http://www.nationalpost.com/news/national/story.html?f=/stories/20020119/1180544.html Gary Dimmock Ottawa Citizen January 19, 2002 DALLAS, TEX. - The leader of an international hacker group that penetrated over a Department of National Defence computer system in 1999 was a 17-year-old high school student who gained access to the security network in 10 minutes from his mother's kitchen table. Russell Sanford, now 19 and serving two years in a Texas prison, designed complex software that exploited one of Canada's military networks via its Website intermittently for three days. "I wanted to show everyone how easy it was. I was thrilled to find such a high-profile site with such a common security weakness," said Sanford, whose story has gone untold until now. "We wanted people to know how weak they actually were. Government security is like a poker bluff. You think they are pretty secure, but when you come down to it, they're not," he said. A military computer-intrusion unit could not immediately identify how the teenager breached its system. It took days to repair the system's vulnerabilities. Sanford, known as " egodeath" on the Internet, did not access or intercept any classified data. Instead, he left instructions on how DND could better protect its network. " I didn't do anything malicious although I could have," he said. "Once I broke in, it was as if I was sitting at their keyboard." He was not doing it for money, but for the thrill. "Once you find a vulnerability and squeeze through the hole, it gives you personal satisfaction that is hard to describe. For me, it's better than sex and the feeling certainly lasts longer." It took U.S. investigators a year to build their case against the him. He always hacked into a dozen or more shell computers before launching his attacks, making him nearly impossible to track. And he used different aliases, or digital alter-egos to claim responsibility. "The DND site was an easy target. It was pretty weak. At the time, there were all kinds of patches they could have downloaded for free to fix the problem, but they never did." In a three-month period ending in January, 2000, "egodeath" hacked into about 80 computer networks, including the United States Postal Service. "We were going for a record and we were on a rampage." Most of his " accomplishments" were recorded at attrition.org, a non-profit Website that tracks hacker activity, and his late-night game sparked an intense investigation by U.S. authorities. It was his partner, a less experienced, easy-to-track hacker, who got caught. The 15-year-old boy was spared prosecution for turning evidence against Sanford. Months later, U.S. law enforcement agents raided Sanford's home in Irving, Tex., a Dallas suburb, seizing his computers and rousing him from sleep for questioning. On Dec. 6, 2000, Judge Karen Greene spared him jail time, sentencing him to five years' probation on condition that he keep the peace, stay offline, submit to random polygraph tests for proof and pay US$45,000 in restitution -- the value prosecutors said he caused in damage, although none of the hacked sites denied service to the public. In January, 2001, Sanford violated his probation by selling LSD. The judge revoked his probation and sentenced him to two years in Hutchins State Jail. Though he believes he has lost two years of his life to state prison, he says his time behind bars has turned his life around. "If I can stay off drugs in here, I'll be able to do it once I'm out," he said. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Sun Jan 20 2002 - 01:08:40 PST