[ISN] Hackers Admit to Wave of Attacks
InfoSec News
isn at c4i.org
Sat Sep 10 00:07:28 EDT 2005
http://www.wired.com/news/privacy/0,1848,68800,00.html
By Kevin Poulsen
Sept. 08, 2005
An Ohio computer hacker who served as a digital button man for a shady
internet hosting company faces prison time after admitting he carried
out one of a series of crippling denial-of-service attacks ordered by
a wealthy businessman against his competitors.
In a deal with prosecutors, Richard "Krashed" Roby, 20, pleaded guilty
in federal court in Toledo last month to intentionally damaging a
protected computer, after launching a 2003 attack on an online
satellite TV retailer that caused at least $120,000 in losses.
"There were a lot of big-time people making a lot of money who picked
up on him and persuaded him to do this, without a lot in it for him,"
says Mark Weinberg, Roby's attorney. "He's one of these people who are
brilliant in one area but absolutely lacking in common sense in
others."
Jay Echouafni, the 38-year-old satellite TV mogul who allegedly
ordered and funded the cyberhits, went on the lam last year, and
remains a fugitive from a federal indictment out of Los Angeles.
In a related deal, 31-year-old Paul Ashley, former operator of the
Foonet hosting service, admitted to recruiting three other computer
intruders to carry out Echouafni's orders. He has not yet entered a
guilty plea. Under federal sentencing guidelines, Ashley faces 70 to
87 months in prison for his role in the attacks, but the terms of his
plea agreement make him eligible for a reduced sentence in exchange
for his testimony against other defendants.
"If Ashley were to cooperate with the government and, for example,
testify against Echouafni, he could get a departure from his
sentence," said Los Angeles assistant U.S. attorney James Aquilina,
who's prosecuting the case.
Roby faces 18 months to two years in prison under sentencing
guidelines.
Until it was shuttered by an FBI raid last year, Ashley ran Foonet
from a basement server room in his suburban Ohio home. The enterprise
enjoyed a double-edged reputation for providing hosting that could
stand up to distributed denial of service, or DDOS, attacks, even as
it gave safe harbor to members of the computer underground drawn to
the bulletproof service.
"Every script kiddy on IRC had a shell there," says Andrew Kirch, a
security administrator for the Abusive Hosts Blocking List. "Spamming,
hacking, phishing, DDOS networks -- you want to run scans for a large
amount of IP space for prevalent Windows vulnerabilities? Set up
there."
In his plea agreement, Ashley admitted he knowingly allowed clients
and employees to control networks of compromised Windows machines, or
"bots," from Foonet.
That came in handy in October 2003, when Echouafni, a Foonet client,
offered Ashley $1,000 to snuff out two websites.
Echouafni, who was CEO of Massachusetts-based Orbit Communication at
the time, allegedly claimed that competitors RapidSatellite.com and
WeaKnees.com had stolen his content and attacked his online business,
which sold satellite TV gear over the web.
Ashley took the money and, according to his plea agreement, recruited
three associates to do the dirty work: Jonathan Hall, Lee Walker and
Joshua Schichtel, known online as "Rain," "sorCe" and "Emp"
respectively.
Hall, who is not currently charged in the case, says the offer marked
a change in Ashley's business practices. "Prior to Jay asking for all
that crap, Paul Ashley never really asked me to launch large-scale
attacks like that," Hall said in a telephone interview.
Roby was pulled into the gang by Schichtel, who found his network of
3,000 bots inadequate to take down Miami-based RapidSatellite,
according to court records. Roby's resources were more formidable: The
young hacker controlled approximately 15,000 Windows machines that
he'd taken over with a variant of the Spybot worm.
Schichtel allegedly promised Roby a free Foonet shell account in
exchange for turning those hacked PCs against RapidSatellite.
"Foolish," says attorney Weinberg.
The FBI described the ensuing attack as a tenacious, 10-day deluge
that tracked RapidSatellite through three ISP changes, and briefly
blocked Amazon.com and the website of the Department of Homeland
Security, which had the poor luck of sharing service providers with
Echouafni's rival.
A concurrent attack allegedly launched by the other members of the
crew took a similar toll on WeaKnees.com. Apparently pleased with the
results, Echouafni went on to purchase Foonet from Ashley, retaining
Ashley as an employee and hiring Hall to handle cybersecurity for the
company. In February of last year, Echouafni allegedly ordered a third
attack on another competitor, ExpertSatellite.com.
Prosecutors filed the first round of charges against Ashley and his
alleged co-conspirators last year, then dropped them during plea
negotiations with some of the defendants.
Schichtel could not be reached for comment for this story, and
Ashley's attorney failed to return repeated phone calls. Roby's lawyer
says the young hacker had little to offer prosecutors in exchange for
a sweeter deal.
"When you're at the bottom of the barrel, there's not much you can
tell them," says Weinberg. "Usually the people who are at the top have
the ability to provide the most substantial assistance."
Aquilina says prosecution is proceeding against Walker in the United
Kingdom, where Walker lives.
Hall is a resident of flooded New Orleans. Speaking with Wired News
from the Houston hotel to which he evacuated with his family, he says
he never participated in the attacks, even after Echouafni ordered one
personally, as his boss.
"The first time he asked me to launch some stupid-ass attack, he
claimed that the company had hacked his database and wiped it out,"
says Hall. "I knew it was bullshit."
When Echouafni threatened to fire Hall, the then-teenaged hacker
promised to carry out the order, but never did, he claims. "He kept
catching on that the attacks weren't going through, and he kept
climbing up my ass and saying that they're not working. But I never
actually did it.... Jay was an asshole."
Hall says he stopped attacking computers when he was 16.
Echouafni skipped out on $750,000 bail secured by his house in
Massachusetts last year. Law enforcement officials believe he's now
living in his native Morocco.
More information about the ISN
mailing list