Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Lessons Learned from a Teenage Hacker

    By
    Larry Loeb
    -
    September 13, 2005
    Share
    Facebook
    Twitter
    Linkedin

      When the fire alarms are not sounding and calling us to immediate reactive action, security pros need to be kicking back a bit and taking a look at how a serious security problem unfolds. Thats why we should take a look at a Massachusetts teenage who pled guilty of, among other things, hacking—to see what, if anything, could have been done to prevent him and his buddies from succeeding in doing what they did.

      The juvenile pled guilty in federal court last week and was sentenced in connection with a series of hacking incidents into Internet and telephone service providers; the theft of an individuals personal information and the posting of it on the Internet; and making bomb threats to high schools in Florida and Massachusetts—all of which took place over a 15-month period. Victims of the juveniles conduct have suffered a total of approximately $1 million in damages, according to official estimates.

      /zimages/3/28571.gifIT administrators must “think like hackers,” claims one security veteran. Click here to read more.

      This budding sociopath snuck a program onto an ISP employees computer in 2004 that gave him remote access to it. Juvie could use it as his own. So, the first point is to ask where and when did the admin become aware of Juvies activities, if he did at all.

      In 2005, Juvie hacked the internal directory of a “major telephone provider” to get information on someone who had an account with them. He used this to hack the users cell phone (Hello, Paris!) and post the contents of the phone/messenger to the Internet.

      Juvies subtlety emerged even further as he then set up numerous free accounts for all his buddies, never thinking that a bunch of uncollected accounts might trigger a financial review program or anything like that. No, he was too busy hacking into one of the Big 3 like Equifax to get personal information on people that he then posted to the Internet. (Do you see a pattern emerging?)

      He then progressed this spring into wirelessly making bomb threats to a school and in June threatened a DDoS attack against a different “major telephone service” who refused to deal with him. Juvie shut down a significant portion of their Web services, just to show them who their daddy was.

      They caught him. How could they not, as he bounced higher and higher until they could see him quite clearly? He had a run of a year from the first incident until he self-destructed in the shakedown of a corporation. Sad, really.

      The judge imposed a sentence of 11 months detention in a juvenile facility, to be followed by two years of supervised release. During his periods of detention and supervised release, the juvenile is also barred from possessing or using any computer, cell phone or other electronic equipment capable of accessing the Internet.

      If Juvie had been an adult, he would have faced charges of three counts of making bomb threats against a person or property, three counts of causing damage to a protected computer system, two counts of wire fraud, one count of aggravated identity theft and one count of obtaining information from a protected computer in furtherance of a criminal act.

      While younguns trying to make their mark on the scene dont always find the best way to do it (think graffiti thats not art), this particular Juvie crashed and burned with a ferocity that may leave him a burned-out crisp. I keep hoping he can turn his talents away from the Dark Side, and I wonder who is in line to pull the same stupid kind of stunts in his place.

      /zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Larry Loeb

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×