Last updated: 21 March 2014
Felix Roque, mayor of a New Jersey town (West New York) just minutes from downtown Manhattan, was arrested May 25th for hacking into a website that posted less than flattering comments about him and his administration. The now defunct site, www.recallroque.com, had been targeted by both Roque and his son, Joseph, since it was set up by a local resident in early February.
Joseph (we’ll call him the brains of the operation) was in charge of figuring out how to hack into recallroque.com and disable the site. Google was where Joseph turned to learn his new craft. Using search terms such as “hacking a Go Daddy site” (GoDaddy.com hosted the account) and “html hacking tutorial”, Joseph learned how to penetrate the email account of the domain owner.
Once inside, his research paid off—at least for a few days. Joseph worked his way through emails which not only provided more fuel for the fire burning within the Roque campaign, but also exposed the identities of several contributors to the “Recall Roque” movement. Once Joseph had acquired all the information he could, he changed the password and disabled the domain, deactivating the website.
With this information, Felix Roque began to to call or email the website’s contributors with the intention of intimidating or threatening them. He also called the owner of the site. After identifying himself as a government official, Felix told the owner the site was removed by “high government officials” and that “everyone would pay for getting involved against Mayor Roque.” However, As Roque continued to call and threaten contributors with CIA insider knowledge and IRS tax audits, the FBI was already on to them and listening to every word.
Both father and son were charged with conspiracy and with gaining unauthorized access to a computer in furtherance of causing damage to protected computers. Each charge carries a maximum of five years in prison and a fine of up to $250,000. They were also charged with causing damage to protected computers, which can carry a punishment of up to one year in prison and a fine of up to $250,000.
In our blogs around online authentication, we often talk about hackers getting smarter and more tenacious about getting at your data. But after reading this story, it sounds like professionals are not the only ones we need to look out for. This is just another example of how single authentication with a user name and password is not strong enough to ward off anyone with access to a good search engine and some time on their hands.