http://www.networkworld.com/community/?q=node/9999 By Paul McNamara 12/21/2006 The communications director for Montana's lone congressman solicited the services of two men he falsely believed to be criminally minded hackers-for-hire -- with the expressed goal of jacking up his college GPA -- during an exchange that spanned 22 e-mails over two weeks [1] this past summer. Todd Shriber, 28-year-old press aide to U.S. Rep. Denny Rehberg, R-Mont., e-mailed the security Web site attrition.org [2] on Aug. 9, writing: "I need to urgently make contact with a hacker that would be interested in doing a one-time job for me. The pay would be good. I'm not sure what exactly the job would entail with respect to computer jargon, but I can go into rough detail upon making contact with a candidate." After initially denying knowledge of the exchange, Shriber told me this afternoon in the final of our three phone conversations: "I did something that's greatly out of character for me and it's a mistake that I regret." Two members of attrition.org, "Lyger" and "Jericho" (a.k.a. "security curmudgeon") corresponded with Shriber and fooled him into believing that they would carry out his wishes, with Jericho warning him at one point: "You are soliciting me to break the law and hack into a computer across state lines. That is a federal offense and multiple felonies." Shriber wanted Lyger and Jericho to break into the computer system at Texas Christian University, from which he graduated in 2000. In the final e-mail on Sunday, Aug. 27, Lyger tells Shriber that his hacking attempts had been detected and "we are SO busted." He urges him to "duck and run if you can" in an exaggerated, obscenity-filled -- and completely fictional -- missive that put an end to their working relationship. While the name Todd Shriber and a Yahoo address appear on the e-mail string that has been posted at attrition.org since September -- the site posts many of the oddball requests it gets, including some seeking illegal services -- it was only today and after a bit of search-engine work here that the person involved was identified as a congressional aide. (Shriber did send Lyger a note in September asking that the e-mails be removed from the site.) Asked why he launched the scheme, Shriber told me, "I would rather not get into that at all. I just got a little too far ahead of myself thinking about things down the road." His college grades "weren't that great," he acknowledged. Shriber contends now that he "got cold feet" toward the culmination of the hack that never happened and wanted out, although there is no indication of second thoughts in any of the e-mail. "A solicitation was made but no action was performed," he told me. "These are people misrepresenting themselves for a laugh." Lyger expresses little sympathy for a man who, after all, was willing to pay others to commit a crime. "You'll notice that we even intentionally redacted his Social Security number and date of birth in one of the e-mails (on the site)," Lyger told me in an e-mail this afternoon. "Pretty ironic that he even sent them since we maintain a data-loss database, Web page, and mailing list." [1] http://www.attrition.org/postal/z/033/0871.html [2] http://attrition.org/attrition/about.html _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Thu Dec 21 2006 - 22:30:18 PST