[attrition] Postal makes the news..
security curmudgeon
jericho at attrition.org
Thu Dec 21 19:54:48 EST 2006
http://www.networkworld.com/community/?q=node/9999
Congressional aide admits trying to hire hackers -- to boost his college GPA
By Paul McNamara on Thu, 12/21/2006 - 6:59pm
The communications director for Montana's lone congressman solicited the
services of two men he falsely believed to be criminally minded
hackers-for-hire -- with the expressed goal of jacking up his college GPA
-- during an exchange that spanned 22 e-mails over two weeks this past
summer.
Todd Shriber, 28-year-old press aide to U.S. Rep. Denny Rehberg, R-Mont.,
e-mailed the security Web site attrition.org on Aug. 9, writing: "I need
to urgently make contact with a hacker that would be interested in doing a
one-time job for me. The pay would be good. I'm not sure what exactly the
job would entail with respect to computer jargon, but I can go into rough
detail upon making contact with a candidate."
After initially denying knowledge of the exchange, Shriber told me this
afternoon in the final of our three phone conversations: "I did something
that's greatly out of character for me and it's a mistake that I regret."
Two members of attrition.org, "Lyger" and "Jericho" (a.k.a. "security
curmudgeon") corresponded with Shriber and fooled him into believing that
they would carry out his wishes, with Jericho warning him at one point:
"You are soliciting me to break the law and hack into a computer across
state lines. That is a federal offense and multiple felonies."
Shriber wanted Lyger and Jericho to break into the computer system at
Texas Christian University, from which he graduated in 2000.
In the final e-mail on Sunday, Aug. 27, Lyger tells Shriber that his
hacking attempts had been detected and "we are SO busted." He urges him to
"duck and run if you can" in an exaggerated, obscenity-filled -- and
completely fictional -- missive that put an end to their working
relationship.
While the name Todd Shriber and a Yahoo address appear on the e-mail
string that has been posted at attrition.org since September -- the site
posts many of the oddball requests it gets, including some seeking illegal
services -- it was only today and after a bit of search-engine work here
that the person involved was identified as a congressional aide. (Shriber
did send Lyger a note in September asking that the e-mails be removed from
the site.)
Asked why he launched the scheme, Shriber told me, "I would rather not get
into that at all. I just got a little too far ahead of myself thinking
about things down the road." His college grades "weren't that great," he
acknowledged.
Shriber contends now that he "got cold feet" toward the culmination of the
hack that never happened and wanted out, although there is no indication
of second thoughts in any of the e-mail.
"A solicitation was made but no action was performed," he told me. "These
are people misrepresenting themselves for a laugh."
Lyger expresses little sympathy for a man who, after all, was willing to
pay others to commit a crime.
"You'll notice that we even intentionally redacted his Social Security
number and date of birth in one of the e-mails (on the site)," Lyger told
me in an e-mail this afternoon. "Pretty ironic that he even sent them
since we maintain a data-loss database, Web page, and mailing list."
More information about the attrition
mailing list