OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[ISN] Convicted Hacker Charged With Extortion After Attack On Model's MySpace Account

From: InfoSec News (alertsinfosecnews.org)
Date: Tue Jan 15 2008 - 00:22:41 CST

http://blog.wired.com/27bstroke6/2008/01/convicted-hacke.html

By Kevin Poulsen
Wired.com
January 14, 2008

A Southern California man convicted last year of hacking into the
Lexis-Nexis owned consumer database Accurint was arrested on charges on
extortion Friday after allegedly hijacking the MySpace account of an
internet celebrity.

Jeffrey Robert Weinberg, 22, was arrested by LAPD detectives in Southern
California early Friday morning, a department spokeswoman confirmed.
While police aren't discussing the particulars, the arrest follows a
detailed blog post by "Amor Hilton" an 18-year-old Los Angeles woman who
says she helped detectives build a case against Weinberg after he
hijacked her MySpace account and demanded nude photos and "phone sex" in
exchange for its return.

Hilton's weekly live video show Bare Naked on the amateur streaming site
Stickam has made her an online celebrity of sorts. She named herself
for fashion model Nicky Hilton, sister of heiress Paris Hilton. Weinberg
was one of a gang of hackers who penetrated Paris Hilton's cell phone
account in 2005, the Washington Post reported last year.

According to her blog post, Hilton found herself locked out of her
MySpace account on December 28th, the same day she began receiving
harassing phone calls from a hacker calling himself "V.I.P." -- a handle
used by Weinberg in the past. The calls continued over the course of
several days, and often took a threatening tone, she says.

During that time, the hacker allegedly disconnected Hilton's cell phone
account, and took over her account on Stickam. Stickydrama.com, a gossip
site dedicated to Stickam celebs, published a photo of Hilton on
December 29th, which it said was sent in by a self-described hacker who
identified it as a private photo pilfered from Hilton's MySpace account.

Hilton reported the harassment to the police, and recorded one of the
phone calls. She worked with LAPD detective Eric Jones to identify
V.I.P. as Weinberg, she says, finally confirming it by comparing a mug
shot to a photo the hacker had sent her.

"Don't mess with a Hilton," she wrote on January 3rd. "And that's how
you catch a hacker."

Weinberg was sentenced [1] (.pdf) to 10 months in prison last year for
hacking Accurint, and was released in November to begin three years of
federal supervised release. Under the conditions of his supervision, he
had to submit to random inspections of his computer hard drive, and was
forbidden from possessing or using encryption software, among other
restrictions.

A source with ties to the computer underground says hackers have
recently boasted about having access to MySpace's internal
administrative tools. The source provided a screenshot of what appears
to be a search page marked "confidential" that displays options not
available on the service's public search -- including searching for
MySpace users by their private internet IP address.

A second screenshot shows what appears to be results from a search on
actor Nicholas Cage, showing the IP addresses used to access three
accounts bearing that name.

A spokeswoman for MySpace did not return a phone call Monday.

On Monday, MySpace reached an accord with 49 state attorneys that
promises to tie off a year of inquiries into safety issues on the site,
which followed my October, 2006, story on MySpace sex offenders. In
that story I described how I used a PERL script to run the names and
locations of approximately 400,000 registered sex offenders through
MySpace's search engine, turning up 744 confirmable matches from
one-third of the results. One of them, a thrice-convicted child
molester, was openly courting young boys on MySpace, and was arrested as
a result of the probe. MySpace then ran a more sophisticated search of
its own and purged at least 29,000 past offenders from its roles.

In the deal with the state AGs, MySpace agreed to a laundry list of
measures, such as removing the option for under-18 users to report
themselves as "swingers," and setting underage users' profiles as
"private" by default. The company is also forming a safety task force to
explore options for online age and identify verification.

Denizens of the online hacker forum DigitalGangster have been chortling
over Weinberg's arrest. "Weinberg likes to pick on people, internet
celebs are like his calling," one poster wrote.

It's worth noting that Weinberg isn't universally liked in the
underground, and newly-released cons are vulnerable to frame-ups. We'll
wait watch to see how the case develops.

Weinberg's federal public defender didn't return a phone call Monday; a
man who answered the phone at Weinberg's home in Dana Point, in Orange
County, California, also confirmed that Weinberg had been arrested, but
otherwise declined to comment or identify himself.

[1] http://blog.wired.com/27bstroke6/files/weinberg_judgement.pdf

__________________________________________________________________
Visit InfoSec News
http://www.infosecnews.org/