FBI Nabs DeceptiveDuo

The Federal Bureau of Investigation (FBI) raided the residences of the
DeceptiveDuo, a hacking team that gained a lot of negative attention the
past several weeks for their continued breaches into government Web sites
and databases, according to a friend of the two hackers.

Robert Lyttle (aka Pimpshiz) and the other — who goes by the hacker alias
The-Rev — were served with search warrants and federal agents confiscated their computers for investigation. So far, charges haven’t been announced.

FBI officials confirmed the raid but added that no charges have been filed.

The DeceptiveDuo had a statement prepared in the event they were
caught. It said:

We came in to this willing to endure any prison sentence. We sacrificed
our future for the sake of public safety.

For the past three weeks, the DeceptiveDuo has hacked into an alarming number
of government, military, aviation
and financial institutions, grabbing database files and posting them on
government Web sites.

They used the same method to enter the Web servers every time, using a
common default password vulnerability in Microsoft Corp.’s SQL server. To
keep hackers from entering their servers, all a network administrator need
do is change the password.

“They knew they were going to get caught,” said the duo’s friend, Kelly
Hallissey. “But they truly believed that what they were doing was
right. They even made a pact that if one of them got caught, they would
tell the authorities about the other, they were that committed to what they
were doing. They weren’t doing it for the fame.”

Lyttle, already on probation with the Superior Court of Contra Costa
Juvenile Court for defacing hundreds of Web sites to protest the Recording
Industry Association of America (RIAA)-sponsored Napster injunction in 2000, can expect a heavier penalty this time, Hallissey said.

He’s been a vocal member of the hacking community since his arrest, calling
for increased network security at corporations and the government. In an
with InternetNews.com earlier this year, Lyttle said the exploits are easy
for anyone — even someone with very little programming skills — to replicate.

“A script kiddie can easily get their hands on exploits to do the dirty
work that they aren’t inclined enough to program themselves,” Lyttle said.
“We could witness cataclysmic effects on the public if enough script
kiddies got their hands on the exploit written for such a huge hole.”

The-Rev has been a well-known member of the hacking community for years
now. A former member of the hacking outfit called “Sm0ked crew,” he has
broken into Web servers at Hewlett-Packard, Compaq and Intel numerous times.

According to reports, The-Rev got a thrill from defacing the Web sites of
big corporations, particularly well-known IT companies, and eventually
planned on becoming a systems administrator.

“Defacing is very addictive at first,” he said in a 2001 interview with the
U.K.-based ‘The Register.’ “When you deface a top domain, it gives you
power within the defacing community. This leads to meeting new people,
which leads to learning more on computer security in general. Eventually,
when I learn enough about computer security, I will get rid of my ‘handle’
and become a system administrator, as most top defacers do.”

News Around the Web