'Deceptive Duo' Hacker under House Arrest

Former pro-Napster hacker Robert Pimpshiz Lyttle is revealed as one-half of the mysterious Deceptive Duo, and sentenced to house arrest for violating his no-more-hacking probation rules

MARTINEZ, Calif.--Convicted pro-Napster hacker Robert Lyttle appeared in juvenile court here Wednesday morning and was ordered onto house arrest, after violating his probation by acting as one half of the self-styled "patriotic" defacement team "The Deceptive Duo."

The hearing followed a raid by FBI and Defense Department investigators Monday at Lyttle's Pleasant Hill, Calif. home, where they searched for computer equipment, passwords and "computer files which refer to 'The Deceptive Duo', Level 3 Communications, Earthlink, government, military or municipality Web sites," according to the search warrant issued in the case, reviewed by SecurityFocus Online.

Lyttle was briefly detained and released at Monday's raid. Agents emerged with an IBM Thinkpad laptop computer, a thumbprint reader and other items.

According to sources familiar with the investigation a similar search was carried out in Florida on Sunday against the other half of the Duo -- allegedly a Web site hacker known as "The-Rev," a former member of the "Sm0ked Crew" responsible for defacing a New York Times Web site last year.

In recent weeks the Deceptive Duo has defaced dozens of governmental and private Web sites with patriotically-themed messages extolling the U.S. to shore up cyber defense for the sake of national security. "Tighten the security before a foreign attack forces you to," the Duo's defacements typically read. "At a time like this, we cannot risk the possibility of compromise by a foreign enemy."

Hacking in the name of a cause is nothing new for Lyttle. Less than four months ago he was sentenced in juvenile court to 90 hours of community service, two years probation, restitution and forfeiture of his computer for a summer 2000 Web site defacement spree in which, using the handle "Pimpshiz", he replaced some 200 Web pages with graffiti supporting music-trading site Napster.

On Wednesday he faced charges that he violated the terms of his probation, which barred him from hacking, and from using aliases online. He faced up to 30 days in detention for the violation.

Slim and clean-cut, dressed in a black dress shirt and slacks with a silver tie, Lyttle sat calmly in a court waiting area with his mother Malou Lyttle and his attorney for 45 minutes until his case was called. After a fifteen minute closed-door hearing, Lyttle was sent home with new computer restrictions -- he can now only use computers at school -- and a court order that bars him from leaving his house, except to attend classes at a local community college.

Lyttle declined to comment on the case on advice of his attorney.

The house arrest doesn't end things for Lytlle. Now 18 years old, he faces federal charges for his actions in the Deceptive Duo. Lyttle's lawyer admitted Wednesday that the hacker had come out of retirement to form the Duo, but said that he's no criminal.

"If this case goes federal, Robert will have a terrific necessity defense, because his purpose was to avert a greater evil: terrorist attacks on the information infrastructure," said San Francisco attorney Omar Figueroa. "He had no criminal intent whatsoever."

Figurora also charged that FBI agents exceed the scope of the search warrant in the case by searching Lyttle's mother's room, and taking items unrelated to computers -- like utility bills and a pager. According to the attorney, the agents entered the home wearing flak jackets, with guns drawn. "There's no reason they had to come in like gang busters," said Figurora.

The FBI's San Francisco office, which conducted the raid, referred inquiries to the Washington field office, which is spearheading the Deceptive Duo investigation. That office could not be reached for comment.

Security professionals have expressed skepticism about the Deceptive Duo's sincerity in claiming they want to make cyberspace a safer place for Americans, but other hackers may be more inclined to give Lyttle the benefit of the doubt.

"He's willing to go to prison for what he's doing," says hacker Adrian Lamo, who's acquainted with Lyttle through Internet chat systems. "If the self-appointed pundits had a chance to go to prison for their Monday morning quarterbacking, I have a feeling that many of them wouldn't be speaking so loudly."

By Kevin Poulsen

Before it's here, it's on the Bloomberg Terminal. LEARN MORE