Attacks/Breaches
5/29/2012
12:44 PM
50%
50%

FBI Busts Mayor For Hacking Recall Website

New Jersey mayor and son arrested and accused of targeting website and email account associated with a campaign to recall the mayor.

The FBI last week arrested the mayor of the northern New Jersey town of West New York (population 50,000), together with his son, on charges of hacking into a website--and a related email account--that called for the mayor's recall.

The men behind the alleged hack attack--Felix Roque, 55, and Joseph Roque, 22--have been charged with gaining unauthorized access, causing damage to protected computers, and conspiracy to commit those crimes. If convicted of all charges, they each face up to 11 years in prison and fines of up to $750,000.

As first quipped by Mashable.com, the alleged attacks give new meaning to the term "political hack."

[ Sophisticated Flame malware has the markings of a Western intelligence agency. Read more at Flame Espionage Malware Seeks Middle East Data. ]

The allegedly hacked website, www.recallroque.com, was created in early February 2012 by an anonymous public official who lives in Hudson County, N.J., who's referred to in court documents as "Victim 1." The now-defunct recall campaign website, which was hosted by GoDaddy.com, offered pointed commentary and criticism of Mayor Roque and his administration.

The mayor apparently decided to retaliate. "On February 6, 2012, Mayor Roque and his son, Joseph Roque, schemed to hack into and take down the website and to identify, intimidate, and harass those who operated and were associated with the website," read court documents. Prosecutors accused Joseph Roque of first emailing the recall site's owner to arrange an in-person meeting. When that failed, he searched Google for "hacking a GoDaddy Site," "recallroque log-in," and "html hacking tutorial," according to court documents, and ultimately was able to redirect all of the website traffic to Weebly, a service provider located in California, and store a copy of the data there.

"By the late afternoon of February 8, 2012, Joseph Roque had successfully hacked into various online accounts used in connection with the recall website. Joseph Roque then used that access to disable the website. Mayor Roque harassed and attempted to intimidate several individuals whom he had learned were associated with the recall website," read the court documents.

"Mayor Roque stated that he, the Mayor, had a friend in high levels of government who had shut the Recall Website down," read the complaint. According to Victim 1, Mayor Roque stated that "everyone would pay for getting involved against him." Roque also claimed to have obtained the information about the site's owner via a friend at the CIA.

Officials have accused the men of a "violation of public trust" for attacking other people's right to free speech. "The elected leader of West New York and his son allegedly hacked into computers to intimidate constituents who were simply using the Internet to exercise their Constitutional rights to criticize the government," said U.S. Attorney Paul J. Fishman, in a statement. "We will continue to investigate and prosecute those who illegally hack into computers and disable websites with the goal of suppressing the exercise of that right."

The FBI also suggested that its cyber-crime investigation capabilities could have been put to better use. "It's incredibly disappointing that resources have to be diverted from protecting the U.S. against cyber intrusions targeting critical infrastructure, federally funded research, and military technology to address a public official intruding into computer systems to further a political agenda," said FBI Special Agent in Charge Michael B. Ward, in a statement.

Given that these allegations were leveled over a recall website, might the alleged hack attack now also lead to Roque's removal as mayor before his elected term expires on April 30, 2014? Reached by phone, a town public affairs official said she had no comment on the matter. The mayor's office, meanwhile, didn't immediately return a phone call requesting comment.

Mayor Roque, however, told law enforcement personnel during a March 2012 interview that he had nothing to do with any hacking attacks. "Mayor Roque denied directing his son ... to take down the Recall Website or to hack into it. Mayor Roque further stated that if his son did something wrong, he [Joseph] should go to jail, and that if he [Mayor Roque] did something wrong he [Mayor Roque] should go to jail as well," said FBI special agent Ignace Ertilus in a court filing. "Mayor Roque stated, among other things, that he would be fine if he had to go to jail because he was set financially and had 'lived the dream,' and would not have a problem with serving time in jail because he would work out and read while there."

Hacktivist and cybercriminal threats concern IT teams most, our first Federal Government Cybersecurity Survey reveals. Here's how they're fighting back. Also in the new, all-digital Top Federal IT Threats issue of InformationWeek Government: Why federal efforts to cut IT costs don't go far enough, and how the State Department is enhancing security. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1421
Published: 2014-11-25
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

CVE-2014-3605
Published: 2014-11-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate is a reservation duplicate of CVE-2014-6407. Notes: All CVE users should reference CVE-2014-6407 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-7839
Published: 2014-11-25
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.

CVE-2014-8001
Published: 2014-11-25
Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file.

CVE-2014-8002
Published: 2014-11-25
Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?