I couldn’t imagine a crazier way to get yourself some attention from the hacking crew you want to join than taking out one of the biggest “phenomenons” on Myspace then following it up with the Hilary Duff music page, but there you go. The page content doesn’t appear to have had anything malicious placed on it, but the individual behind the hacks couldn’t resist sending out a few bulletins.
A person wanting to impress a hacker group broke into the popular MySpace profiles of several celebrities, including Justin Timberlake and model and MTV personality Tila Tequila, researchers said today.
The hacker, who uses the handle “Tesla,” gained access late Wednesday into the profiles of Timberlake, Tequila and actress-singer Hilary Duff, and used the compromised accounts to blast out bulletins to the celebrities’ tens of thousands of MySpace friends, said Chris Boyd, senior director of malware researchFaceTime Security Labs.
The messages, which appeared to come from the Hollywood stars themselves, proclaimed support for a hacker group known as Kryogeniks.
One read: “Hey Tesla here. Justin Timberlake has been hacked by me. HTTP://kryogeniks[dot]org. Cheers [expletive].”
A 19-year-old hacker who published provocative photos of teen queen Miley Cyrus earlier this year was raided by the FBI Monday morning in Murfreesboro, Tennessee.
The hacker, Josh Holly, repeatedly bragged online about breaking into the Disney star’s e-mail account and stealing her photos. He also gave interviews to bloggers and others and boasted that authorities would never find him because he moved so often. [Last month, Holly contacted Threat Level seeking to have an article written about him here.]
But this morning the FBI did find him and, after talking with him for more than an hour about his exploits, served him with a search warrant and a list of items to be seized (which was posted at the hacking site digitalgangster.com after Holly showed it to a friend).
A former member of the hacker gang Kryogeniks was sentenced to four months in prison Monday for his role in a 2008 stunt that replaced Comcast’s homepage with a shout-out to other hackers.
James Robert Black Jr., 21,was known as “Defiant” when he and two other hackers hijacked Comcast’s domain name in May of 2008 — a prank that took down the cable giant’s homepage and webmail service for more than five hours, and allegedly cost the company over $128,000.
Visitors to Comcast.net had been redirected to a simple page reading “KRYOGENIKS EBK and DEFIANT RoXed COMCAST sHouTz To VIRUS Warlock elul21 coll1er seven.”
“Mr. Black and his Kryogenicks crew created risks to all of these millions of e-mail customers for the simple sake of boosting their own childish egos,” Assistant United States Attorney Kathryn Warma told the court, according to a press release. “The callous disregard of the dangers posed to others, as well as the arrogance and recklessness displayed by these, and other hackers in committing such crimes should be considered by the Court as a factor that weighs in favor of a significant prison sentence.”
Secret-spilling site Cryptome was hacked over the weekend, possibly exposing the identities of whistleblowers and other confidential sources, according to a hacker who contacted Wired.com and claimed responsibility for the breach.
The hacker said two intruders from the group Kryogeniks breached the long-running site, where they gained access to a repository of secret files and correspondence. Among them, the hacker claimed, were the records of self-proclaimed WikiLeaks insiders who have been the source of several unconfirmed tips supposedly detailing internal WikiLeaks matters.
No PII involved in this one, but since many may remember the case, I thought I’d post the follow-up.
James Robert Black, Jr., a.k.a. “Defiant,” was sentenced yesterday in U.S. District Court in Tacoma to four months in prison, four months of electronic home monitoring, 150 hours of community service, three years of supervised release and $128,557 in restitution for conspiring to damage a protected computer. The 21 year-old was originally indicted in the Eastern District of Pennsylvania for his role in a hacker attack aimed at disrupting service at Comcast corporation’s www.comcast.net web site on May 28 and 29, 2008. Black and government prosecutors agreed to resolve the case in Washington.
Black was charged in the conspiracy along with Christopher Allen Lewis, a.k.a. EBK, 19, of Newark, Delaware, and Michael Paul Nebel, a.k.a. “Slacker,” 27, of Kalamazoo, Michigan. The three were associated with the hacker group Kryogeniks. On May 28, 2008, the three men redirected all traffic destined for the www.comcast.net website to web sites that they had established. As a result, Comcast customers trying to read their e-mail or listen to their voice mail were sent to a website on which the only thing that they could find was a message that read
KRYOGENIKS Defiant and EBK RoXed COMCAST sHouTz to VIRUS Warlock elul21 coll1er seven.
Approximately five million people per day connected to the Comcast website in May of 2008. These acts resulted in a loss to Comcast conservatively estimated at $128,557.
In asking that Black serve prison time, Assistant United States Attorney Kathryn Warma wrote to the court saying, “Mr. Black and his Kryogenicks crew created risks to all of these millions of e-mail customers for the simple sake of boosting their own childish egos. The callous disregard of the dangers posed to others, as well as the arrogance and recklessness displayed by these, and other hackers in committing such crimes should be considered by the Court as a factor that weighs in favor of a significant prison sentence.”
At the time the Comcast site was hacked, Black was residing in Tennessee. He has since relocated to Tumwater, Washington.
Source: U.S. Attorney’s Office, Western District of Washington
Christopher Allen Lewis, the hacker from a telephone hacking group called Kryogeniks, has pleaded guilty for taking Comcast’s web site offline in May of 2008.
Lewis is facing a charge that could land him in prison for five years and a $250,000 fine after his guilty plea to one count of conspiracy to intentionally damage a protected computer system. The case is being tried in Philadelphia where Lewis used certain social engineering tactics to obtain critical information on Comcast’s Fearnet.com site over the phone from a Comcast employee at his home in Clifton Heights, Pennsylvania.
Two other individuals, James Robert Black and Michael Paul Nebel, have been charged as co-conspirators in the hacking incident who were also part of the Kryogeniks hacking group. According to a Philadelphia news report, Black is expected to plead guilty and Nebel will enter a not-guilty plea.
Kryogeniks is known as a “phone phreaking” hacker group who do notify their victims though a phone call after the damage has already been done.
The main culprit, Lewis, was able to gain access to Comcast.net’s DNS (Domain Name System) account giving him control of the domain. Lewis later contacted a Comcast employee just to “inform” them on what he had done which was taking down the Comcast.net site and redirecting it to a page announcing that the Kryogeniks group hacked Comcast.
The message found on the hacked web page for Comcast.net read “KRYOGENIKS Defiant and EBB RoXed COMCAST sHouTz to VIRUS Warlock elul21 coll1er seven”, as shown in figure 1 below, for about 90 minutes until the site was reestablished.