Affidavit Lays Out Electronic Trail To Hacker

Affidavit Lays Out Electronic Trail To Hacker
Posted by FoM on March 11, 2000 at 23:03:10 PT
By Carl Perreault, Union Leader Staff
Source: The Union Leader
Court records released this week not only tell how investigators were able to track a teen hacker from a defaced California Web site to his home here, it also provides insight into the footprints we all leave when we travel the Internet. The District Court of Southern Carroll County on Friday made public the affidavit filed by law enforcement for the arrest of confessed hacker Dennis M. Moran, 17, who goes by the online alias Coolio. 
 The record details an investigation that began Dec. 14, 1999. That's when Ralph LachRidge, director of DARE America, filed a report with Los Angeles police after the defacement of the anti-drug organization's Website.  On Nov. 14 and again on Nov. 17: which promotes anti-drug and anti-violence messages to young people, was transformed by Moran with messages of his own. "Reagan lost the war on drugs  end it now" it reads under a picture of a fat rat sitting on its backside. The photo captions says "This rat is HIGH on MARIJUANA." Links also are provided to pro-drug Web sites, including,,, and a site that advocates the legalization of marijuana.  The defacement on Nov. 17 included the posting of a cartoon Donald Duck injecting with a hypodermic needle, a salacious sound clip of Donald Duck, and lyrics to the Mickey Mouse Club song.  Following the hacks, DARE shut down its site for repairs and to move it to a more secure Internet hosting service. This downtime cost the organization about $18,000 LochRidge told investigators  the figure includes the cost of repairs, moving the site and lost advertising revenues. The DARE site, which receives about a million visits a month, is funded through corporate sponsorships.  " pays $1 for every person who clicks on the link displayed on the Web site," Special Agent Kevin L. Swindon of the Federal Bureau of Investigations explains in the affidavit. Swindon is a member of the FBI's Computer Analysis Response Team that works out of Boston.  At the bottom of the parody DARE Web pages were the messages "Coolio is k-r4d and so are drugs" and "Craftily owned by Coolio :D." These gave investigators a place to start.  Detective Michael Brausman of the Los Angeles Police Department, the first investigator on the case, used the search engine to find a Web page that included an email address for "Coolio" This he traced to an Web site called: hosting a directory with the name Coolio. In this directory the detective found one of the images that was posted on the defaced DARE site.  On Dec. 23, the detective contacted the owner of the Phoenix, Ariz.-based server "leet.k-r4d", Nils McCarthy, who confirmed that he had logs and email conversations on file related to Coolio's directory.  On Dec. 29, Brausman contacted Arizona authorities, who executed a search warrant the following day on the server. They found that the person using the Coolio account was also using the email address coolio and had sent email messages to the Web sites hacked and hacked The messages announced that the Web sites and  a federal site that deals with the reporting and inspection requirements of the Chemical Weapons Convention  had been hacked. The Web site is well known to hackers, according to Swindon, and hosts a gallery of archived hacked pages for future viewing.  Vanity and the email record would prove Coolio's undoing. A message dated Nov. 4, 1999, from coolio to admin, read: "Hello, I was wondering if it's possible to register and host the NS for it like Internic domains. I'm not interested in it for a Web page, but just to allow an IP to reverse resolve to (my nickname). If there's any way I could buy the domain for this, please email me pricing and information. Thanks, Dennis Moran."  Further, a message dated Nov. 14, 1999, included Moran's name, address and phone number.  On Dec. 30., Detective Brausum contacted the Wolfeboro Police Department to inquire about Moran. He was told Moran's name had come up during an unrelated investigation.  "The case notes revealed that during an interview with Sgt. Black, Dennis F. Moran stated that he had a 17-year-old son named Dennis who spent all his time upstairs on his computer. Dennis F. Moran also told Sgt. Black that he did not know anyone who knew computers better than his son Dennis," Swindon told the court.  Moran was interviewed by investigators for the first time on Feb. 17 and admitted to the defacement of and two other Web sites. His computer was seized and is currently being examined by the FBI for additional evidence.  "He refused to comment initially on the computer hacks of, and," Swindow said. "After allowing him the opportunity to speak with his father in private, Dennis M. Moran provided a handwritten statement explaining in detail how he attacked After doing so, Dennis M. Moran also admitted that he was responsible for the hacks against and"  Billing itself as "the most trusted name in e-Security," RSA Security, which is based in Bedford, Mass., was hacked on Feb. 12 by Coolio, who posted taunting messages  "Owned by Coolio," "Copyright 2000 Coolio", "RSA Security Inc. Hacked," "Trust us with your data! Praise Allah!"  In addition to the incriminating email found on the Arizona server, investigators also found computer programs designed for use in so-called "Denial of Service" attacks. In mid February, several high profile commercial Internet sites, including,, and, were the subjects of such an attack. Flooded with bogus Web traffic, the targeted sites were forced to turn away legitimate visitors for several hours.  Moran denies participating in those attacks, but the FBI investigation is continuing, according to Swindow.  Based on the information provided by the affidavit, the State of New Hampshire last week charged Moran as an adult with two Class A felonies for the defacement. Each carries a penalty of up to 15 years in prison and a $4,000 fine. He could also be required to pay restitution to DARE America. Wolfeboro: News - March 12, 2000 Copyrighted: The Union LeaderRelated Articles:Hacking Charges Brought Against Teen End of Anonymity? - Wired Magazine,1367,34874,00.html
Home Comment Email Register Recent Comments Help

Post Comment

Name: Optional Password: 
Comment: [Please refrain from using profanity in your message]
Link URL: 
Link Title: