A hacker group known as The Deceptive Duo breached computer networks of The Federal Aviation Administration (FAA) and stole a database of files on passenger screening activities. On April 26, 2002, the group then defaced the FAA website, where they posted data including the name of the FAA inspector and details on guns and explosives found on airline passengers.
The Deceptive Duo made a mockery of government security by hacking websites critical to U.S. safety and defense. Included among their successful targets were NASA, the Space and Naval Warfare Systems Command, the Office of Secretary Defense, the Defense Logistics Agency, the Naval Air Systems Command… the list goes on for quite a while. They were downloading databases, publishing information online for all to see, and defacing government websites.
On May 19, 2004, Benjamin “The-Rev ”Stark, then 22, one of the members of The Deceptive Duo, pled guilty for his part in the cyberattacks. The other member of the group, Robert “Pimpshiz” Lyttle, had already been caught in 2002 when he was 18, but was indicted again in 2004.
Neither of them cared about going to prison for their spree of cyberattacks, however, and continued for what they believed was a moral cause. For them, they were helping protect a country riddled with security holes due to its growing reliance on the Internet.
They left a message behind on each site they hacked, reading along the lines of “Tighten the security before a foreign attack forces you to … At a time like this, we cannot risk the possibility of compromise by a foreign enemy.
Stark and Lyttle saw how vulnerable the U.S. was to potentially devastating cyberattacks. After 9/11, they tried alerting the government of the vulnerabilities, but were ignored. They thus decided to take matters into their own hands, and force the government to increase cybersecurity. For what they were doing, The Deceptive Duo were labelled “Patriot Hackers.”
Prior to the 2002 arrests, The Deceptive Duo told Airscanner in an interview, “Defacements are necessary because of the non-chalant response we receive when notifying a system administrator of the breach. It takes action to get reaction. It also shows others who witness this, the situation we are facing. We remain vulnerable, and the public needs to know this.”
As Internet use has grown and saturated today’s electronics, the dismal state of cybersecurity The Deceptive Duo warned about has become a reality. High profile cyberattacks happen nearly every day, cybercriminals luring victims through phishing schemes and other attacks bring in more money than some drug traffickers, and cyber armies of foreign governments are waging constant cyberwar on critical networks.
It’s interesting now that LulzSec, a group of hackers who launch cyberattacks on targets for fun, is picking up where The Deceptive Duo left off. Although the groups are starkly different in their starting points, what they are accomplishing will likely be the same, and LulzSec is arguably bringing even more attention to the importance of cybersecurity than The Deceptive Duo did.
While The Deceptive Duo took the path of ethical hackers, exploiting systems to help companies patch their holes, LulzSec has more of a “I’m in ur base, killing your doods” approach to things. They let the companies know they’re in their systems and continue tormenting them until the gaps are closed. They have the impaled remains of Sony on the bow of their ship as a stark reminder to this.
As LulzSec writes in a statement celebrating its 1,000th tweet, although their cyberattacks are getting a lot of people angry, there are countless hackers doing the same thing and never tell anyone. They state:
The main anti-LulzSec argument suggests that we’re going to bring down more Internet laws by continuing our public shenanigans, and that our actions are causing clowns with pens to write new rules for you. But what if we just hadn’t released anything? What if we were silent? That would mean we would be secretly inside FBI affiliates right now, inside PBS, inside Sony… watching… abusing…
Do you feel safe with your Facebook accounts, your Google Mail accounts, your Skype accounts? What makes you think a hacker isn’t silently sitting inside all of these right now, sniping out individual people, or perhaps selling them off? You are a peon to these people. A toy. A string of characters with a value.
This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn’t released something publicly. We’re sitting on 200,000 Brink users right now that we never gave out. It might make you feel safe knowing we told you, so that Brink users may change their passwords. What if we hadn’t told you? No one would be aware of this theft, and we’d have a fresh 200,000 peons to abuse, completely unaware of a breach.
What LulzSec is doing is bringing attention to what is already happening, and what is already a rampant problem. Like The Deceptive Duo, the difference is that they’re telling people about it.