Attacks/Breaches
5/29/2012
12:44 PM
Connect Directly
RSS
E-Mail
50%
50%

FBI Busts Mayor For Hacking Recall Website

New Jersey mayor and son arrested and accused of targeting website and email account associated with a campaign to recall the mayor.

The FBI last week arrested the mayor of the northern New Jersey town of West New York (population 50,000), together with his son, on charges of hacking into a website--and a related email account--that called for the mayor's recall.

The men behind the alleged hack attack--Felix Roque, 55, and Joseph Roque, 22--have been charged with gaining unauthorized access, causing damage to protected computers, and conspiracy to commit those crimes. If convicted of all charges, they each face up to 11 years in prison and fines of up to $750,000.

As first quipped by Mashable.com, the alleged attacks give new meaning to the term "political hack."

[ Sophisticated Flame malware has the markings of a Western intelligence agency. Read more at Flame Espionage Malware Seeks Middle East Data. ]

The allegedly hacked website, www.recallroque.com, was created in early February 2012 by an anonymous public official who lives in Hudson County, N.J., who's referred to in court documents as "Victim 1." The now-defunct recall campaign website, which was hosted by GoDaddy.com, offered pointed commentary and criticism of Mayor Roque and his administration.

The mayor apparently decided to retaliate. "On February 6, 2012, Mayor Roque and his son, Joseph Roque, schemed to hack into and take down the website and to identify, intimidate, and harass those who operated and were associated with the website," read court documents. Prosecutors accused Joseph Roque of first emailing the recall site's owner to arrange an in-person meeting. When that failed, he searched Google for "hacking a GoDaddy Site," "recallroque log-in," and "html hacking tutorial," according to court documents, and ultimately was able to redirect all of the website traffic to Weebly, a service provider located in California, and store a copy of the data there.

"By the late afternoon of February 8, 2012, Joseph Roque had successfully hacked into various online accounts used in connection with the recall website. Joseph Roque then used that access to disable the website. Mayor Roque harassed and attempted to intimidate several individuals whom he had learned were associated with the recall website," read the court documents.

"Mayor Roque stated that he, the Mayor, had a friend in high levels of government who had shut the Recall Website down," read the complaint. According to Victim 1, Mayor Roque stated that "everyone would pay for getting involved against him." Roque also claimed to have obtained the information about the site's owner via a friend at the CIA.

Officials have accused the men of a "violation of public trust" for attacking other people's right to free speech. "The elected leader of West New York and his son allegedly hacked into computers to intimidate constituents who were simply using the Internet to exercise their Constitutional rights to criticize the government," said U.S. Attorney Paul J. Fishman, in a statement. "We will continue to investigate and prosecute those who illegally hack into computers and disable websites with the goal of suppressing the exercise of that right."

The FBI also suggested that its cyber-crime investigation capabilities could have been put to better use. "It's incredibly disappointing that resources have to be diverted from protecting the U.S. against cyber intrusions targeting critical infrastructure, federally funded research, and military technology to address a public official intruding into computer systems to further a political agenda," said FBI Special Agent in Charge Michael B. Ward, in a statement.

Given that these allegations were leveled over a recall website, might the alleged hack attack now also lead to Roque's removal as mayor before his elected term expires on April 30, 2014? Reached by phone, a town public affairs official said she had no comment on the matter. The mayor's office, meanwhile, didn't immediately return a phone call requesting comment.

Mayor Roque, however, told law enforcement personnel during a March 2012 interview that he had nothing to do with any hacking attacks. "Mayor Roque denied directing his son ... to take down the Recall Website or to hack into it. Mayor Roque further stated that if his son did something wrong, he [Joseph] should go to jail, and that if he [Mayor Roque] did something wrong he [Mayor Roque] should go to jail as well," said FBI special agent Ignace Ertilus in a court filing. "Mayor Roque stated, among other things, that he would be fine if he had to go to jail because he was set financially and had 'lived the dream,' and would not have a problem with serving time in jail because he would work out and read while there."

Hacktivist and cybercriminal threats concern IT teams most, our first Federal Government Cybersecurity Survey reveals. Here's how they're fighting back. Also in the new, all-digital Top Federal IT Threats issue of InformationWeek Government: Why federal efforts to cut IT costs don't go far enough, and how the State Department is enhancing security. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2021
Published: 2014-10-24
Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.4.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name.

CVE-2014-3604
Published: 2014-10-24
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVE-2014-6230
Published: 2014-10-24
WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.

CVE-2014-6251
Published: 2014-10-24
Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request.

CVE-2014-7180
Published: 2014-10-24
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.