[ISN] Computer hacker gets prison term

From: InfoSec News (isn@private)
Date: Tue Oct 19 2004 - 23:47:19 PDT


http://www.cincypost.com/2004/10/19/baas101904.html

By Kimball Perry 
Post staff reporter
10-19-2004 

Daniel Baas' computer skills were expert enough that he was able to
make a living using them.

But, he admitted Monday, he used those same skills to penetrate the
computers and networks of lawyers and companies. For that, Hamilton
County Common Pleas Court Judge Dennis Helmick sentenced him to 2½
years in prison.

"In essence, he was hacking into their systems," assistant prosecutor
Andrew Berghausen told Helmick after Baas accepted a deal to plead
guilty to unauthorized use of property.

Baas, 25, hacked into personal computers and networks to view legal
documents, financial data -- even pictures, including honeymoon photos
from one couple.

"He was then copying (that information) for his own use," Berghausen
said.

Hamilton County sheriff's deputies, led by Detective Rick Sweeney,
found that information when they raided Baas' Milford home in
connection with an investigation of a charge that he hacked into one
of the world's largest consumer database companies. He's been
convicted in federal court of that crime and will be sentenced Nov. 3.

Baas pleaded guilty Monday to hacking into computers or networks of
attorneys Gary Lewis and John Brinker, and two companies -- Court
Street Title Agency and JSR American.

In exchange for Baas' guilty plea, Berghausen agreed to drop two
similar charges against him.

Helmick told Baas he would reject any attempt to get out of prison
early, and didn't credit him for the year he's already spent in jail.

"I intended to cause no harm," Baas told the judge.

But Helmick noted that Baas -- known as "Epitaph" when he was on-line
-- had committed serious crimes.

"This is not just a lark on your behalf thinking that you're a little
more intelligent than those who created the software," Helmick told
him. "If you had personal information on your computer and I hacked
into it, you'd be pretty (upset), wouldn't you?"

Among the evidence that police seized from Baas were chat logs -- or
computer conversations -- he had with Jesse Tuttle, who is accused of
illegally hacking into the Web sites of Hamilton County Sheriff Simon
Leis Jr. and the main Hamilton County government site. Police said
they also found 10 images of kiddie porn on Tuttle's computer.

Tuttle has insisted that he is working for the FBI looking for on-line
perverts and possible terrorists.

Baas faces up to a five-year sentence Nov. 3 when he's sentenced in
federal court for hacking into and stealing data from Acxiom, one of
the world's largest credit card data base users.

That company provides services to 14 of the 15 top credit cards
companies, five of the six biggest retail banks and seven of the top
10 car makers. All share the credit card and other information of
their customers with Acxiom.

In that case, Baas admitted his actions cost Acxiom, of Little Rock,
Ark., about $6 million, including $1.3 million for security audits and
encryptions upgrades for Acxiom's computer system.

Baas was able to access Acxiom's network because he was an employee of
Market Intelligence Group, a downtown Cincinnati company that was a
customer of Acxiom.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Wed Oct 20 2004 - 07:51:30 PDT