How the hacker's luck ran out

[InfoSec News <isn () c4i org>]

http://www.canada.com/components/printstory/printstory.asp?id={798707C2-6240-43A1-9698-ED6E6B1F146C}

Gary Dimmock  
The Ottawa Citizen 
Sunday, January 20, 2002
 
The key informant who led to the capture of a prominent U.S. hacker
wanted for breaching military and government computers across the
continent was a 15-year-old Halifax boy who agreed to go undercover on
Internet chat lines to ensnare his cyber outlaw friends that had long
eluded authorities.

The boy, whose identity is shielded by law, is a former member of hV2K
(high voltage 2000), a hacker group that breached a Department of
National Defence computer system within 10 minutes in November 1999.

Inexperienced and easy to track, the boy quickly agreed to turn
evidence against the group's leader, Russell Sanford, when the
Mounties came calling in February 2000 -- almost three months after
hV2K hacked some 60 military and government computers.

In exchange for his evidence, the boy was spared prosecution. The boy
was tracked by U.S. authorities after the hacker group breached
several state-owned computers in Texas.

A specialized computer-intrusion team in Texas enlisted the Mounties
to raid the boy's home, seize his computer and question him about the
group's mysterious, hard-to-trace leader.

In a taped interview with the RCMP, the boy told them everything, then
suggested he spy on his hacker associates to help build evidence
against them.

"What I can do is like go on the Internet and get those guys ... I'm
not going to tell them anything. I'd seriously bring down a lot of
pretty big people that are doing the whole e-commerce hacks," the boy
told an RCMP officer. "I could get you so much information."

The RCMP officer then thanked the boy and said, "Anything that you can
help me out with, I'm still learning myself."

In the interview, conducted without a defence lawyer or his parents,
the boy was also questioned by military police. The boy detailed how
the hackers penetrated a top-security Department of National Defence
computer system.

It is not known if the boy went on to inform on any other hacker
associates.

At the time, the leader of his hacker group, Russell Sanford, kept in
close contact with notorious associates, including "Mafiaboy," the
17-year-old Montrealer sentenced last year for jamming five major
Internet sites. Mr. Sanford also created exploit programs for Global
Hell, the hacker group that successfully attacked sites run by the
White House.

Months after the boy turned evidence, his one-time hacker friend, then
17, was the subject of a joint Canada-U.S. investigation.  
Investigators were granted a special "no-knock" warrant for his arrest
because they feared his "specialized knowledge" allowed him to destroy
electronic evidence on even a second's warning.

In April 2000, U.S. law-enforcement agencies raided Mr. Sanford's home
in Irving, Texas, a Dallas suburb, seizing his computers and rousing
him from sleep to question him.

He was arrested on charges of breaching computers owned by a Wisconsin
publishing company and five government agencies, including the U.S.  
Postal Service, the Texas State Auditor's Office and Canada's
Department of National Defence.

Months later, Mr. Sanford was spared jail time and sentenced to five
years' probation on condition he keep the peace, stay offline, submit
to random polygraph tests and pay $45,000 U.S. in restitution -- the
value prosecutors said he caused in damage, although none of the sites
he hacked ever denied service to the public.

In January 2001, he was caught selling LSD, a violation of his
probation. His probation was revoked and he was sentenced to two years
in Hutchins State Jail.

Mr. Sanford told the Citizen how easy it was to hack into one of
Canada's National Defence computer networks. "I still believe that in
the end, when the public begins to realize how unsecure governments
really are, that all my crimes will have been worthwhile."

And he has no hard feelings for his former hacker friend who turned
him in. "At first I was really angry. Now I'm not. I'd actually like
to talk to him some day," said Mr. Sanford, now 19.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.