April 16, 2015

Member of Hacking Group Sentenced to Three Years in Prison for Intrusions into Corporate and Governmental Computer Systems

LOS ANGELES—A member of the SwaggSec hacking group was sentenced today to three years in federal prison for participating in a series of computer attacks that compromised computer systems at DirecTV, Farmers Insurance and the Los Angeles Department of Public Works.

Mario Patrick Chuisano, 32, of Staten Island, New York, who used the online monikers “fame” and “infam0us,” was sentenced this morning in Los Angeles by United States District Judge S. James Otero.

In addition to the prison term, Judge Otero ordered Chuisano to pay $2,662,438.80 in restitution to the three victims.

Chuisano pleaded guilty in June 2014 to conspiracy to intentionally cause damage to a protected computer, as well as to possession of an unregistered firearm, namely a sawed-off shotgun. In addition to the sawed-off shotgun that was discovered in Chuisano’s residence during the execution of a search warrant, agents from the Federal Bureau of Investigation recovered an unregistered handgun, brass knuckles, and equipment that could be used to manufacture counterfeit credit and debit cards, according to court documents.

During 2012 and 2013, SwaggSec, or “Swagg Security,” carried out a series of computer attacks and released some of the information stolen from the compromised systems through an eponymous social media account.

When he pleaded guilty last year, Chuisano, a self-taught “hacker,” admitted that he installed a Remote Access Trojan (R.A.T.) installed on the computer of an insurance agent and that he used the R.A.T. to gain access to the computer and steal reports and documents related to sales agents, as well as thousands of sent and received e-mails and passwords from Farmers Insurance.

“The theft and release of passwords is particularly disturbing because many people use the same passwords for activities of daily Internet life, such as banking and device access,” prosecutors wrote in a sentencing memo filed in relation to today’s hearing. “Publishing stolen passwords accompanied by other identifying information about individuals invites ‘follow-on’ victimization. Moreover, even the naked passwords absent other identifying information can be used by criminals to increase password databases used in brute-force password cracking programs.”

In relation to the attack against the Los Angeles Department of Public Works, hackers, including Chuisano, exploited vulnerability in Adobe’s ColdFusion platform to steal e-mails and personal identifying and health information for more than 3,000 people.

SwaggSec is believed to have patterned itself after the similarly named LulzSec, a group of computer hackers who carried out a series of high-profile computer attacks in 2011. Two members of LulzSec—Raynaldo Rivera, also known as “neuron,” and Cody Andrew Kretsinger, also known as “recursion”—were prosecuted by the United States Attorney’s Office in Los Angeles and received prison time for their roles in the attacks (See: http://www.justice.gov/usao/cac/Pressroom/2013/102.html).

This investigation into SwaggSec was conducted by the Federal Bureau of Investigation, Los Angeles Field Office, and the Bureau of Alcohol, Tobacco, Firearms and Explosives, New York Field Division.