Justin Liverman, arrested by the FBI for breaking into the AOL email account of CIA director John Brennan, has today signed a guilty plea deal in the face of what his lawyers described as "draconian penalties."
Brennan's webmail inbox was hijacked in 2015 and his emails were subsequently published by WikiLeaks. Liverman is among the five individuals collared for their involvement in the mischief, alongside Andrew Boggs in the US and three British teenagers, including one nabbed in February.
Under the handle "D3f4ult," Liverman was alleged to have joined "the conspiracy that referred to itself as 'Crackas With Attitude' or 'CWA'," as the prosecution put it, and targeted senior American government officials.
Liverman, 24, of Morehead City, North Carolina, faced several counts of felony conspiracy for his role in the trans-Atlantic hacking group: the crew was accused of accessing the personal accounts and systems of US government officials including Brennan largely through impersonation and social engineering.
According to prosecutors in the eastern district of Virginia:
Liverman conspired to attempt to intimidate and harass US officials and their families by gaining unauthorized access to victims’ online accounts, among other things. For example, Liverman publicly posted online documents and personal information unlawfully obtained from a victim’s personal account; sent threatening text messages to the same victim’s cellphone; and paid an unlawful “phonebombing” service to call the victim repeatedly with a threatening message.
In November 2015, the conspiracy used that victim's government credentials to gain unlawful access to a confidential federal law enforcement database, where Liverman obtained information relating to dozens of law enforcement officers and uploaded this information to a public website.
Liverman's legal team included lawyers experienced in defending against America's notoriously punitive Computer Fraud and Abuse Act (CFAA) – Tor Ekeland, Jay Leiderman and Marina Medvin. With their assistance, Liverman opted for an agreement in which he entered a guilty plea to a single felony count of conspiracy in return for a reduced sentence.
The agreement stipulates that Crackas With Attitude caused $1.5m in damage, with $95,000 of that caused by Liverman, who still faces a maximum sentence of five years imprisonment and restitution payments. His sentencing hearing will be held on May 12.
Ekeland described Liverman's arrest as "yet another instance where the CFAA's potentially draconian penalties outweigh the actual harm alleged." The legal eagle continued:
That the head of the CIA – an agency that undoubtedly hacks the personal emails of adversaries around the world to blackmail them – failed to use two-step authentication is scandalous.
The same can be said of the FBI's Criminal Justice Information Service, a national law enforcement database that was allegedly accessed through the same simple social engineering technique. Nothing was really hacked in this case, because important government officials and agencies left the door wide open.
One hopes that hostile nation state actors didn't walk through that open door before Justin did.
Sarah Harrison, the acting director of the Courage Foundation, which had raised emergency funds for Liverman, said: "Without CWA, the public would not know that the Director of the CIA did not take adequate precautions around his own security clearance questionnaire. There's barely any point talking about 'cyber attacks' from sophisticated nation state actors when the highest-level officials are leaving the front door wide open." Harrison continued:
If John Brennan will not face any penalty for his negligence, there's no good reason why anyone else should do. Justin Liverman's potential sentence is outrageous given the relative triviality of the Department of Justice's allegations. Courage's emergency appeal for Justin will remain open until he no longer needs our assistance.
Leiderman, known as the Hacktivist's Advocate for his previous defense of Anonymous suspects, said: "Justin has today admitted to taking part in the relatively newly minted beneficent tradition of providing information the public must know to WikiLeaks."
The lawyer said the CWA has "shown the world that the heads of the CIA, the National Cyber Command and US Homeland Security are themselves so cyber-insecure that it appears they were cut straight outta incompetence."
"It's time for the US to stop snooping on citizens and to get its own house in order," Leiderman concluded.
Meanwhile, Boggs, also from North Carolina, is set to plead guilty for his role in the conspiracy on January 10, according to the US Department of Justice. ®