http://seattlepi.nwsource.com/local/6420AP_WA_Hackers_Wrong_Turn.html By Tom Sowa The Spokesman-Review August 20, 2007 SPOKANE, WASH. -- Growing up in rural Lacrosse, Wash., Robert Moore reached adolescence and discovered he was a high school misfit. Suffering from several ailments, including narcolepsy, Moore skipped playing sports, the normal path to small-town popularity. Instead he dived into computer technology and found his niche, tinkering with software and understanding how computers connect to each other on the Internet. He became a hacker, going by the nickname "mooreR" and running a Web site with samples of software he developed. "One of reasons I was so addicted to computers was I found I didn't need the real world. I had the online world, where people loved me," he said. That world eventually led him to international notoriety and a two-year federal prison sentence for his part in a scheme to bilk telecommunications companies out of more than $1 million in stolen service. Hackers, while portrayed often as bent on harming other computers, also include a middle ground of enthusiasts who test computer security in order to improve it. Moore said he was such an ethical hacker, but he veered toward crime to make easy money. He moved to Spokane, graduated from North Central High School and became skilled enough to land several jobs, including a project for one firm needing anti-spam software. In 2005, a Florida man, Edwin Pena, found Moore's site and asked him to create a tool for detecting certain types of network computers that worked with a new technology, Voice over Internet Protocol, or VoIP. About a year later, FBI agents showed up at Moore's north Spokane home and arrested him, charging him with federal wire fraud and computer hacking. They also arrested Pena in Miami. Pena, 25, jumped bail and fled the country and is believed to be living in South America. Moore, now 23, was nabbed because he designed the software tools Pena used to bilk Internet phone companies of more than $1 million in unpaid VoIP phone charges. Next month, Moore will begin serving two years in a federal prison at a site not yet revealed. The New Jersey federal judge who sentenced him also ordered Moore to pay $152,000 in restitution to victims of the scheme. The case created international attention. It marked the first large-scale hacking of the VoIP system. Moore used his 12 home computers to find vulnerable network doorways, called ports. He pleaded guilty to the charges, acknowledging his role but saying he was just a provider of information that Pena misused for personal gain. "What I did was totally wrong, and I have to pay for it," Moore said. "But Edwin was the guy who stole the minutes and resold them. All I did was find passwords for (network computers) that he wanted to use." Many who wrote about or discussed the VoIP break-in said Moore's use of fairly unsophisticated tools, coupled with some special software he designed, pointed out major security holes in many corporate networks. In most of the cases when he spotted vulnerable ports, the login password was an easy-to-guess word like "Cisco" or "password." Security experts say network managers should never leave those default passwords in place. After his arrest, friends of Moore started a site called FreeRobert.com, calling attention to what they felt was heavy-handed federal prosecution. But federal prosecutors said Moore knew all along that what he was doing constituted theft. "This is a very serious crime, the first major attack on a new telecommunications infrastructure," said Erez Liebermann, the New Jersey assistant U.S. attorney who handled the case. "He was a cooperative defendant," said Liebermann. "But apart from telling us how they worked (the plan), nothing he told us led to any other arrests." Moore and others believe at least one other hacker helped Pena but has not been caught. Moore never attended college and gained most of his skills from Internet discussion groups. His goal, once released from prison, is to earn a certificate in network security and work as a consultant, helping ensure other companies can guard against hackers. Before being contacted by Pena, whom he only communicated with by e-mail or phone, Moore made a modest amount of money doing odd programming jobs. When Pena offered him money, Moore said, he didn't resist. He said it took three or four weeks before he was sure the work was illegal. "I wasn't thinking straight. I knew it was wrong, and I knew I would get caught eventually," he said. Pena paid him $20,000. Part of the reason Moore took the job, he said, was to help pay some of his parents' bills. His father, David, is disabled and suffers from a chronic disease. "The only big thing I bought for myself was a $2,600 Bowflex home gym. I didn't spend a lot. I kept it in case it was needed," Moore said. At the time he was arrested, he still had $8,000 from Pena in his bank account, he said. Since his arrest, Moore has been ordered to stay away from computers. He communicates with his friends by phone. What kept him going during the past year, he added, was the support friends and the hacker community. "It really helped to have people call me, from all over, telling me they had my back. They say they'll send money to the (prison) commissary in my account. They really give me the confidence to keep on," he said. --- Information from: The Spokesman-Review, http://www.spokesmanreview.com ____________________________________ Attend HITBSecConf2007 - Malaysia Taking place September 3-6 2007 featuring seven tracks of technical training and a dual-track security conference with keynote speakers Lance Spitzner and Mikko Hypponen! - Book your seats today! http://conference.hitb.org/hitbsecconf2007kl/
This archive was generated by hypermail 2.1.3 : Mon Aug 20 2007 - 22:31:19 PDT