http://blog.wired.com/27bstroke6/2008/01/convicted-hacke.html By Kevin Poulsen Wired.com January 14, 2008 A Southern California man convicted last year of hacking into the Lexis-Nexis owned consumer database Accurint was arrested on charges on extortion Friday after allegedly hijacking the MySpace account of an internet celebrity. Jeffrey Robert Weinberg, 22, was arrested by LAPD detectives in Southern California early Friday morning, a department spokeswoman confirmed. While police aren't discussing the particulars, the arrest follows a detailed blog post by "Amor Hilton" an 18-year-old Los Angeles woman who says she helped detectives build a case against Weinberg after he hijacked her MySpace account and demanded nude photos and "phone sex" in exchange for its return. Hilton's weekly live video show Bare Naked on the amateur streaming site Stickam has made her an online celebrity of sorts. She named herself for fashion model Nicky Hilton, sister of heiress Paris Hilton. Weinberg was one of a gang of hackers who penetrated Paris Hilton's cell phone account in 2005, the Washington Post reported last year. According to her blog post, Hilton found herself locked out of her MySpace account on December 28th, the same day she began receiving harassing phone calls from a hacker calling himself "V.I.P." -- a handle used by Weinberg in the past. The calls continued over the course of several days, and often took a threatening tone, she says. During that time, the hacker allegedly disconnected Hilton's cell phone account, and took over her account on Stickam. Stickydrama.com, a gossip site dedicated to Stickam celebs, published a photo of Hilton on December 29th, which it said was sent in by a self-described hacker who identified it as a private photo pilfered from Hilton's MySpace account. Hilton reported the harassment to the police, and recorded one of the phone calls. She worked with LAPD detective Eric Jones to identify V.I.P. as Weinberg, she says, finally confirming it by comparing a mug shot to a photo the hacker had sent her. "Don't mess with a Hilton," she wrote on January 3rd. "And that's how you catch a hacker." Weinberg was sentenced [1] (.pdf) to 10 months in prison last year for hacking Accurint, and was released in November to begin three years of federal supervised release. Under the conditions of his supervision, he had to submit to random inspections of his computer hard drive, and was forbidden from possessing or using encryption software, among other restrictions. A source with ties to the computer underground says hackers have recently boasted about having access to MySpace's internal administrative tools. The source provided a screenshot of what appears to be a search page marked "confidential" that displays options not available on the service's public search -- including searching for MySpace users by their private internet IP address. A second screenshot shows what appears to be results from a search on actor Nicholas Cage, showing the IP addresses used to access three accounts bearing that name. A spokeswoman for MySpace did not return a phone call Monday. On Monday, MySpace reached an accord with 49 state attorneys that promises to tie off a year of inquiries into safety issues on the site, which followed my October, 2006, story on MySpace sex offenders. In that story I described how I used a PERL script to run the names and locations of approximately 400,000 registered sex offenders through MySpace's search engine, turning up 744 confirmable matches from one-third of the results. One of them, a thrice-convicted child molester, was openly courting young boys on MySpace, and was arrested as a result of the probe. MySpace then ran a more sophisticated search of its own and purged at least 29,000 past offenders from its roles. In the deal with the state AGs, MySpace agreed to a laundry list of measures, such as removing the option for under-18 users to report themselves as "swingers," and setting underage users' profiles as "private" by default. The company is also forming a safety task force to explore options for online age and identify verification. Denizens of the online hacker forum DigitalGangster have been chortling over Weinberg's arrest. "Weinberg likes to pick on people, internet celebs are like his calling," one poster wrote. It's worth noting that Weinberg isn't universally liked in the underground, and newly-released cons are vulnerable to frame-ups. We'll wait watch to see how the case develops. Weinberg's federal public defender didn't return a phone call Monday; a man who answered the phone at Weinberg's home in Dana Point, in Orange County, California, also confirmed that Weinberg had been arrested, but otherwise declined to comment or identify himself. [1] http://blog.wired.com/27bstroke6/files/weinberg_judgement.pdf __________________________________________________________________ Visit InfoSec News http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Mon Jan 14 2008 - 22:27:08 PST