Modernizing Authentication — What It Takes to Transform Secure Access
Robert Lyttle (aka Pimpshiz) and the other -- who goes by the hacker alias The-Rev -- were served with search warrants and federal agents confiscated their computers for investigation. So far, charges haven't been announced.
FBI officials confirmed the raid but added that no charges have been filed.
The DeceptiveDuo had a statement prepared in the event they were caught. It said:
For the past three weeks, the DeceptiveDuo has hacked into an alarming number of government, military, aviation and financial institutions, grabbing database files and posting them on government Web sites.
They used the same method to enter the Web servers every time, using a common default password vulnerability in Microsoft Corp.'s SQL server. To keep hackers from entering their servers, all a network administrator need do is change the password.
"They knew they were going to get caught," said the duo's friend, Kelly Hallissey. "But they truly believed that what they were doing was right. They even made a pact that if one of them got caught, they would tell the authorities about the other, they were that committed to what they were doing. They weren't doing it for the fame."
Lyttle, already on probation with the Superior Court of Contra Costa Juvenile Court for defacing hundreds of Web sites to protest the Recording Industry Association of America (RIAA)-sponsored Napster injunction in 2000, can expect a heavier penalty this time, Hallissey said.
He's been a vocal member of the hacking community since his arrest, calling for increased network security at corporations and the government. In an interview with InternetNews.com earlier this year, Lyttle said the exploits are easy for anyone -- even someone with very little programming skills -- to replicate.
"A script kiddie can easily get their hands on exploits to do the dirty work that they aren't inclined enough to program themselves," Lyttle said. "We could witness cataclysmic effects on the public if enough script kiddies got their hands on the exploit written for such a huge hole."
The-Rev has been a well-known member of the hacking community for years now. A former member of the hacking outfit called "Sm0ked crew," he has broken into Web servers at Hewlett-Packard, Compaq and Intel numerous times.
According to reports, The-Rev got a thrill from defacing the Web sites of big corporations, particularly well-known IT companies, and eventually planned on becoming a systems administrator.
"Defacing is very addictive at first," he said in a 2001 interview with the U.K.-based 'The Register.' "When you deface a top domain, it gives you power within the defacing community. This leads to meeting new people, which leads to learning more on computer security in general. Eventually, when I learn enough about computer security, I will get rid of my 'handle' and become a system administrator, as most top defacers do."