[ISN] Convicted Hacker Charged With Extortion After Attack On Model's MySpace Account

From: InfoSec News (alerts@private)
Date: Mon Jan 14 2008 - 22:22:41 PST


http://blog.wired.com/27bstroke6/2008/01/convicted-hacke.html

By Kevin Poulsen 
Wired.com
January 14, 2008

A Southern California man convicted last year of hacking into the 
Lexis-Nexis owned consumer database Accurint was arrested on charges on 
extortion Friday after allegedly hijacking the MySpace account of an 
internet celebrity.

Jeffrey Robert Weinberg, 22, was arrested by LAPD detectives in Southern 
California early Friday morning, a department spokeswoman confirmed. 
While police aren't discussing the particulars, the arrest follows a 
detailed blog post by "Amor Hilton" an 18-year-old Los Angeles woman who 
says she helped detectives build a case against Weinberg after he 
hijacked her MySpace account and demanded nude photos and "phone sex" in 
exchange for its return.

Hilton's weekly live video show Bare Naked on the amateur streaming site 
Stickam has made her an online celebrity of sorts.  She named herself 
for fashion model Nicky Hilton, sister of heiress Paris Hilton. Weinberg 
was one of a gang of hackers who penetrated Paris Hilton's cell phone 
account in 2005, the Washington Post reported last year.

According to her blog post, Hilton found herself locked out of her 
MySpace account on December 28th, the same day she began receiving 
harassing phone calls from a hacker calling himself "V.I.P." -- a handle 
used by Weinberg in the past. The calls continued over the course of 
several days, and often took a threatening tone, she says.

During that time, the hacker allegedly disconnected Hilton's cell phone 
account, and took over her account on Stickam. Stickydrama.com, a gossip 
site dedicated to Stickam celebs, published a photo of Hilton on 
December 29th, which it said was sent in by a self-described hacker who 
identified it as a private photo pilfered from Hilton's MySpace account.

Hilton reported the harassment to the police, and recorded one of the 
phone calls. She worked with LAPD detective Eric Jones to identify 
V.I.P. as Weinberg, she says, finally confirming it by comparing a mug 
shot to a photo the hacker had sent her.

"Don't mess with a Hilton," she wrote on January 3rd.  "And that's how 
you catch a hacker."

Weinberg was sentenced [1] (.pdf) to 10 months in prison last year for 
hacking Accurint, and was released in November to begin three years of 
federal supervised release. Under the conditions of his supervision, he 
had to submit to random inspections of his computer hard drive, and was 
forbidden from possessing or using encryption software, among other 
restrictions.

A source with ties to the computer underground says hackers have 
recently boasted about having access to MySpace's internal 
administrative tools. The source provided a screenshot of what appears 
to be a search page marked "confidential" that displays options not 
available on the service's public search -- including searching for 
MySpace users by their private internet IP address.

A second screenshot shows what appears to be results from a search on 
actor Nicholas Cage, showing the IP addresses used to access three 
accounts bearing that name.

A spokeswoman for MySpace did not return a phone call Monday.

On Monday, MySpace reached an accord with 49 state attorneys that 
promises to tie off a year of inquiries into safety issues on the site, 
which followed my October, 2006, story on MySpace sex offenders.  In 
that story I described how I used a PERL script to run the names and 
locations of approximately 400,000 registered sex offenders through 
MySpace's search engine, turning up 744 confirmable matches from 
one-third of the results. One of them, a thrice-convicted child 
molester, was openly courting young boys on MySpace, and was arrested as 
a result of the probe. MySpace then ran a more sophisticated search of 
its own and purged at least 29,000 past offenders from its roles.

In the deal with the state AGs, MySpace agreed to a laundry list of 
measures, such as removing the option for under-18 users to report 
themselves as "swingers," and setting underage users' profiles as 
"private" by default. The company is also forming a safety task force to 
explore options for online age and identify verification.

Denizens of the online hacker forum DigitalGangster have been chortling 
over Weinberg's arrest. "Weinberg likes to pick on people, internet 
celebs are like his calling," one poster wrote.

It's worth noting that Weinberg isn't universally liked in the 
underground, and newly-released cons are vulnerable to frame-ups. We'll 
wait watch to see how the case develops.

Weinberg's federal public defender didn't return a phone call Monday; a 
man who answered the phone at Weinberg's home in Dana Point, in Orange 
County, California, also confirmed that Weinberg had been arrested, but 
otherwise declined to comment or identify himself.

[1] http://blog.wired.com/27bstroke6/files/weinberg_judgement.pdf


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/



This archive was generated by hypermail 2.1.3 : Mon Jan 14 2008 - 22:27:08 PST