‘Deceptive Duo’ hacker charged by US government

LONDON – A 20-year-old man from Pleasant Hill, California, suspected of being a hacker calling himself “the Deceptive Duo,” will face a U.S. Magistrate Judge on Monday on charges that he hacked into government computers and defaced government Web sites.

Robert Lyttle was indicted by a federal grand jury on Thursday, the U.S. Attorney’s Office in Northern California announced Friday.

Lyttle has been charged with breaking into various government Web sites in April 2002, including sites for the Department of Defense’s Defense Logistic Information Service (DLIS), the Office of Health Affairs (OHA) and the National Aeronautic and Space Administration’s (NSAS) Ames Research Center (ARC).

Lyttle is expected to appear before U.S. Magistrate Judge Maria-Elena James in San Francisco on Monday morning local time for his arraignment. There are a variety of charges pending against Lyttle, which carry maximum combined penalties of up to 16 years in jail and fines totalling US$600,000, in addition to possible restitution.

Kyle Waldinger, Assistant U.S. Attorney in the Computer Hacking and Intellectual Property (CHIP) Unit, will serve as the chief prosecutor of the case.

In April 2002, the Deceptive Duo claimed to be a hacking group on a mission to expose the lack of security within the U.S. government’s networks as well as other private-sector computer systems. The group said it had hacked into classified and nonclassified systems.

The government has charged Lyttle with gaining unauthorized accessed to DLIS computers in Battle Creek, Michigan for the purpose of obtaining files that he later used to deface an OHA website hosted on computers in San Antonio, Texas. Furthermore, Lyttle is accused of hacking into the NASA ARC computer at Moffett Field, California, to obtain information that he then used to deface a Web site hosted on the computer. The U.S. Attorney’s Office estimated that it cost the government over $70,000 to correct the damage caused by Lyttle.

At the time of the hacking events, the Deceptive Duo said it had used a default password to log in to sites using Microsoft Corp.’s SQL servers. It also breached systems by using the NetBIOS Brute Force attack method, it which a hacker repeatedly guesses passwords to gain entry into a system using the NetBIOS protocol, the group said.