[attrition] Postal makes the news..

[security curmudgeon]

http://www.networkworld.com/community/?q=node/9999

Congressional aide admits trying to hire hackers -- to boost his college GPA
By Paul McNamara on Thu, 12/21/2006 - 6:59pm

The communications director for Montana's lone congressman solicited the 
services of two men he falsely believed to be criminally minded 
hackers-for-hire -- with the expressed goal of jacking up his college GPA 
-- during an exchange that spanned 22 e-mails over two weeks this past 
summer.

Todd Shriber, 28-year-old press aide to U.S. Rep. Denny Rehberg, R-Mont., 
e-mailed the security Web site attrition.org on Aug. 9, writing: "I need 
to urgently make contact with a hacker that would be interested in doing a 
one-time job for me. The pay would be good. I'm not sure what exactly the 
job would entail with respect to computer jargon, but I can go into rough 
detail upon making contact with a candidate."

After initially denying knowledge of the exchange, Shriber told me this 
afternoon in the final of our three phone conversations: "I did something 
that's greatly out of character for me and it's a mistake that I regret."

Two members of attrition.org, "Lyger" and "Jericho" (a.k.a. "security 
curmudgeon") corresponded with Shriber and fooled him into believing that 
they would carry out his wishes, with Jericho warning him at one point: 
"You are soliciting me to break the law and hack into a computer across 
state lines. That is a federal offense and multiple felonies."

Shriber wanted Lyger and Jericho to break into the computer system at 
Texas Christian University, from which he graduated in 2000.

In the final e-mail on Sunday, Aug. 27, Lyger tells Shriber that his 
hacking attempts had been detected and "we are SO busted." He urges him to 
"duck and run if you can" in an exaggerated, obscenity-filled -- and 
completely fictional -- missive that put an end to their working 
relationship.

While the name Todd Shriber and a Yahoo address appear on the e-mail 
string that has been posted at attrition.org since September -- the site 
posts many of the oddball requests it gets, including some seeking illegal 
services -- it was only today and after a bit of search-engine work here 
that the person involved was identified as a congressional aide. (Shriber 
did send Lyger a note in September asking that the e-mails be removed from 
the site.)

Asked why he launched the scheme, Shriber told me, "I would rather not get 
into that at all. I just got a little too far ahead of myself thinking 
about things down the road." His college grades "weren't that great," he 
acknowledged.

Shriber contends now that he "got cold feet" toward the culmination of the 
hack that never happened and wanted out, although there is no indication 
of second thoughts in any of the e-mail.

"A solicitation was made but no action was performed," he told me. "These 
are people misrepresenting themselves for a laugh."

Lyger expresses little sympathy for a man who, after all, was willing to 
pay others to commit a crime.

"You'll notice that we even intentionally redacted his Social Security 
number and date of birth in one of the e-mails (on the site)," Lyger told 
me in an e-mail this afternoon. "Pretty ironic that he even sent them 
since we maintain a data-loss database, Web page, and mailing list."