DDoS hacker who left his wife for a fictitious online lover jailed for two years

MouseFor all its positive aspects, there are some pretty ugly things which happen on the internet too.

Take this extraordinary tale, for instance, of how two men falling out with each other, ignited into an attack which involved sadistic revenge, 100,000 compromised computers around the world, divorce and one of the men being sent to jail.

Yesterday, a New Jersey judge sentenced 48-year-old Bruce Raisley to two years in prison for launching a distributed denial-of-service (DDoS) attack against websites that had published humiliating stories about his adulterous “affair” with a fictitious online lover.

In the mid-2000s, computer programmer Raisley became uncomfortable with the techniques used by “Perverted Justice”, a controversial group who posed as minors on internet chatrooms in an attempt to ensnare paedophiles, and questioned the legality of their activities.

This put Raisley at odds with the group’s leader Xavier Von Erck, questioning the legality of the activities of “Perverted Justice”, which collaborated with a US TV news program on a controversial feature called “To Catch a Predator”.

As the men’s conflict ignited, neither party showed themselves in the best light, and in 2005 Von Erck posed as a woman called “Holly” and began an erotic online relationship with Raisley.

You may think that’s a mean but harmless prank, which doesn’t do serious harm to anyone. But you’re wrong.

Raisley told his wife that he was in love with “Holly” and flew to meet his fictitious lover at Little Rock airport in Arkansas. A photographer hired by Van Erck took pictures of Raisley carrying flowers, waiting for an internet lover who – of course – never appeared.

Transcripts of Raisley’s erotic email exchanges with “Holly” and photos of him waiting for his non-existent lover at the airport were posted on the internet to add to his humiliation. Raisley ended up losing his job and wife, and no longer had any contact with his son.

Stories of about Von Erck and his Perverted Justice organisation were published in Radar Magazine and Rolling Stone, and republished on the website of the Rick Ross Institute.

Rolling Stone article

The published stories also included details of how Van Erck had humiliated Raisley.

Perhaps understandably, Raisley wasn’t happy with the embarrassing story being published on the internet. His solution? To infect 100,000 computers around the world with malware and launch a distributed denial-of-service (DDoS) attack against websites hosting the tale of his humiliation.

The New Jersey court heard evidence that Raisley’s internet attack targeted a number of websites, including Rolling Stone, Radar, Nettica, Corrupted Justice, and the Rick Ross Institute. In total it was claimed that the attacks cost the websites more than $100,000.

Raisley has now been sentenced to 24 months in prison for launching the malware that infected computers across the globe, and attacked the websites.

In addition to the prison term, Judge Robert B Kugler sentenced Raisley to three years of supervised release and ordered him to pay damages of $90,386.34.

Things could, actually, have turned out even worse for Raisley. When found guilty last year, he was told he could expect a sentence of up to 10 years in jail, and a maximum fine of $250,000.

It’s a truly tragic story, with neither Raisley or Von Erck demonstrating the best of characters, in my opinion.

But there is one clear moral – taking the law into your own hands is never a good idea.

Poo owns up to hacking of Federal Reserve computers

ToiletDo you think hacking financial institutions and selling stolen information onto others is a viable career? You could be flushing your life down the toilet…

A Malaysian man who was arrested last year by an undercover Secret Service agent, has admitted hacking into a series of financial institutions, and pleaded guilty to possessing stolen credit and debit card numbers with the intention to defraud.

Officers arrested 32-year-old Lin Mun Poo in a diner, shortly after he flew into New York from Malaysia, and claimed to recover over 400,000 credit card numbers and bank account details from his “heavily encrypted laptop computer”.

Court documents

Poo found a security vulnerability on Federal Reserve Bank of Cleveland’s network in June 2010, and claims to have added malicious code to a Federal Reserve computer. However, it is believed that he stole the treasure trove of credit card numbers and other account information from other financial institutions.

No Federal Reserve data or information was accessed or compromised, according to a spokeswoman for the bank.

It seems that Poo didn’t limit himself to merely breaking into financial systems, as court documents have alleged that he also hacked into the network of a major Department of Defense contractor.

Poo is being held in a Brooklyn jail, and faces up to 10 years in jail when he is sentenced on 13th September.

If you’re considering a career of cybercrime, and think that hacking and identity theft could be your route to riches, just take a minute or two to reflect on how you could be making the worst decision of your life.

How would you feel, waiting to find out how many years of your life you’ll be wasting locked up in jail?

SSCC 56 – Albert Gonzalez, Patch Tuesday, Texas data loss and Adobe zero day

Sophos Security Chet Chat logoMichael Argast joins me this week to summarize the important security news and talk a bit about this week’s Microsoft patch release.

We started with the bizarre tale of Albert Gonzalez and his claims that he hacked TJX while working for the US Secret Service. We discussed the loss of 3.5 million people’s personal data by the state of Texas.

We advised people to watch for attacks targeting the latest Adobe zero day, and looked at the top priorities for deployment this Patch Tuesday.

If you prefer a news summary for the week in text format, visit the Sophos Security Hub for the latest selected hot topics or subscribe to our weekly newsletter, Sophos enews.

(12 April 2011, duration 15:29 minutes, size 10.1MBytes)

You can also download this podcast directly in MP3 format: Sophos Security Chet Chat 56.

All of our past podcasts are available from http://podcasts.sophos.com and on iTunes.