A Massachusetts teenager has pleaded guilty to hacking into the cell-phone account of hotel heiress and Hollywood celebrity Paris Hilton, a high-profile stunt by the youngest member of the same hacking group federal investigators say was responsible for a series of electronic break-ins at data giant LexisNexis.
The 17-year-old boy was sentenced to 11 months’ detention at a juvenile facility for a string of crimes that include the online posting of revealing photos and celebrity contact numbers from Hilton’s phone. As an adult, he will then undergo two years of supervised release in which he will be barred from possessing or using any computer, cell phone or other electronic equipment capable of accessing the Internet.
The U.S. Attorney’s Office for Massachusetts and the state district court declined to identify the teen, noting that federal juvenile proceedings and the identity of juvenile defendants are under seal. But a law enforcement official close to the case confirmed that the crimes admitted to by the teen included the hacking of Hilton’s account.
The teen also pleaded guilty to making bomb threats at two high schools and for breaking into a telephone company’s computer system to set up free wireless-phone accounts for friends. He also participated in an attack on data-collection firm LexisNexis Group that exposed personal records of more than 300,000 consumers. Prosecutors said victims of the teen’s actions have suffered about $1 million in damages.
In a series of telephone and online communications between March and June with a washingtonpost.com reporter, the teen acknowledged responsibility for all of the crimes for which he was sentenced.
Washingtonpost.com is not revealing his name because he communicated with the reporter on the condition that he not be identified either directly or through his online alias.
Investigators began focusing on the teen in March 2004 when he sent an expletive-laced e-mail to a high school in Florida threatening to blow it up, according to a statement from prosecutors. The school was closed for two days while a bomb squad, a canine team, the fire department and other emergency officials examined the building.
In August 2004, the teen broke into the internal computer systems of “a major internet service provider” by tricking an employee into opening a virus-infected file he sent as an e-mail attachment. The virus — known as a “Trojan horse” program — allowed the juvenile to use the employee’s computer remotely to access other computers on the ISP’s internal network and gain access to portions of the company’s operational information, prosecutors said.
The teen told washingtonpost.com earlier this year that around that time he broke into the network of Dulles, Va.-based America Online. AOL did not return calls seeking comment.
In January, the teen hacked into the telephone records system of T-Mobile International. He used a security flaw in the company’s Web site that allowed him to reset the password of anyone using a Sidekick, a pricey phone-organizer-camera device that stores videos, photos and other data on T-Mobile’s central computer servers. A month later, the teen would use that flaw to gain access to Hilton’s Sidekick files, according to corroborating information and screen shots he shared with washingtonpost.com.
Later that month, according to prosecutors, an associate of the teen “set up accounts for the juvenile at a company which stores identity information concerning millions of individuals.”
Again, prosecutors declined to name the company targeted in that attack. But according to screen shots provided by the teen — supported by other information from the teen that was verified by a senior federal law enforcement official investigating the case who spoke on condition on anonymity — the company was LexisNexis, which reported in March that hackers had gained access to the personal records of more than 310,000 Americans.
