http://www.wired.com/news/privacy/0,1848,68800,00.html By Kevin Poulsen Sept. 08, 2005 An Ohio computer hacker who served as a digital button man for a shady internet hosting company faces prison time after admitting he carried out one of a series of crippling denial-of-service attacks ordered by a wealthy businessman against his competitors. In a deal with prosecutors, Richard "Krashed" Roby, 20, pleaded guilty in federal court in Toledo last month to intentionally damaging a protected computer, after launching a 2003 attack on an online satellite TV retailer that caused at least $120,000 in losses. "There were a lot of big-time people making a lot of money who picked up on him and persuaded him to do this, without a lot in it for him," says Mark Weinberg, Roby's attorney. "He's one of these people who are brilliant in one area but absolutely lacking in common sense in others." Jay Echouafni, the 38-year-old satellite TV mogul who allegedly ordered and funded the cyberhits, went on the lam last year, and remains a fugitive from a federal indictment out of Los Angeles. In a related deal, 31-year-old Paul Ashley, former operator of the Foonet hosting service, admitted to recruiting three other computer intruders to carry out Echouafni's orders. He has not yet entered a guilty plea. Under federal sentencing guidelines, Ashley faces 70 to 87 months in prison for his role in the attacks, but the terms of his plea agreement make him eligible for a reduced sentence in exchange for his testimony against other defendants. "If Ashley were to cooperate with the government and, for example, testify against Echouafni, he could get a departure from his sentence," said Los Angeles assistant U.S. attorney James Aquilina, who's prosecuting the case. Roby faces 18 months to two years in prison under sentencing guidelines. Until it was shuttered by an FBI raid last year, Ashley ran Foonet from a basement server room in his suburban Ohio home. The enterprise enjoyed a double-edged reputation for providing hosting that could stand up to distributed denial of service, or DDOS, attacks, even as it gave safe harbor to members of the computer underground drawn to the bulletproof service. "Every script kiddy on IRC had a shell there," says Andrew Kirch, a security administrator for the Abusive Hosts Blocking List. "Spamming, hacking, phishing, DDOS networks -- you want to run scans for a large amount of IP space for prevalent Windows vulnerabilities? Set up there." In his plea agreement, Ashley admitted he knowingly allowed clients and employees to control networks of compromised Windows machines, or "bots," from Foonet. That came in handy in October 2003, when Echouafni, a Foonet client, offered Ashley $1,000 to snuff out two websites. Echouafni, who was CEO of Massachusetts-based Orbit Communication at the time, allegedly claimed that competitors RapidSatellite.com and WeaKnees.com had stolen his content and attacked his online business, which sold satellite TV gear over the web. Ashley took the money and, according to his plea agreement, recruited three associates to do the dirty work: Jonathan Hall, Lee Walker and Joshua Schichtel, known online as "Rain," "sorCe" and "Emp" respectively. Hall, who is not currently charged in the case, says the offer marked a change in Ashley's business practices. "Prior to Jay asking for all that crap, Paul Ashley never really asked me to launch large-scale attacks like that," Hall said in a telephone interview. Roby was pulled into the gang by Schichtel, who found his network of 3,000 bots inadequate to take down Miami-based RapidSatellite, according to court records. Roby's resources were more formidable: The young hacker controlled approximately 15,000 Windows machines that he'd taken over with a variant of the Spybot worm. Schichtel allegedly promised Roby a free Foonet shell account in exchange for turning those hacked PCs against RapidSatellite. "Foolish," says attorney Weinberg. The FBI described the ensuing attack as a tenacious, 10-day deluge that tracked RapidSatellite through three ISP changes, and briefly blocked Amazon.com and the website of the Department of Homeland Security, which had the poor luck of sharing service providers with Echouafni's rival. A concurrent attack allegedly launched by the other members of the crew took a similar toll on WeaKnees.com. Apparently pleased with the results, Echouafni went on to purchase Foonet from Ashley, retaining Ashley as an employee and hiring Hall to handle cybersecurity for the company. In February of last year, Echouafni allegedly ordered a third attack on another competitor, ExpertSatellite.com. Prosecutors filed the first round of charges against Ashley and his alleged co-conspirators last year, then dropped them during plea negotiations with some of the defendants. Schichtel could not be reached for comment for this story, and Ashley's attorney failed to return repeated phone calls. Roby's lawyer says the young hacker had little to offer prosecutors in exchange for a sweeter deal. "When you're at the bottom of the barrel, there's not much you can tell them," says Weinberg. "Usually the people who are at the top have the ability to provide the most substantial assistance." Aquilina says prosecution is proceeding against Walker in the United Kingdom, where Walker lives. Hall is a resident of flooded New Orleans. Speaking with Wired News from the Houston hotel to which he evacuated with his family, he says he never participated in the attacks, even after Echouafni ordered one personally, as his boss. "The first time he asked me to launch some stupid-ass attack, he claimed that the company had hacked his database and wiped it out," says Hall. "I knew it was bullshit." When Echouafni threatened to fire Hall, the then-teenaged hacker promised to carry out the order, but never did, he claims. "He kept catching on that the attacks weren't going through, and he kept climbing up my ass and saying that they're not working. But I never actually did it.... Jay was an asshole." Hall says he stopped attacking computers when he was 16. Echouafni skipped out on $750,000 bail secured by his house in Massachusetts last year. Law enforcement officials believe he's now living in his native Morocco. _________________________________________ Attend ToorCon Sept 16-18th, 2005 Convention Center San Diego, California www.toorcon.org
This archive was generated by hypermail 2.1.3 : Fri Sep 09 2005 - 21:42:59 PDT