Attacks/Breaches
5/29/2012
12:44 PM
50%
50%

FBI Busts Mayor For Hacking Recall Website

New Jersey mayor and son arrested and accused of targeting website and email account associated with a campaign to recall the mayor.

The FBI last week arrested the mayor of the northern New Jersey town of West New York (population 50,000), together with his son, on charges of hacking into a website--and a related email account--that called for the mayor's recall.

The men behind the alleged hack attack--Felix Roque, 55, and Joseph Roque, 22--have been charged with gaining unauthorized access, causing damage to protected computers, and conspiracy to commit those crimes. If convicted of all charges, they each face up to 11 years in prison and fines of up to $750,000.

As first quipped by Mashable.com, the alleged attacks give new meaning to the term "political hack."

[ Sophisticated Flame malware has the markings of a Western intelligence agency. Read more at Flame Espionage Malware Seeks Middle East Data. ]

The allegedly hacked website, www.recallroque.com, was created in early February 2012 by an anonymous public official who lives in Hudson County, N.J., who's referred to in court documents as "Victim 1." The now-defunct recall campaign website, which was hosted by GoDaddy.com, offered pointed commentary and criticism of Mayor Roque and his administration.

The mayor apparently decided to retaliate. "On February 6, 2012, Mayor Roque and his son, Joseph Roque, schemed to hack into and take down the website and to identify, intimidate, and harass those who operated and were associated with the website," read court documents. Prosecutors accused Joseph Roque of first emailing the recall site's owner to arrange an in-person meeting. When that failed, he searched Google for "hacking a GoDaddy Site," "recallroque log-in," and "html hacking tutorial," according to court documents, and ultimately was able to redirect all of the website traffic to Weebly, a service provider located in California, and store a copy of the data there.

"By the late afternoon of February 8, 2012, Joseph Roque had successfully hacked into various online accounts used in connection with the recall website. Joseph Roque then used that access to disable the website. Mayor Roque harassed and attempted to intimidate several individuals whom he had learned were associated with the recall website," read the court documents.

"Mayor Roque stated that he, the Mayor, had a friend in high levels of government who had shut the Recall Website down," read the complaint. According to Victim 1, Mayor Roque stated that "everyone would pay for getting involved against him." Roque also claimed to have obtained the information about the site's owner via a friend at the CIA.

Officials have accused the men of a "violation of public trust" for attacking other people's right to free speech. "The elected leader of West New York and his son allegedly hacked into computers to intimidate constituents who were simply using the Internet to exercise their Constitutional rights to criticize the government," said U.S. Attorney Paul J. Fishman, in a statement. "We will continue to investigate and prosecute those who illegally hack into computers and disable websites with the goal of suppressing the exercise of that right."

The FBI also suggested that its cyber-crime investigation capabilities could have been put to better use. "It's incredibly disappointing that resources have to be diverted from protecting the U.S. against cyber intrusions targeting critical infrastructure, federally funded research, and military technology to address a public official intruding into computer systems to further a political agenda," said FBI Special Agent in Charge Michael B. Ward, in a statement.

Given that these allegations were leveled over a recall website, might the alleged hack attack now also lead to Roque's removal as mayor before his elected term expires on April 30, 2014? Reached by phone, a town public affairs official said she had no comment on the matter. The mayor's office, meanwhile, didn't immediately return a phone call requesting comment.

Mayor Roque, however, told law enforcement personnel during a March 2012 interview that he had nothing to do with any hacking attacks. "Mayor Roque denied directing his son ... to take down the Recall Website or to hack into it. Mayor Roque further stated that if his son did something wrong, he [Joseph] should go to jail, and that if he [Mayor Roque] did something wrong he [Mayor Roque] should go to jail as well," said FBI special agent Ignace Ertilus in a court filing. "Mayor Roque stated, among other things, that he would be fine if he had to go to jail because he was set financially and had 'lived the dream,' and would not have a problem with serving time in jail because he would work out and read while there."

Hacktivist and cybercriminal threats concern IT teams most, our first Federal Government Cybersecurity Survey reveals. Here's how they're fighting back. Also in the new, all-digital Top Federal IT Threats issue of InformationWeek Government: Why federal efforts to cut IT costs don't go far enough, and how the State Department is enhancing security. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2208
Published: 2014-12-28
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.

CVE-2014-2209
Published: 2014-12-28
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.

CVE-2014-5386
Published: 2014-12-28
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initial...

CVE-2014-6228
Published: 2014-12-28
Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split ...

CVE-2014-6229
Published: 2014-12-28
The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string,...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.