Al-Jazeera hacker admits guilt, awaits sentence

The hacker who attacked AL-Jazeera's Web site during the Iraq war has pleaded guilty to two charges stemming from the attack, but he is expected to get off very lightly

In a plea agreement with the US Attorney's office for the Central District of California, John William Racine II, a 24-year-old Web designer, admitted to tricking VeriSign subsidiary Network Solutions into giving him ownership of the aljazeera.net domain. Racine said he then redirected visitors to that Internet address to another site, where they were greeted by a US flag and the phrase "Let freedom ring." The man turned himself in to FBI agents on 26 March, according to the plea agreement.

"Racine gained control of the aljazeera.net domain name by defrauding Network Solutions, where Al-Jazeera maintained an account for its domain name and email services," the US Attorney's office said in a statement.

Racine, also known as "John Boffo," used a false photo identification card and forged signature to impersonate an Al-Jazeera systems administrator and get control of Al-Jazeera's account, according to the plea agreement. In doing so, he gained control of where any data sent to aljazeera.net -- including Web page requests and email -- ultimately ended up.

The actual defacement appeared on a free Web site service provided by NetWorld Connections. Technically known as a "redirect", the hack caused Web browsers that attempted to go to www.aljazeera.net -- as well as the English-language site, english.aljazeera.net -- to be surreptitiously redirected to the content hosted on NetWorld's servers and see the US flag instead.

For an entire week in late March, Al-Jazeera had to contend with technical problems and hackers that caused the site to be unavailable as often as not.

The Arabic and English news service, based in Doha, Qatar, found itself the focus of controversy during the war in Iraq for its coverage of the conflict. Opponents charged the Arab news group with bias, but many others have tuned into the young network's TV broadcasts and Web site for an alternative view of the issues surrounding the war and America's occupation of the Middle Eastern country.

The plea agreement states that on 24 March, after the initial verbal salvos between US government officials and Al-Jazeera, Racine searched the Internet and found that Muhammed Jasim AlAli was listed as the administrative contact for the Arab news service's Internet domain, aljazeera.net. He then created an account on Microsoft's Hotmail and impersonated AlAli in telephone messages and email to VeriSign, claiming that he needed to have the account password changed. Unable to answer a challenge question by a VeriSign employee, he said he would call back later.

Racine then created a false photo identification card with the name "Mohammed Jasim AlAli" and forged an authorisation form that requested VeriSign change the password. He sent the documents to VeriSign subsidiary Network Solutions and followed up with a telephone call. Based on that documentation and the phone call, VeriSign changed the password on 25 March, the plea agreement stated.

On March 27, after the defacement gained media attention, VeriSign suspended the Al-Jazeera account. By then, Racine had already contacted the FBI and provided the agency with evidence of what he had done, the plea agreement stated.

Racine "admitted that he knew his conduct was unlawful and voluntarily provided the documents and information to the FBI to assist in its criminal investigation," the agreement said.

Racine could have faced up to 25 years in prison and a fine of $500,000 (about £300,000). However, the US Attorney's office has agreed to request a much lighter sentence: three years of probation and 1,000 hours of community service. The ultimate decision on the sentence, however, resides with the judge.

Racine signed the plea agreement on Thursday, said the US Attorney's office. He will be arraigned in court Monday.

VeriSign couldn't immediately comment on the case.