Global Hell hacker to plead guilty, Part I

Summary:'MostHateD,' a 19-year-old, will admit he ran a sophisticated cybergang that caused up to $2.5m in damages

The ringleader of the infamous hacker clan known as Global Hell is scheduled to plead guilty to one count of conspiracy for "telecommunications fraud" and "computer hacking" next Wednesday, ZDNN has learned. Patrick Gregory, a 19-year-old Houston resident, who goes by the name "MostHateD" on the Net, ran a sophisticated cybergang that borrowed heavily from tactics used in typical street gangs, according to the former US assistant district attorney who led the Global Hell investigation.

Gregory was scheduled to make his plea Wednesday, but an "unavoidable circumstance" kept him from making the trip to Dallas, said Matthew Yarbrough, who led the cybercrimes task force on the Global Hell investigation and was the lead prosecutor in the case.

Gregory did not return calls for comment.Gregory has promised to cooperate with federal investigators as part of his plea agreement and to take a lie detector test.

Five years and $250,000

As a result of his plea agreement, Gregory could face a jail sentence of up to five years and be fined up to $250,000 (£157,000). Under the plea agreement, Gregory admits that the combined losses due to his actions and those of other gH members ranged between $1.5m and $2.5m.

However, government lawyers are allowed to file a motion on Gregory's behalf asking the court to lower his sentence "to reflect the defendant's substantial assistance to the government in connection with its continued investigation of the case," court papers say.

Officials familiar with the case declined to comment on whether Gregory had provided specific information on criminal acts by other gH members, citing the on-going nature of the investigation.

However, sources familiar with the investigation have told ZDNN that other indictments or arrests are expected.

Two other gH members have already been convicted of computer-related crimes. The first was 19-year-old Washington state resident Eric Burns, known online as Zyklon, who pleaded guilty in November for defacing the official White House web site. And Chad Davis of Wisconsin, 20, a co-founder of gH known as mindsphar, was sentenced to six months in jail for defacing the US Army's Web site.

It's not known whether Gregory will be banned from using computers; Burns is prohibited from using a computer for three years. The court, when officially sentencing Gregory, will make that decision. However, Gregory does have to give up the computers he used during the commission of his crimes, according to court papers.

Mother's Day raids

Yarbrough, who now works as an e-commerce lawyer for Vinton & Elkins, a Dallas law firm, headed up one of the nation's most extensive computer crime-related raids last year when he drew up search warrants to be served simultaneously against 16 members of Global Hell in 12 different jurisdictions. Those raids took place on Mother's Day and were first reported by ZDNN.

News of those raids kicked off a huge online retaliation effort. Many Web sites were defaced denouncing the FBI raids and voicing support for Global Hell. In addition, the FBI's own Web site was targeted by a Denial-of-Service attack.

The ferocity of that denial of service attack against the FBI's Web site rendered the site inaccessible by the public. When FBI took the site down to determine the cause of the attacks, the digital underground cheered.

Gregory and members of Global Hell, known as "gH," were responsible for breaking into, defacing and destroying data on some 115 sites, according to court papers filed in US District Court in Dallas. Gregory didn't commit or take part in all of those attacks; however, he had some knowledge or participated in some way with the "co-conspirators," the court papers say.

In addition, Gregory admitted to stealing certain conference calling codes that allowed him and others to create illegal conference calling "bridges," Yarbrough said, in which "50 to 1,000 hackers would be talking to each other" at the same time.

Those conversations eventually led investigators to some of their most damning evidence against gH members, Yarbrough said, because the illegal callers made a "stupid mistake," Yarbrough said.

"What they didn't know is that they left the recording function of the conference bridge open when they were in there," Yarbrough said, "and we had a tape of all their conversations. We didn't need a wiretap, it was already there."

Not interested at first

Ironically, the gH case was "one of those that we didn't want to do anything with," Yarbrough said, "it just didn't seem like a big deal at first." But the attacks wouldn't stop; they were brazen, Yarbrough said and when they found out how extensive the group's membership was, given the evidence gathered from the conference calling tapes, "we knew we had to do something." In addition, the attacks by gH members "just kept coming," not unlike a gang of thugs that vandalises a neighbourhood night after night, Yarbrough said.

Yarbrough dubbed gH a "cybergang" citing its gang-like organisation structure and the types of crimes its members indulged in, which included trafficking in stolen credit card numbers and a kind of digital extortion.

Members of gH would break into a computer system and Gregory would then come along and say, "'You know, I can stop those rocks coming from your front window and destroying your business if you pay me some money,'" Yarbrough said, "A bunch of different companies got calls like that."

From street to cyberspace

In an interview with ZDNN last year after the Mother's Day raids, Gregory and other members of gH said the group had "gone legit." In a rambling online interview session, members of gH proclaimed that the raids and their pending consequences essentially had them "scared straight."

Though no further Web defacements were attributed to gH members, since they "went legit," however, investigators say that not all illegal activity by gH members stopped after their public declaration.

In fact, some investigators say that the denial-of-service attacks launched on the FBI in the aftermath of the Mother's Day raid bear "striking similarities" to the high-profile attacks earlier this year against Yahoo and Amazon.com, among others.

Gregory is a known street gang member in the Houston area, Yarbrough said. Gregory had previously told MSNBC.com that he thought of computers as "his way out" of the gang lifestyle and that he planned to make a career out of them.

But ZDNN has learned that recently Gregory was involved in what authorities will only describe as "serious gang-related activity."

What made gH and Gregory such an interesting case, Yarbrough said, is the way he organised the online group and held it together.

Hacker groups are notorious for their flighty memberships and volcanic lifespans, with rosters sometimes changing daily as groups splinter over nothing more complex than a profanity-laden, locker-room style verbal brawl carried out in an online chat room.

"These guys (gH) were like a real gang, like Crips or Bloods," Yarbrough said. This is "very unusual for hackers," said Yarbrough, who has had extensive experience investigating and tracking online crime. Gregory "was really able to apply a lot of the street mentality, traditional physical world gang [experience] to the cyberworld," he said.

Take me to Part II

Take me to Hackers

It's time to take a stand -- Steven Vaughan-Nichols has some tricks of the trade to slow down denial-of-service attacks. Go to AnchorDesk UK to read the news comment.

What do you think? Tell the Mailroom. And read what others have said.

Topics: Networking

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.