A 22-year-old young man prosecuted under the Federal Computer Fraud and Abuse Act for conspiring via private chats and Twitter to gain unauthorized access to United States government computer systems and online accounts belonging to several United States government officials, to include CIA Director John Brennan, was sentenced on September 8, 2017 to 5 years in prison.

Justin G. Liverman, aka “D3F4ULT”, now 25 and an honor roll college student majoring in computer engineering, pleaded guilty on January 6 to a plea deal that included dismissal of charges carrying higher penalties in exchange to a plea for a charge with a 5-year maximum sentence. Liverman admitted to being a member of a conspiracy that called itself “Crackas With Attitude” (AKA “CWA”) to commit unauthorized computer intrusions, identity theft, and telephone harassment.

After the plea, his defense attorney Marina Medvin, principal attorney at Medvin Law Firm, told reporters

“Crackers with Attitude, aptly named, cracked entry into our highest ranking government officials’ accounts; easily too. What they also did was “crack” our over-trusting, optimistic perception of the American government. They showed us the need to second-guess our government’s promise of security and trust. I personally believe that significant good will come of this; that our government will implement stronger and more secure data policies – hopefully strong enough to keep kids from reading it and redistributing it.”

This conspiracy became a WikiLeaks source and information obtained was published via WikiLeaks. The conspiracy exposed the vulnerability of even the most senior US government officials to non-technical social engineering attacks. CIA Director John Brennan was the most famous of the victims listed. In October 2015, selected emails from John Brennan’s AOL account were published by WikiLeaks as the Brennan Emails and include drafts of policy documents, legislative drafts, contact details and, most sensitively, Director Brennan’s background security clearance questionnaire.

Members of CWA claimed to have gained access to a range of US government and law enforcement information by persuading individuals to hand over credentials over the course of late 2015 and early 2016, including the Law Enforcement Enterprise Portal (LEEP), which shares resources between law enforcement, intelligence, and other US government agencies. Director Brennan admitted that CWA had shown up just how vulnerable government officials were to attacks that fell well below the sophistication of nation-state actors, in part through the use of obsolete online services. In turn, the FBI was obliged to remind government and law enforcement employees about the importance of exercising basic information security standards across their personal email and social media accounts.

According to the statement of facts filed with the plea agreement, beginning in November 2015, Liverman conspired to attempt to intimidate and harass U.S. officials and their families by gaining unauthorized access to victims’ online accounts, among other things. For example, Liverman publicly posted online documents and personal information unlawfully obtained from a victim’s personal account; sent threatening text messages to the same victim’s cellphone; and paid an unlawful “phonebombing” service to call the victim repeatedly with a threatening message. In November 2015, the conspiracy used that victim’s government credentials to gain unlawful access to a confidential federal law enforcement database, where Liverman obtained information relating to dozens of law enforcement officers and uploaded this information to a public website. In total, the conspiracy targeted more than 10 victims and caused more than $1.5 million in losses to victims.

Liverman previously participated in legal US Government Program to “Hack The Pentagon.” This was the Pentagon’s first bug bounty program, using computer hacking skills to secure government systems from bad actors.

The only other US member of the conspiracy was sentenced earlier this summer. Other members of the conspiracy are located in the United Kingdom and are being prosecuted by the Crown Prosecution Service.

After the sentencing, Mr. Liverman’s defense attorney Marina Medvin told reporters:

My client was sentenced to 5 years. I disagree with the sentence. I view it as a disproportionately high sentence.

My client took responsibility for his actions and pleaded guilty. He was 22 years old at the time of the crime, a programming student in college with a clean record. His personal online attacks against family members of US officials in this case were juvenile and reprehensible. But they did not warrant this sentence.

We presented our client’s background at today’s sentencing and we showed the court that today he stood before the court as a mature, changed man at 25. We asked for a fair penalty, a penalty equivalent to that of the codefendant (codefendant Boggs was sentenced to 2 years). We concentrated on Justin’s intentions of finishing college (he’s on the Dean’s List with a 3.75 GPA) and his aspirations to work with businesses as a “White Hat” consultant. Justin tried to show the court that he had matured into a young man who aspires to direct his intelligence and skills productively, not destructively. Justin explained to the judge that he now knows his actions were wrong and he asked for leniency.

Instead of leniency, the judge perceived Justin’s apology statement as “arrogance” and sentenced him to 5 years. The judge concentrated on the victims and the harm brought to them from programmed telephone harassment to online facebook shaming. The victims he was most concerned with were a wife and a child of government officials. The judge also mentioned the police department as a victim of “swatting.” The judge acknowledged that my client’s psychological evaluation indicated that he misunderstood the nature of the harm of his actions because his actions took place in the digital realm, not “in real life,” and he did not understand the extent of the actual damage in the real world. The judge stressed that the harm was nonetheless real and happened in real life to these people. The judge appeared to distinguish personal harassment from simple publication of information online.

Learn more about the Federal Computer Fraud and Abuse Act, Computer Crimes & Hacking Defense: Federal Cyber Crime Defense Attorney Explains Computer Crime & Hacker Charges in the Federal United States District Court in Alexandria Virginia 18 U.S.C. § 1030


News Coverage and Additional Case Details:

Best Lawyers in Virginia - Criminal Defense and DUI Law