The top five stupid hacker tricks

Taunting tweets, provocative pics and iPad-spam chats, stupid slip-ups lead to high profile hacker arrests.

Share

If the Internet is the new Wild West, then hackers are the wanted outlaws of our time. And like the gun-slinging bad boys before them, all it takes is one wrong move to land them in jail.

Whether they are out to steal money or merely wreak havoc, the consequences of an exploit gone bad can be harsh. And these days, the margin for error can be measured in bits. After all, thanks to the Internet's international nature, cyber outlaws have an awful lot of sheriffs sniffing out their online footsteps.

Sometimes though, the sheriffs don't have to work too hard. Clever as they often are, hackers can turn boneheaded pretty quickly and slip up in silly ways, leaving authorities a virtual road map pointing right to their doorsteps.

Hack, tweet, repeat - until arrested

The suspect: Scott Arciszewski

The crime: Hacking an FBI-sponsored website

Dossier: Arciszewski is accused of hacking into the website of InfraGard, an FBI-run programme focused on cyber crime prevention. Yes, you read that correctly: cyber crime prevention. In other words, if there were an encyclopedia entry for "places you don't want to mess with," InfraGard would top the list.

Common sense be damned, though, someone decided InfraGard needed to be infiltrated. Apparently the company's ties with the government rubbed some folks the wrong way. This past June, the hacking collective known as LulzSec took credit for taking down one of the organisation's sites, citing recent computer crime legislation as the cause of its ire.

The incident connected to Arciszewski came just one month later, in July 2011. The FBI alleges that Arciszewski, a 21 year old computer engineering major at the University of Central Florida, broke into InfraGard's Tampa Bay chapter website. He's accused of uploading a few files, animated kitty GIFs one can only hope, and then posting a link on Twitter showing others how he skirted the website's security.

The tweet reportedly contained just eight words, Infraguard Tampa has one hell of an exploit, along with a shortened link. That turned out to be more than enough to send the bloodhounds on Arciszewski's path.

The bust: FBI agents, none too pleased with their public flogging, set out to find the guy who tore a hole in their virtual fence. It didn't take too much work, from the sounds of it: According to reports, Arciszewski retweeted his boast to the attention of the FBI's official press office account.

"Word of mouth leads to a lot of arrests," said Clifford Neuman, director of the USC Centre for Computer Systems Security. "Hackers often brag to others on message boards and social [media] services, so detectives look for indications like online postings and then start tracing forward from that activity."

In Arciszewski's case, the feds tracked down the IP address used in the attack and connected it to that troublesome tweet. According to Ryan J Reilly at TPM Idea Lab, the FBI went from Arciszewski's Twitter account to his personal website. Before long, they found his real name, matched up some photos and showed up at his UCF dorm room with a warrant for his arrest.

On the plus side, that may have been the most action Arciszewski's dorm saw all semester.

Risqué Miley Cyrus pics arouse suspicion 

The suspect: Josh Holly

The crime: Hacking celebrities' Internet accounts as part of a spam and credit card-stealing caper

Dossier: It's no party in the USA. these days for Josh Holly, the 21 year old accused of hacking Miley Cyrus's Gmail account and posting provocative pics of her online. Holly is currently facing criminal charges, though in a surprising twist not for the semi-indecent exposure of the 15 year old star.

Holly's trouble actually revolves around a series of spam-based credit card thefts. In August, he pleaded guilty to felony charges stemming from the possession of about 200 compromised credit card numbers. According to the FBI, Holly hacked into numerous celebrities' MySpace accounts, then used their accounts to spam the masses, reaching legions of responsive followers and bringing in more than $100,000 (£60,000) in shadily obtained revenue.

So where does the lovely Ms. Cyrus factor into the equation? Holly famously bragged about breaking into Miley's email and stealing her risqué photos (which, of course, were plastered all over the web in no time). Holly told Wired the whole thing started when he broke into a MySpace admin panel and found a plain text list of passwords. He tried Miley's MySpace password on a Gmail account she was known to use, according to the interview, and sure enough it worked.

The bust: Though Holly was never charged specifically for the Miley incident, that high profile hack appears to have played an integral role in his arrest. The FBI followed his boastful bread crumbs and raided his Tennessee home. They seized his computer and found all the evidence they needed inside.

Holly seemed to spot his slip-ups pretty quickly, after the fact, at least. In an interview conducted with Wired shortly after his arrest, Holly is quoted as saying, "There's no way I can get out of this... I was an idiot and I didn't delete any of my [hard drive data]. I never thought they would raid me. They're going to get full proof [sic] evidence of everything that I've said I've done."

Of course, the massive amounts of money moving through various accounts probably didn't help, either. Where there's money, after all, there's almost always a trail.

"Whenever there is required collusion, the exchange of a hack or credit card number or anything like that, that creates a point of vulnerability where information can be exposed," USC's Neuman explains.

Holly could face up to 10 years in prison and a $250,000 fine.

Find your next job with computerworld UK jobs