Rafael Nuñez-Aponte will soon be going home to Caracas after spending seven months in a U.S. jail for compromising a computer belonging to the Department of Defense, but only if the National Aeronautics and Space Administration decides not to pursue charges against him.
Last week, a U.S. district court sentenced the Venezuelan security professional to time served - about seven months - for defacing an Air Force training Web site in June 2001 under the monicker "Rafa" as part of the online vandal group, World of Hell. The sentence followed a plea agreement between prosecutors and Nuñez signed in July.
"We were happy with the court's sentence," said Scott T. Varholak, the public defender representing Nuñez. "I think the court took into account Mr. Nuñez's character and that he has done a lot of good things since that time."
U.S. immigration officials have taken custody of Nuñez and he will be deported, Varholak said. The process typically takes about two weeks. However, other security incidents attributed to Rafa could delay his departure from the United States. The National Aeronautics and Space Administration (NASA) could attempt to hold Nuñez responsible for sensitive documents allegedly stolen by Rafa in 2002. Rafa allegedly took over 40MB of data regarding NASA's next-generation launch vehicles from a contractor's computer, according to press reports at the time.
A source at the U.S. Department of Justice stressed that the plea agreement and conviction only apply to the incident involving the U.S. Air Force. The source, who asked not to be named, said that Nuñez could be charged for other crimes. However, NASA investigators refused to comment on any possible future prosecution.
Nuñez's sentencing is the latest success for U.S. prosecutors against online vandals and cybercriminals. In February, prosecutors elicited a guilty plea from Nicolas Lee Jacobsen on charges of unauthorized access into the computers of telecommunications company T-Mobile. Microsoft helped German authorities track down and convict the creator of the Sasser worm, Sven Jaschan. In Europe, prosecutors have brought cases against the alleged online attackers suspected of creating networks of compromised computers, known as bot nets.
U.S. immigration officials arrested Nuñez on April 2 when he arrived in Miami for a conference. Nuñez had been working for Venezuelan telecommunications company CANTV in computer security and had previously worked for the Venezuelan subsidiary of Scientech. Law enforcement officials then moved the 26-year-old Venezuelan to Denver, Colorado, where he was charged.
The plea agreement, announced in July, stipulated that, under the monicker "Rafa," Nuñez joined a hacker group known as World of Hell, which prided itself on highlighting weaknesses in the security of government and corporate computers. A site run by the Defense Information Systems Agency (DISA) for the U.S. Air Force was among the Web sites defaced by Rafa, the agreement stated. Nuñez plead guilty to "intentionally damaging" that computer and causing $10,548 in damage.
"The plea agreement simply addresses his admission regarding this crime," said Jeffrey Dorschner, spokesman for the U.S. Attorney's office in Denver. "The U.S. sentencing guidelines takes into account his prior criminal history and the financial impact of the crime, but also whether he takes responsibility for his actions."
The hacking group World of Hell defaced a number of sites in 2001, including a mass defacement using an automated script that replaced hundreds of sites’ home pages with a message from the group. On June 10, 2001, a U.S. Air Force site had its home page replaced by the message, "woh is Back...and kiss my a** cause I just Owned yours! - America's Air Force Department of Defense computer system 0wn3d by [RaFa]," according to the original complaint filed by Joseph Diebert, a special agent with the Defense Criminal Investigative Service.
A comment posted on the group's Web site by one of the members of World of Hell helped investigators crack the case, according to the complaint. In the online posting, the founder of the group Cowhead2000 stated he had a run-in with police at the DEFCON hacking conference in Las Vegas during the summer of 2001. The investigators were able to find the police records, which led them to the home of the 15-year-old founder of the group. A search of the teenager's computer disks found several Internet Relay chat (IRC) and I Seek You (ICQ) logs between Rafa and Cowhead2000, providing further links between the online identity of Rafa and Nuñez, according to the complaint.
Picking back up his work as a security professional may be difficult for Nuñez, said Seth Pack, director of the Counter Pedophilia Investigative Unit (CPIU), a freelance group that tracks down child pornographers and helps law enforcement officials prosecute them. Nuñez had frequently helped out the CPIU, and Pack said he could resume work there, but only after a long discussion.
"I am not ruling out his working here," he said. "But we will have to talk about it and see what really happened."
Copyright © 2005, SecurityFocus