Results 1 to 2 of 2

Thread: News: 'Deceptive Duo' Suspects Raided

  1. #1

    Post News: 'Deceptive Duo' Suspects Raided

    Over the weekend the FBI issued sealed search warrants against two suspected members of self-described "patriotic" hacking group the Deceptive Duo. Tonight's "Tech Live" reports.

    The warrants initiated raids into the homes of Robert Lyttle, an 18-year-old from Pleasant Hill, California, and a second suspect in Florida. Since the FBI search warrants are still sealed, the second suspect was identified only by his screen name, "The-Rev." Officials say both suspects have a history of hacking.

    In fact, Lyttle, who goes by the online name "Pimpshiz," was convicted as a juvenile for defacing websites with pro-Napster messages.

    The Deceptive Duo has taken credit for defacing government and financial websites and says it has cracked sensitive networks. The hacking team claims it's trying to protect the United States from cyberterrorism.

    Kelly Hallisey, who identifies herself as an "online mother" of sorts and mentors and tries to guide hackers, says both Lyttle and "The-Rev" have "well-established hacking resumes."

    Neither suspect has been arrested for the Deceptive Duo hacks, but Lyttle is under house arrest for violating his parole. He was banned from going online and it appears the FBI has found ample evidence that he's using the Internet.

    The FBI refused to comment on this story, but Contra Costa County Deputy District Attorney Dodie Katague, who prosecuted Lyttle in the pro-Napster defacements when Lyttle was still a juvenile, says Lyttle could be in serious trouble.

    "Now he's an adult. He'll be treated harshly by law enforcement," Katague said. "He could be facing as much as 150 years in prison."

    "This Lyttle guy has started a business," Katague added. "He's selling security solutions against hackers."

    Katague says Lyttle wants to mirror the career paths of Kevin Mitnick and Kevin Poulsen -- ex-hackers who are now high-profile security gurus.

    Poulsen has his own ideas about the Duo. He said he questions their patriotic intentions to protect America from cyberterrorists.

    "Nobody thinks Osama bin Laden is after their Social Security number," Poulsen said.

    However, Poulsen says he sees hactivism as having a place.

    "One wonders post-9/11 if there's more room for benevolent hacking," Poulsen said.

    But Katague has little sympathy for the Duo. "This patriotism is a crock," he said. "They're after the publicity."
    The Source


  2. #2

    Post Hacktivists 'Deceptive Duo' Talk

    Hacker group Deceptive Duo targets government and corporate sites all in the name of patriotism. The pair recently granted TechTV an email interview. Given the limitations of an email interview, the only way TechTV can confirm the Deceptive Duo's credibility is by contacting them using the email address they posted on the websites they defaced.

    Below is the transcript of the interview:

    TechTV: What are your goals?

    Deceptive Duo: Our ultimate goal is to eliminate the threat of our US infrastructure being hacked by a foreign entity. Mission: Foreign Threat consists of multiple operations that are very complex and organized. By executing certain aspects of each operation, such as the defacements and the posting of sensitive data, we are forcing the system administrators of the networks we hacked, as well as the other system administrators who are witnessing these events, to secure their computers. We are giving them a glimpse of reality so that they can realize that the threat remains. We take stern action against them so that they take stern action with their computer environments.

    When we target critical computer networks:

    1. Our initial targets become secure. We often perform follow-up penetration tests and/or answer any questions a system administrator or official has about the break-in.

    2. Everyone, not just those involved in managing computer networks, are witnessing a very real scenario, allowing them to think more in-depth about certain tasks that their organization, corporation, and/or agency must perform over the Internet.

    3. Sensitive data is not leaked to foreign enemies. We do post information not always available to the public, but this information is not everything we have acquired. We balance out what we post on our defacements to stay loyal to the US and to prevent foreign enemies from gaining an intelligence advantage.

    TechTV: What incited you to start hacking these networks?

    Deceptive Duo: We are all bystanders to the lack of security. The incomprehensible fact of how truly insecure our entire infrastructure is came to us at the same time. We would often talk about computer security, but for some reason this matter came to us mutually. This is what created the duo. We knew that we had to take thorough and organized steps toward securing the infrastructure, one way or another. Otherwise a terrorist might take advantage of the vulnerabilities we remain susceptible to. If we didn't do this, and in the future we witnessed a cyberterrorist attack, we would feel extremely bad about ourselves.

    TechTV: Technically, where is our security infrastructure most vulnerable?

    Deceptive Duo: At this time we cannot accurately pinpoint the area of our infrastructure that is most vulnerable. We are still in the beginning of our mission and have only covered a small portion of our nation's computer networks. However, from what we have experienced, we would say the financial systems -- such as banks and certain areas within the Federal Reserve Board.

    TechTV: Why do you think sys admins aren't adequately protecting their networks?

    Deceptive Duo: In some cases it's because they aren't properly trained. We believe a system administrator needs to share the mindset of a hacker. Understand your opponent to defeat it. Another factor is possibly the lack of motivation. Oftentimes money is the source of motivation. Maybe some are underpaid or not treated fairly in the atmosphere that they must work within. Maybe they aren't aware of how critical their position in protecting computer networks is. There are many things to question, none of which anyone can accurately answer.

    TechTV: Who do you feel poses the biggest cyberthreat to the United States? Do they have the skills to compromise our critical networks?

    Deceptive Duo: We believe al Qaeda poses the biggest cyberthreat to the US. They have shown organization and determination against our country. They also have shown us that they are capable of utilizing computers for communications and storage.

    We strongly believe they have the skills to compromise some of our critical networks. We have hacked into some classified and critical computer networks with very trivial exploits. We are in stage one of our mission, which is to locate and scan systems that are hosted by Microsoft products for widely known vulnerabilities. We are currently using simple exploits to emulate a terrorist attack as real as possible. It doesn't take extraordinary skill to do what we have been doing in the past few weeks. Al Qaeda can easily gain intelligence just as we have. It's just a matter of time before they use our own vulnerabilities and energy against us.

    Hackers within China also pose a threat. They have hacked into some of our military systems in the past.

    TechTV: How do you counter those who say you are just publicity hounds?

    Deceptive Duo: There is nothing we can do to counter those whose assumptions are based around weak arguments. We brush it off and continue to execute our mission. We cannot let it bother us as it will take away from our focus. If we were in it for the publicity, prison time is quite the price to pay for attracting media attention to a name that keeps our real identities anonymous.

    TechTV: What organizations have you hacked? (We know what other members of the media say, but we'd like your list.)

    Deceptive Duo: We have hacked into classified and unclassified systems including those belonging to:

    Defense Logistics Agency
    Sandia National Laboratories (Warhead Monitoring Technology Program)
    Federal Aviation Administration
    Office of the Secretary of Defense
    Midwest Express Airlines
    Rio Grande Airlines
    Cameroon Airlines
    Saudi Arabian Airlines
    NASA Ames Research Center
    Department of Transportation
    California Department of Transportation
    NASA Jet Propulsion Laboratories
    Space and Naval Warfare Systems Command
    Uniformed Services University of the Health Sciences
    Durango, Colorado Airport
    South Bend Regional Airport
    Southeast Iowa Regional Airport
    National Institute of Standards and Technology
    US Geological Survey
    Peoples State Bank
    Arkansas Community Banking Association
    Bank of West Baton Rouge
    Community Bankers Association of Kansas
    Bank of Dumas
    Merchants & Planters Bank
    Merchants & Marine Bank
    Copiah Bank
    Madison Bank and Trust
    The Evangeline Bank & Trust Company
    Iowa Independent Bankers
    IBanc Virtual Bank
    Greers Ferry Lake State Bank
    Gartner Inc.
    US Naval Reserve -- Air Systems Program
    US Government Export Portal
    Federal Housing Finance Board
    Health Resources and Services Administration

    TechTV: Many companies pay big money for penetration tests. Do you feel like you are giving them those tests for free? Do you tell the organizations how you penetrated their networks?

    Deceptive Duo: In a way, yes, we are giving them free penetration tests. On the other hand, our penetration tests are being paid for with embarrassment. If we hack into one of their systems, we are going to expose it to the public. Also, these tests aren't under any nondisclosure contracts.

    We fully cooperate with the system administrators in telling them how the break-in took place and how to prevent it. If we didn't, our mission would be incomplete. If they email us, we help them.

    TechTV: What's the scariest thing you've discovered since you started hacking into high-profile networks?

    Deceptive Duo: Divulging any information pertaining to the scariest intelligence we have gained could create a national security risk. However, a very scary issue is that a lot of our government computers are insecure.

    TechTV: How long do you think you can work as "hactivists" before being caught?

    Deceptive Duo: We try not to think about getting caught. It's of course a big factor in this all, but dwelling on it will only sidetrack us. We came into this willing to endure prison sentences. We are sacrificing ourselves for the sake of public safety. There is no definite answer to that question. If the government wants something bad enough, they'll get it one way or another.

    If only they chose to secure their sites as much as they choose to track us down and put us in prison.

    TechTV: What's your advice to sys admins overseeing critical networks?

    Deceptive Duo: Thoroughly analyze, research, and defend against existing vulnerabilities. Adapt to the challenge and completely understand each aspect of it.
    The Source


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts