(No Ratings Yet. Rate It!)
Loading ...A group of young men stole and falsified credentials to break into a Law Enforcement database last year, and they are going to trial this month. They had unauthorized access to over 310,000 people’s personal information such as banking records, home addresses and social security numbers, including many famous celebrities.
They even used the information to download the photos from Paris Hilton’s cell phone. They also swapped info on Laurence Fishburn, Governor Swarzenegger and Demi Moore.
From the Register here:
Accused hackers deny ID theft
US investigators have arrested five men on suspicion of involvement of hacking into the database of LexisNexis Group in a crime linked by prosecutors to a breach that led to the disclosure of the personal details of more than 310,000 people last year.
Some of the quintet are further suspected of swiping photos and data from an account tied to the mobile phone of heiress Paris Hilton. The suspects used “stolen or illegally created accounts at LexisNexis subsidiaries to look up Social Security numbers and other personal information on dozens of other Hollywood celebrities,” the Washington Post reports, adding that the five are likely to be charged with aggravated identity theft as conspiracy and computer hacking offences.
The accused have been named as: Jason Daniel Hawks, 24, of Winston Salem, North Carolina; Zachary Wiley Mann, 19, of Maple Grove, Minnesota; Timothy C. McKeage, 21, of Woonsocket, Rhode Island; Justin A. Perras, 19, of New Bedford, Massachusetts; and Jeffrey Robert Weinberg, 21, of Laguna Beach, California.
According to prosecutors, McKeage (AKA Krazed) broke in a computer run by police in Port Orange, Florida and used stolen credentials from this systems to access Accurint, a law enforcement database service, maintained by Seisint, a local subsidiary of LexisNexis.
The Accurint login credentials allowed the group to look up police records and other data on various high-profile celebrities. Among those targeted were California Governor Arnold Schwarzenegger and actors Laurence Fishburne and Demi Moore as well as Paris Hilton.
Mann (AKA Majy) admitted accessing personal data on Laurence Fishburne and other celebrities but denied accusations that he and his cohorts did anything wrong. “I don’t think what we did was that bad. We never used anyone’s identity. Besides, don’t you think it’s wrong that a company like that has all this information that’s available to anyone who’s willing to pay for it?”
Ol’ Zach Mann is whining about how wrong it is to broker security information in a law enforcement database? Is he intending to use that old “information just wants to be free” gimmick as his defense at his trial? So the ends justifies his means because the “database was the one that was bad.” Riiiggght. Good luck at your trial, stupid.
While doing research on this story, I went to the original article published by the Washington Post here. The Washington Post tracks everyone who links to the article. Another member of the hacking crew, Justin Perras, has posted his whinings on his MySpace Page, and linked his page to the article. Another brilliant move by another dope who thinks he knows better than everyone else.
On his blog, Justin writes:
That story upsets me a little bit. I didn’t tell the secret service anything was true, not to mention he twisted everyone’s words around. I am not comfortable with what he wrote. So much for utilizing ‘defensive journalisim’ to shape public opinion to workin our favor. Instead, his editor chopped the story up to portray us all as a group of hackers trying to compromise the identities of multiple celebrities.
Contrariwise, Kevin Poulsen from wired.com might also be publishing a story for wired. Hopefully, his will portray things a little differently. As far as my thoughts concerning the case and consequences, I don’t think about that. It makes me suicidal.
So the hacker team is hoping that they can get a favorable news article written that will diminish the extent of their crime? Good luck. Messing around in law enforcement databases is considered an attack on national critical infrastructure. It may not be cyber-terrorism, but the government takes this sort of thing very seriously.
The group is charged with aggravated identity theft, which has a minimum of two years. Justin and Zach- make sure you get soap on a rope. And don’t forget your shower slippers. Here is another list of tips for you and your friends.
Related Articles
37 people responded in this post
Effing A! Stop trying to steal my identity!!!!!! These stories make me think that society is indeed attempting to implode and we will destroy our societal structure within the next 10 years. I’m guessing we’ll use DNA samples instead of SSNs in the not too distant future.
Yeah, but biometrics for identification also freak me out for some reason. If people would just take the proper precautions to protect their data, we wouldnt have to worry about giving DNA samples to get a credit card!
Hey man, don’t talk bad about me in your blog. You don’t even know me. Thanks alot!
any questions/complaints feel free to mail me.
otherwise, don’t anger the internet gods. next time i won’t be able to fend them off of your website.
-justin-
Justin,
Only idiots use the defense “You don’t know me” to attempt to suppress criticism of their behavior. Perhaps you should see this story here:
http://www.belch.com/~blog/2006/03/14/brilliant-lawyer-employs-you-dont-know-me-defense/
As far as angering gods? Are you threatening me? Are you threatening to launch a DDoS attack against my site? Im pretty sure that violates terms of your bond agreement.
Angering gods???
No one needs to launch a DDOS….all they have to do is post this on digg.com to take a site out. i am pretty sure that digg is not against the law… at least not yet
Userjan,
Welcome to the blog!
No, posting stuff on Digg and Slashdot is not against the law. I post my own blog entries on Digg on occaision, and it does not cause outages. One of the largest traffic hits came from my discussion about the Blue Frog Security debacle.
And I saw that you submitted the same story and were wondering yourself at the harshness of “aggravated identity theft.”
While I do not know all of the details of the case and how the prosecutors chose this particular charge, I can only guess that this is more serious because a trusted law enforcement database was utilized to get into the accounts of the victims.
Its more of a breach of trust thing. Like impersonating a police officer. I think the charge would have been less severe had this just been a leaky database.
Pat,
breach of trust…
1. Mantovani, shadowcrew founder got 32 months, more than 4mill in damages.
2. Jacobsen, first hacker of P.H. and hacked into a secret service agents email…sentence is secret.
3. Worker just recently hacked into FBI database…age34, gets 5 mos home confinement.
4. Kenneth Flury, (age 41) gets 32 months, identity theft totally over $384k
Just a few examples. The charges these “kids” face are off the charts…they are being made examples of.
Again, I don’t think that either of us know the whole extent of what this particular crew did with the access they had.
But the people investigating the crime are top notch forensics experts. They probably know what these guys did, moreso than what has been leaked to the press. Im going to guess that it was pretty bad.
Regarding your examples- Remember, these guys are facing only 24 months mandatory. Less than your examples, except for the FBI consultant that tried to run john the ripper against Muller’s password file. That guy was genuinely trusted by the FBI, and he screwed up bad.
Also, you have to take into consideration that our “team” of which is the subject of this blog, have not publically demonstrated much in the way of remorse. In fact, most of them appear to be kinda defiant. Prosecutors dont like that attitude. And it would be ironic that if these guys are “made an example of” it would be because they blabbed to the press about how the charges are bogus and that information really wants to be free.
And they dont appear to have good lawyers that would tell them to keep their mouths shut or to show any type of contrition. And they are not exactly kids, either. In fact, the reason the prosecution has such a good case is that one of the guys rolled over on the others in exchange for a lighter sentence. This means that the others all tried to lie to stick to a common story, and the prosecutors dont like that either.
I agree that all things being equal, this crime is probably no more severe than many others. But its this crew’s lack of contrition and coverup of the crime that is getting them a harsher sentence.
And it would be ironic that if these guys are “made an example of” it would be because they blabbed to the press about how the charges are bogus and that information really wants to be free.
Totally disagreeing with you on this one…
How many hackers have locked sentences, you dont know what they received…most get 6 mos (home confinement) then get hired by the govt. i guess just 5 of these people were stupid, the rest (or one other) were brilliant (and spilling their guts) and hired by the govt. I am just suggesting that aggravated identity theft is way extreme considering other’s crimes and resulting sentences.
And how do you know they showed no remorse? Maybe they dont want to show it to press, blogs, etc, but they may show it towards familia, who are affected by it.You don’t know them.
pat,
Also, if you are saying the crew is “defiant”…isnt that a descriptive adjective that a reporter trying to describe a hot story might have, may he have not also changed words, made up words, trying to make his story more “national enquirer-like”?
reporters are writers, and have discretion as to what they are writing..your defiance is my sullen contriteness…
btw, you work for the dept of homeland security and are allowed to have such a blog? i thought govt workers could not have opinions, or if allowed, had to keep them hidden ..
oh ! Also, the lexisnexis database had been invaded starting in 2003 or 2004, the charges against these suspects happened in a very short time (like 02/05–05/05) so what happened to the original hackers? have they been taking information that the public didnt know that this agency had, for several years?!?!? and none of this came to light until an heiress had her slutty pics hacked…great priorities, america
Userjan,
What would you rather happen to these criminals? Let them go? Or just reduce their sentence? Bear in mind that they havent been sentenced yet, but are only facing charges that have a minimum mandatory.
They can still plea bargain for a lighter sentence.
As far as members showing no remorse, I refer to information posted publicly by the perptrators in public blogs and in emails that have been made public.
As far as other criminals illegally accessing the Lexis Nexis database, it has little or no bearing on this case. That is the same argument as “everyone is doing it” to justify bad behavior. Its an invalid argument. You are implying that no one should be punished for crime until all of the criminals are caught first.
Finally, you must only be glancing around on this blog. I am a former employee at DHS. In fact, I have been highly critical of DHS and its cyber policies, and specifically, how they fail to implement what is a good plan to keep the national critical infrastructure (including law enforcement databases) secure. Do a search for DHS and you will see my stances on those topics.
And LOTS of government workers have blogs, and they are allowed to have opinions. And they have all of the other constitutional rights that non government employees have.
Pat,
I don’t think most of them deserve even the minimum (for aggrevated id theft)..if you read the computer crime laws, id theft is using a false id to commit a felony or terrorism. but if you think about it…the kids using the false id’s to look up the lexisnexis, if true, was someone falsely using someone elses’s login to do something LEGAL. its totally legal for someone paying for lexis to receive info the american public doesnt know they have…
Userjan,
I know what you mean. Im familiar with the database too, not because I have access to it, but I know people who do…
One of them is a dirtbag bail bondsman who walks such a fine line between law and lawlessness I wonder how he maintains any sort of relationship with the courts. The guy likes to get drunk in bars and ask people their socials so he can do background checks on the fly using a radio to his home base. Hes a scummy person.
But he has paid his access fees and has had the necessary background checks performed on him. And with that access comes some hefty terms of service, along with a big responsibility as a person in a “position of trust” to protect his login credentials from being abused by those without authorization.
These men (not kids as you keep calling them) obtained a login which they were not authorized to use. This clearly violates 18 USC section 1030 here: http://www.usdoj.gov/criminal/cybercrime/1030_new.html
And Im sure that they knew they were not supposed to use those credentials, but they did it anyways. And then they did something totally outrageous and stupid to get caught. Then they tried to stifle the investigation by not cooperating with the agents. Then they bragged about it to the press and on personal blogs and complained at the unfairness of it all. And their lawyer seems inept too to allow a prosecutor to bring such charges without already plea bargaining.
Maybe if they got into a shootout with the agents it could have gone worse for them. But they are way guilty according to the definition of the law. The maximum they face is ten years. I would wager they get 14 months with good behavior.
I would hope they would get home detention…6 mos like Joseph Colon, 29, a government consultant, who accessed fbi passwords, and caused the agency to “shut down its network temporarily and commit thousands of hours and millions of dollars to ensure no sensitive information was lost or misused.”
“He said he hoped to impress superiors and become an FBI agent.”
those charged in this fiasco are kids compared to him….several are 19, so its been at least a year since it happened..i dont know about you, but i consider teenagers “kids”
“Prosecutors said Colon asked for additional clearances and was denied. They say he also used access to the system for “curiosity hacks” that were not related to his job.”
Hmmm…kinda sounds like the lexisnexis thing, curiosity hacks..
Yet they face much more time, and the media is not really reporting this, the washington post did, and i found another posting from about a week ago that’s very interesting…
http://www.washtimes.com/metro/20060705-103243-9760r.htm
what’s intersting is what his attorney says:
“Mr. Colon’s attorney sought leniency, saying “the public would never know about this prosecution,” court records showed. ”
Mr. Carlin said in a sentencing memo last month that some prison time is necessary to send a message to the public that “curiosity hacks into sites containing national security information is a matter of grave concern and criminal import.”
Mr. Winelander said in a memo to Judge Leon that the judge need not concern himself with the issue of deterrence in meting out a sentence to Mr. Colon because “the fact of the matter is the public will never know about this prosecution.”
I guess if the lexis nexis “curiosity hackers” had instead invaded a government agency focused on national security, then they would just get home detention. most records are sealed if you screw with the govt.
again, if much time is served by these “kids” it will simply be to make an example of them
“So the hacker team is hoping that they can get a favorable news article written that will diminish the extent of their crime? Good luck. Messing around in law enforcement databases is considered an attack on national critical infrastructure. It may not be cyber-terrorism, but the government takes this sort of thing very seriously. ”
Sound familiar? Then how come an FBI consultant can hack and obtain info on witness protection involvees, agents, etc and get 6 mos home detention?
And how come this story is being buried?? Not many online sites have it, wash post did first. None of the other major news outlets are posting it.
Also, nowadays, how many “trusted law enforcement databases” have been breached?
I guess its ok if you “hack” a government database..then they just want the story to go away…if you breach a “trusted law enforcement database” , then you are in trouble.
And, this Joseph Colon was an adult, 29. Two of the 5 indicted are age 19. This happened over a year ago…i consider teenagers “kids”
Don’t believe all you have heard about him using the passwords to facilitate his job and speed up the fbi computer whatsis…
quote:” Prosecutors said Colon asked for additional clearances and was denied. They say he also used access to the system for “curiosity hacks” that were not related to his job.”
The most troubling information is what happened a week before, when his attorney ” Mr. Winelander said in a memo to Judge Leon that the judge need not concern himself with the issue of deterrence in meting out a sentence to Mr. Colon because “the fact of the matter is the public will never know about this prosecution.”
BTW, he also mentioned that he wanted to impress superiors and obtain an FBI job.
Have you heard of any fraud from the small window the indicted accessed the lexisnexis account? Did they comprimise national security? Is this aggrevated ID theft? I think not
You cant compare Colon’s case to the Lexis Nexis case. Colon was a trusted employee who cooperated with the investigation. The Lexis crew refused to believe that a crime was committed and fought the investigation all the way, including lying to investigators and prosecutors.
And Colon had a good attorney too. Heard any word from the Lexis crew’s attorneys? nope.
There is an excellent article written here that details much of the crime behind the Lexis crew.
http://www.wired.com/news/business/0,67629-0.html?tw=wn_story_page_prev2
For each of these offenses, the criminals involved could get a jail sentence. And this is only what has been made public.
Trojanized a Policeman’s computer.
Stole the Account information for Accurint.
Used the access to scan for weak accounts.
Social engineered a password reset.
Used unauthorized access to create additional accounts.
Gave additional accounts to other hackers, knowing they would abuse that access.
hacked into a gay website.
Previously hacked into AOL.
Destroyed evidence when the police got close, throwing computer into ocean.
Other hackers that they granted access commited ID theft- money used from the ID theft went to make meth.
So userjan, as you can see, these guys are not curiosity seekers. Nor are they the equivalent of an FBI contractor with no criminal history exceeding his trust and then cooperating with an investigation.
I have been saying all along that they have lousy lawyers. Two of the criminals have court appointed attorneys. Its the prosecutors’ job to put these criminals behind bars for a very long time. Its the defense attorney’s job to keep them out.
Stop trying to make moral equivalences between these criminals and other cases and look at this case for what it is.
If you want to blame anyone for these criminals going to jail for a long time, you can blame the criminals for commiting these crimes. Blame the parents for not providing better guidance growing up. Blame the defense lawyers for not giving the extra effort for his clients.
But don’t blame the government for creating laws that protect its citizens. And dont blame the law enforcement for doing their job in investigating crime. Don’t blame Nexis for its business practices or its weak security.
How do you know that these suspected individuals granted access to meth addicts/makers? If you read the wired story, it sounds like a totally separate investigation.
“He suggested, however, that the California arrests might involve a separate investigation of LexisNexis breaches, since the scope of the problem was so great.
“You start looking at an account that’s been logged into 500 times and generated 9,000 reports, for example, that’s a lot of information (to examine),” Sibley said. “I’m just saying it’s not one group that’s compromised LexisNexis. Their security is really bad. This isn’t a situation where you’re talking about needing an überhacker to compromise (the system). Their passwords weren’t as secure as your average porn site. I think it didn’t take a genius to break them. Although I think the way the hackers did it was creative. We’ll give them style points.” ”
And i am not blaming law enforcement….but i do think the others have something to fess up to.
How do you know “The Lexis crew refused to believe that a crime was committed and fought the investigation all the way, including lying to investigators and prosecutors.”?
I would think if i were 18–23 that i would totally cooperate and spill info. Have you ever had FBI, Secret service etc raiding your home?
And how do you know who they have as attorneys? They were just indicted, according to reports.
[...] As a followup to this story here, a hacker named Justin Perras, who cautioned me about “Angering the Internet Gods” when I wrote about him last, was busted in Fairhaven, Mass for breaking into cars and stealing stuff. He was a member of a small ring of thieves that specialized in stealing stuff from cars and then selling the items at a pawn shop. [...]
pat, as a follow up to here, pat yourself on the back….at least one of the alleged lexisnexis involvees might be a common criminal. probably most arent, we havent seen any stories anyways
Apparently lexisnexis has been invaded again…we received a letter and phoned as to whether this related to the original breach or a new one….. the contact on the phone ensured us that this was a new breach and encouraged us to sign up for their security service.
Thanks for that tip. Do you have a website or a news source regarding this breach? I’ll post an update on the site. You know, many of the weaknesses we discussed above have likely not been resolved- i.e., weak authentication.
Weak security remains weak security.
well guys … I have to commend you on the coverage of the Lexis Nexis ordeal. I am a good friend of Justin’s and it’s only been recently (about a month or two ago) that he’s been completely blocked from using the internet or telephone services, but … in terms of being incarcerated… i’ve heard nothing.
Although you guys love to criticize him for his “misbehaving” … he’s just trying to teach people a lesson, that I’m sure I will learn as time goes on …. being as its still a complete mystery to me …
Yet, Pat … you’ve mentioned “weak security will remain weak security”
hmmm … interesting observation …
maybe Justin’s point with hacking into the LN files were to show that thinking serious about life is droll and our farcical attempts to hide things is actually something we can all have a good laugh about. I mean … i love watching people run circles around themselves to hide their “nudity” (being exposed) or the possibility of being vulnerable to … absolutely no one because we are no better than one another.
also … going way back … Justin’s attempts of mentioning “god” are a way to convey this simple message …
remember in the garden of eden when adam and eve ate the apple and became aware of their own nudity? We try, though our attempts through religion and being good, to be closer to a “higer being” (whatever the hell that means) … but … to get to that feeling of being complete … we have to aim to achieve innocence and purity again … (try to remember when you were younger and you didnt need money and cars to make you happy) … and that doesnt happen with secrecy and everyone trying to hide who’s dick they sucked when your mother does it, too.
He’s not an idiot … he wants to get caught and he wants everyone to know about it. And, I’m sure he’s hacked into even more secretive information … he wants to reveal everyone … even the government and their silly attempts to hide things from the public. So … you see … he’s not such a bad “kid” … he’s trying to teach the rest of us an interesting lesson.
much love & peace,
Dari
Dari, you are a not a philosopher, so quit trying to be one. Also, quit trying to excuse your friend’s behavior. He is a criminal, and a really bad one at that. He is not trying to teach anyone a “lesson” and there is no moral lesson here either, so please quit trying to quote the bible.
If Justin wanted to breach the security of networks, he should have gotten a job that allowed him to do such things legally. He knew what he was doing was against the law and he will have a long time behind bars to think about that too.
Babe … reread what I wrote … and read it slower - apparently you have a problem absorbing information and letting in simmer.
I am a philosopher … a natural gift (thank you) …
I am not EXCUSING Justin’s behavior … he did what he did … it was a weird way, but … apparently people don’t learn unless they’re stripped …
and … Justin doesnt give a shit …
neither should you …
Oh … and … while we’re on the topic of “job”s …
how about finding one that worries less about the business of other people (ESPECIALLY since you are COMPLETELY closed-minded).
Justin knew what he was doing … AGAIN … he’s not an idiot and he’s not sorry for what he did … he doesnt give a shit … he exposed a weak system … had a few laughs out of it … and i’m sure he’s laughing even till this day.
He’s a 20 year old that has more wisdom that anyone would acquire because … he thinks and exercises that ability ….
So … stop whinning to me “oooo … he did a bad thing and now he’s gonna SUFFER for it.” … because no one gives a shit … he’s a happy cocksucker.
Justin’s a whizz and … again … no matter how many times you come up with this bullshit argument … you need to open your eyes and see the big picture … how about interviewing him … i’m sure you’ll enjoy it!
And … you should come up with better responses … “quit it” … this only did it for me in elementary school
big kiss,
Dari
Dari,
How well did you know Justin? Did you know him well? Did he tell you these things such as “he meant to do it” and “he’s not sorry?” Did you know him well enough that I pass your information to the Secret Service so that they can subpoena you to testify as a character witness? Im sure they would love to hear from you and Justin would appreciate you confessing these things on a webpage.
Justin was a screw-up and an idiot. He was not wise. He got busted robbing cars and using stolen ATM cards while he was awaiting trial for his hacking crimes. You think he had wisdom? You admire this nitwit? You are a seriously deluded girl. You need to get over yourself. You may think you are special because Mom and Dad are sending you to college in New York City and you are studying a few languages. But you still don’t know shit from shinola when it comes to the real world.
You want a better response than “quit it”? Fine. How about this? When you work at H&M as a sales clerk for a little more than beer money, don’t go around posting on other peoples’ blogs about what they need to be doing or not doing for a living. My employment is certainly no concern of yours. As far as interviewing Jusin, I’ll pass. I don’t make it a habit of associating with known felons. And if you want to put your languages major to a good use some day, such as working at the State Dept or at the UN, then you shouldnt associate with criminals either. It looks really bad on a background check.
And finally, stop putting three periods everywhere in your sentences. Its like corresponding with someone who lisps in morse code.
pat, i dont, but a family member received a letter, and my son was one of those indicted. my family member did not call lexisnexis, my son did, and claimed to be him, and asked if this was from the breach last year. they said no, a new breach. this info was not used by my sons defense atty. but i really believe that the sentence was preordained, and probably fair. i think its funny though that they give out information before confirming your identity. it could have been a reporter calling! (which would have have more impact than what parents or friends said at trial). when are companies brokering information going to held accountable for haphazardly releasing that same information? sony is going through that now.
Hey you idiot how do you know that justin sold stuff to a pawn shop after he broke into the cars in fairhaven you dont know you bitch cuz only me and his friends know the truth he only wanted money from the atm you dumbass thats the only reason for breaking into the car cuz he knew he could figure out the password to the atm card so fuck your lies you stupid fuck!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1
You know, I will take the word of the police and the District Attorney over Justin and his loser friends any day and twice on sundays. That’s how I know.
I thinkj Justin’s good friend has caused PROBLEMS, maybe for him,
Pick better , well -spoken friends
[...] a followup to this story here, a hacker named Justin Perras, who cautioned me about “Angering the Internet Gods” when [...]
[...] previous story on Perras is here. My advice to Justin is to keep your soap on a rope and memorize these other [...]
Want to Say Something?
Your comments are appreciated. And don't forget to rate the post!