By Brian Krebs
washingtonpost.com Staff Writer
September 13, 2005
A Massachusetts teenager has pleaded guilty to hacking into the
cell-phone account of hotel heiress and Hollywood celebrity Paris
Hilton, a high-profile stunt by the youngest member of the same
hacking group federal investigators say was responsible for a series
of electronic break-ins at data giant LexisNexis.
The 17-year-old boy was sentenced to 11 months' detention at a
juvenile facility for a string of crimes that include the online
posting of revealing photos and celebrity contact numbers from
Hilton's phone. As an adult, he will then undergo two years of
supervised release in which he will be barred from possessing or using
any computer, cell phone or other electronic equipment capable of
accessing the Internet.
The U.S. Attorney's Office for Massachusetts and the state district
court declined to identify the teen, noting that federal juvenile
proceedings and the identity of juvenile defendants are under seal.
But a law enforcement official close to the case confirmed that the
crimes admitted to by the teen included the hacking of Hilton's
The teen also pleaded guilty to making bomb threats at two high
schools and for breaking into a telephone company's computer system to
set up free wireless-phone accounts for friends. He also participated
in an attack on data-collection firm LexisNexis Group that exposed
personal records of more than 300,000 consumers. Prosecutors said
victims of the teen's actions have suffered about $1 million in
In a series of telephone and online communications between March and
June with a washingtonpost.com reporter, the teen acknowledged
responsibility for all of the crimes for which he was sentenced.
Washingtonpost.com is not revealing his name because he communicated
with the reporter on the condition that he not be identified either
directly or through his online alias.
Investigators began focusing on the teen in March 2004 when he sent an
expletive-laced e-mail to a high school in Florida threatening to blow
it up, according to a statement from prosecutors. The school was
closed for two days while a bomb squad, a canine team, the fire
department and and other emergency officials examined the building.
In August 2004, the teen broke into the internal computer systems of
"a major internet service provider" by tricking an employee into
opening a virus-infected file he sent as an e-mail attachment. The
virus -- known as a "Trojan horse" program -- allowed the juvenile to
use the employee's computer remotely to access other computers on the
ISP's internal network and gain access to portions of the company's
operational information, prosecutors said.
The teen told washingtonpost.com earlier this year that around that
time he broke into the network of Dulles, Va.-based America Online.
AOL did not return calls seeking comment.
In January, the teen hacked into the telephone records system of
T-Mobile International. He used a security flaw in the company's Web
site that allowed him to reset the password of anyone using a
Sidekick, a pricey phone-organizer-camera device that stores videos,
photos and other data on T-Mobile's central computer servers. A month
later, the teen would use that flaw to gain access to Hilton's
Sidekick files, according to corroborating information and screen
shots he shared with washingtonpost.com.
Later that month, according to prosecutors, an associate of the teen
"set up accounts for the juvenile at a company which stores identity
information concerning millions of individuals."
Again, prosecutors declined to name the company targeted in that
attack. But according to screen shots provided by the teen --
supported by other information from the teen that was verified by a
senior federal law enforcement official investigating the case who
spoke on condition on anonymity -- the company was LexisNexis, which
reported in March that hackers had gained access to the personal
records of more than 310,000 Americans.
An adult member of the hacker group acknowledged in phone
conversations with a washingtonpost.com reporter that he collaborated
with the teen in sending hundreds of e-mails with an explicit image
and a message urging recipients to open an attached file to view
additional pornographic images of children. According to both hackers,
a police officer in Florida was among those who opened the e-mail
attachment, which harbored a virus-like program that allowed the
hackers to record anything a victim typed on his or her computer
keyboard. Not long after his computer was infected with the
keystroke-capturing program, the officer logged on to his police
department's account at Accurint, a LexisNexis service provided by
Florida-based subsidiary Seisint Inc., which sells access to consumer
The teen said the group members then created a series of sub-accounts
using the police department's name and billing information. Over the
period of several days, the group looked up thousands of names in the
database, including those of friends and celebrities.
Then in June, according to prosecutors, he called "a major telephone
service provider because a phone that a friend had fraudulently
activated had been shut off." (A washingtonpost.com reporter was
invited to listen in on the call, which was made to Little Rock-based
Alltel Corp.) When the company refused to provide the requested
access, the teen threatened to cripple its Web site with a
"distributed denial of service" attack, in which attackers use the
Internet bandwidth of hundreds or thousands of remote-controlled
computers to overwhelm a site with so much traffic that it can no
longer accommodate legitimate visitors.
Roughly 10 minutes later the teen and others "initiated a denial of
service attack that succeeded in shutting down a significant portion
of the telephone service provider's web operations," according to the
The Justice Department said the investigation of the teen's associates
is continuing, but it remains unclear how many of those individuals
will be prosecuted. In May, Secret Service and FBI officials served
search warrants on at least nine people thought to be connected to the
hacking ring of which the teen was a member, known as the "Defonic
Team Screen Name Club" or "DFNCTSC" for short.
The teen is likely to be required as a condition of his plea agreement
to cooperate with the government in their ongoing investigation and
provide information not only about how the attacks were carried out,
but who else was involved and what their roles were, said Mark D.
Rasch, senior vice president at McLean, Va.-based online security firm
Solutionary Inc. and a former federal prosecutor for computer crimes.
According to interviews with at least two other former members of the
group, investigators now are focusing on the individual who helped the
teen gain access to LexisNexis.
"They came and took my laptop and asked a whole bunch of questions
about him," a former group member known online as "DJint" said. "They
told me they're looking to go after him for access-device fraud and
possession of child pornography."
Still, Rasch said, it could be some time before the government wraps
up its investigation into these attacks.
"Investigations of computer crimes are particularly difficult because
they always involve many different types of evidence from numerous
locations, and they require cooperation from many different
organizations," Rasch said. "It's hard work."
=A9 2005 Washingtonpost.Newsweek Interactive
Sept 16-18th, 2005
San Diego, California