Friday, December 22, 2006

Staffer for Congressman tries to hire hackers to change grades

Todd Shriber, communications director for Rep. Denny Rehberg (R-MT), tried to hire hackers at attrition.org to change his college GPA for him. He corresponded in email with "Lyger" and "Jericho" (former Phoenix resident Brian Martin, who runs attrition.org), who strung him along and then published the entire email correspondence on their site. To keep things entertaining, they made some odd requests:
From: security curmudgeon (jericho@attrition.org)
To: Todd Shriber (nascar24_08530@yahoo.com)
Date: Wed, 9 Aug 2006 17:30:44 -0400 (EDT)
Subject: Re: Question for you or other Attrition members

: Wow, I feel dumb now. I honestly cannot rember if there were pigeons on
: campus or not. A lot of crazy squirrels, but I can't remember pigeons.
: Just for my own edification, why do you need to know that? I'll find out
: for you.

Hey, squirrels work fine. First, let's be clear. You are soliciting me to
break the law and hack into a computer across state lines. That is a
federal offense and multiple felonies. Obviously I can't trust anyone and
everyone that mails such a request, you might be an FBI agent, right?

So, I need three things to make this happen:

1. A picture of a squirrel or pigeon on your campus. One close-up, one
with background that shows buildings, a sign, or something to indicate you
are standing on the campus.

2. The information I mentioned so I can find the records once I get into
the database.

3. Some idea of what I get for all my trouble.


When he replied that he no longer lives near his campus (he's in D.C., and attended Texas Christian University), they told him that any old photo of a squirrel would do--and he sent them one.

They ended their trolling by claiming that they had been caught, and that Shriber shouldn't even visit their website anymore:
From: lyger (lyger@attrition.org)
To: Todd Shriber (nascar24_08530@yahoo.com)
Bcc: security curmudgeon (jericho@attrition.org)
Date: Sun, 27 Aug 2006 03:15:31 -0400 (EDT)
Subject: Re: the squirrels are nice here...


On Sat, 26 Aug 2006, Todd Shriber wrote:

": " I'll take a quick look on Saturday and get the changes
": " to you immediately following that. Let me know if it's
": " OK for me to log into that site.

todd... no more.. omfg we are SO busted.. fuck fuck fuck FUCK FUCK
everything was PERFECT until their night noc ran a reverse udp traceroute
back to one of the hosts we had set up after that, straight DOWNHILL.
i've already been called twice by my isp asking about unusual activity,
some other shit about access attempts to a federally monitored system they
have everything in logs including the rot-26 stuff that finally got me
access all goes back to your login sorry i really fucked up BAD

theyre prob gonna end up calling you since they have your info just duck
and run if you can, i'm going deep underground if they ask about me or
attrition we don't know each other you know youre just as guilty and
liable so when they come knocking dont say anything without a lawyer and
when you ask them to put the gun down say it nice because that shit isnt
fun

man dont even visit attrition.org again theyre trying to check web logs
one last email should be ok but we're so fucked sorry

Paul McNamara has covered the story at Network World, and it's summarized at Talking Points Memo. The full email correspondence is up at attrition.org, but their server is having some trouble handling the traffic they're now receiving on this.

UPDATE: Welcome to Todd and/or his colleagues at the U.S. House of Representatives!

Domain Name
house.gov ? (United States Government)
IP Address
143.231.249.# (Information Systems, U.S. House of Representatives)
ISP
Information Systems, U.S. House of Representatives
Location
Continent : North America
Country : United States (Facts)
State : District of Columbia
City : Washington
Lat/Long : 38.8933, -77.0146 (Map)
Distance : 1,975 miles
Language
English (United States)
en-us
Operating System
Microsoft WinXP
Browser
Internet Explorer 6.0
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Javascript
version 1.3
Monitor
Resolution : 1024 x 768
Color Depth : 32 bits
Time of Visit
Dec 22 2006 8:55:54 am
Last Page View
Dec 22 2006 8:55:54 am
Visit Length
0 seconds
Page Views
1
Referring URL
http://blogsearch.go...Todd Shriber&ie=UTF8
Search Engine
blogsearch.google.com
Search Words
todd shriber
Visit Entry Page
http://lippard.blogs...n-tries-to-hire.html
Visit Exit Page
http://lippard.blogs...n-tries-to-hire.html


UPDATE: Todd Shriber has been fired.

2 comments:

garth2 said...

so very funny

Adam Lee said...

"...they have everything in logs including the rot-26 stuff that finally got me access..."

Rot-26? Hah. If this guy knew anything about computers, he'd have realized by that point that they were mocking him.

(If anyone doesn't know, rot-13 is a simple cipher that shifts every letter in the alphabet ahead by 13 places, wrapping around at the end. Rot-26 would be.. well, you can figure it out.)