo,” and hepleaded guilty to similar charges as part of a plea bargain. Under the deal, Stark faces a maximum of six months in prison.
Federal authorities said the prosecution is being overseen by theComputer Hacking and Intellectual Property Unit of the U.S. Attorney’soffice and that it is the result of an investigation by Federal Bureau ofInvestigations agents, the Defense Criminal Investigative Service andNASA’s Office of Inspector General.
Defacements Down List
While Web site defacements were a menace to many corporations a couple years ago, they have dropped down the list of problems as more serious threats — worms, spyware, spam — have emerged.
Independent security expert and author Ryan Russell told TechNewsWorld that the apparent drop in the number of defacements could be a case of either less publicity or a real decline. He also noted that the motivation for hacking has changed.
“One of the reasons [for the drop in defacements and attention] isthe development of a financial market for exploits and things of thatnature,” he said.
While notoriety may be less of a motivator than previously, Russell pointed out that the increase in the number of exploits or attacks that take advantage of softwaresecurity holes could also mean increased opportunity for defacement.
Cracking and Punishment
While previous hacker arrests and prosecutions have involved cooperation between the accused and authorities — often to find and prosecute others — Russell said the government is unlikely to appear lenient or cooperative in Lyttle’s case.
Russell expressed worry that the accused hacker may receive a harsh sentencebased on new antiterrorism legislation such as the Patriot Act. However, Russell said the sentencing in the Lamo case showed that the government may be getting more “reasonable” in punishing hackers.
“Adrian [Lamo] was fairly lucky,” Russell said.