The Web    Google
Deceptive Duo Hacker Changes Plea

Deceptive Duo Hacker Changes Plea
March 11, 2005

Robert Lyttle, one of two hackers behind the Deceptive Duo team responsible for a number of network breaches in 2002, including a U.S. Navy database, has decided to plead guilty to the charges filed by the U.S. Attorneys' Office last year, according to documents filed in the case.

The plea agreement between federal prosecutors and Lyttle in the case U.S. v. Robert Lyttle will be entered in U.S. District Court, Northern District of California, Oakland Division, Friday afternoon as part of a change of plea hearing.

Kyle Waldinger, the assistant U.S. attorney listed on the agreement, was not available for comment at press time.

The decision to change his plea, Lyttle said, was made last year when he realized the intent of his activities had the desired effect: to warn the public of the lack of cybersecurity in the United States.

"There is no need to waste the resources, time and energy of any parties involved here," he told "Our message was felt. Changes were made. The government will attest to that. That is all that matters."

Lyttle was facing five federal charges for his activities, which involved breaking into government computer networks, taking the sensitive information contained within and posting the information on public Web sites. In all, the government assessed the damages caused by the breaches and subsequent defacements at $71,181.

Lyttle and Benjamin Stark, the other half of the Deceptive Duo, were involved in several break-ins by their account, including the Web server breach of one of the U.S. Navy's databases, which contained classified and unclassified e-mail addresses and phone numbers of a number of Navy brass, and accessing a flight scheduling and passenger manifest database at Midwest Express. In both cases, the two posted the information on a publicly available Web site.

According to the government's case against Lyttle, the two accessed a server belonging to NASA's Ames Research Center in Moffett Field, Calif., on April 23, 2002, and a Defense Logistics Agency system in Battle Creek, Mich., on April 26, 2002. In both cases, information was taken from the systems and posted to another site.

The two claimed there was no criminal intent behind the break-ins and defacements ; they wanted to use highly public venues to point out the vulnerabilities that still existed eight months after the 9/11 attacks. In the case of the Navy database breach, the duo asked network administrators to contact them, posting their e-mail address on one of the defaced pages, to show them other vulnerable Web servers in the network.

"I also told the government that I accessed the ... computer systems solely for the purpose of exposing known security vulnerabilities within the United States government's information infrastructure by means of obtaining sensitive information and posting it on the World Wide Web as part of what I referred to as Operation Inform and Operation Foreign Threat," Lyttle said.

As part of the plea agreement, Lyttle gives up his right to a jury trial, as well as the right to appeal the sentence handed down by the judge. If convicted and sentenced to the maximum for all counts against him, Lyttle could face up to 10 years in prison and owe more than $1 million in fines.

In return, the U.S. Attorneys' Office agreed not to file or seek any additional charges for illegalities they might have discovered when conducting their investigation against Lyttle. The plea bargain doesn't affect any cases that might be brought against him by other federal, state or local agencies.

Stark was sentenced Jan. 28 for his role in the hacking activities, according to his lawyer, Frank Louderback of St. Petersburg, Fla., law firm Louderback & Helinger. He was placed on probation for two years, the first year under house arrest, and ordered to pay $29,006 of the $71,181 damages claimed by the government.

"I think it was fair, under the circumstances, based on his background and all of that," Louderback said.

One of the other conditions of Lyttle's plea agreement is to jointly pay, with Stark, the damages assessed by the government, though the restitution itself will be no less than $71,181.

Omar Figueroa, one of the lawyers defending Lyttle, said he had no influence on Lyttle's decision to change his plea. He said he is confident the judge would look at Lyttle's intent and hand down a favorable sentence.

"As the plea agreement makes clear, [Lyttle] did not have any malicious intent. His purpose was not to acquire profits. There was no commercial motive it seems, and the government has agreed," Figueroa said. "We had to fight to get that statement of Robert's intent into the plea agreement that [his] intent was altruistic, and I think the judge can take that into consideration and give it strong weight in mitigation at sentencing."

While Lyttle's intent might factor favorably in the judge's mind, there are factors that will also count against him. In 2000, Lyttle was indicted on two counts of tampering with computer systems while a juvenile for defacing Web sites in protest of the Recording Industry Association of America's (RIAA) injunction of file-sharing forum Napster. He pled no contest and was sentenced to two years' probation in February 2002, two months before his activities with the Deceptive Duo began.

Figueroa said that while that previous ruling could weigh against Lyttle in the judge's mind, he said Lyttle successfully completed the terms of his juvenile court probation and hasn't committed any offenses since the FBI raided his residence in May 2002.

"It's not like he's a recidivist who keeps on re-offending and the only way to keep him from re-offending is to put him in a cage in a federal prison. It's simply not that kind of situation," he said. "Robert felt that there was a necessity for him to do what he did the second time around, and his motives were pure and he hasn't re-offended since."

The judge is expected to issue his sentence in the next six to eight weeks. Between now and then, Figueroa said the court will likely order a pre-sentence report from the probation officer who has been working with Lyttle since proceedings began to get her sentencing recommendations.

  • AOL's AIM Puts Browser Security in Danger
  • 10/27: Famus-C Worm Sends Private Data
  • 5/11: Rbot-ACH Worm Spreads Via Shares
  • Citadel's Latest Automates W2K3 Vulnerability Remediation
  • Sun, Partners Develop Security Appliances
  • 1/12: Bobax-D Worm Exploits LSASS Flaw
  • 1/13: Wurmark-E Worm Arrives As Zip Attachment
  • Nine out of 10 U.S. Emails Now Spam
  • Blaming Users for Virus Chaos?
  • FTC Seeks Court Order Against "Do Not Call" Web Site
  • 4/13: Spybot-NLX Worm Has DDoS Abilities
  • Buy Security Camera