Rafael Núñez (aka RaFa), hacking NASA with the hacking group: World of Hell

by | Nov 11, 2021

Reading Time: 7 Minutes

 

Rafael Nunez is a hacker and computer security specialist born in 1979 in Puerto Ordaz, a city in Bolivar state, Venezuela. He is also known by the nickname “RaFa”.

At age 21, in 2001, he mocked one of the Pentagon’s servers and paralyzed the page of the US Air Force, for which he was arrested a few years later at the Miami airport.

 

Early Years

 

RaFa spend his junior years in Puerto Ordaz in Venezuela and became interested in computer science at an early age. He started experimenting with computers like Kaypro 4 and NEC using Microsoft MS-DOS.

At the ages between 14 and 16, he managed to learn networking which allowed him to understand how the internet works through dial-up and the IRC. 

 

Earning a reputation for helping others

 

RaFa joined the Counter Pedophilia Inves­tiga­tive Unit (CPIU) in 1998 as a deputy director where he was indispensable to online efforts for catching online predators and child pornographers, both in national efforts and within the United States.

He went on to help authorities catch a large number of pedophiles and child pornographers over the years, even while being a member of a hacking group.
He was also known for associating with another organization, “Prevented-Justice”, which has produced evidence leading to dozens of criminal convictions of online predators.

Nunez also worked with the Venezuelan authorities in helping find kidnapping victims as well.

 

First steps in the hacking community

 

At 17 he joined a community called Box Network of Slovakia as a graphic designer. He took the alias RaFa and his job was to make logo designs for hackers using his own page, logos4u.box.sk.

He got famous for his designs quickly and caught the attention of one of the lead members of World of Hell (WoH), Robert Junior aka CowHead2000. WoH, was at the time, one of the most well-known hacking groups in the world.

It was taken as an honor for them when WoH asked them for a logo design.
Later CowHead2000 invite RaFa to their group, and RaFa accepted their invitation and joined the group in March 2001.

In 2001, he obtained a certificate from the Hackademy School where he completed the three levels of computer security training at the DMP France society. He went soon to become a lead member of the WoH hacking group.

 

 

world of hell webiste

 WOH website in 2001, publishing news from their hacking activities. – source: archive.org

 

Attacks against the Defense Information Systems Agency of Pentagon

 

In June 2001, the hacking group defaced over 500 websites in one minute using automated scripts, a “hacking” record at the time.

RaFa also lead a cyber-attack against the DISA of the Pentagon where they defaced a website owned by the Pentagon and put a text that read: “WoH is Back … and kiss my ass cause I just 0wn3d yours!” and a hyperlink that redirected to WoH’s website.

The cyberattack was proven to be even more damaging when the website of the United States Air Force collapsed during the attack, the result of this collapse was 10000$ in damages. 

The hacking group performed multiple attacks during the next months on other DISA systems, where they wiped out accounts, compromised the security of an administrative program, and even made the systems unresponsive for multiple days. 

 

Hacking NASA

 

In 2002, NASA cybercrime investigators confirmed that RaFa also had privileged access to NASA sensitive documents but investigators couldn’t confirm whether a hacking incident had taken place.

The documents contained sensitive military information about experimental spacecraft designs and other confidential operating documents authored by Boeing and Pratt & Whitney for NASA. RaFa performed this attack with the WoH group in August 2001.

RaFa went on and uploaded more than 43 MB worth of documents, including a 15-part PowerPoint presentation that included engineering drawings of a spacecraft.

The documents also included design information on the COBRA space shuttle engine program and the risk deduction plan for the Boeing TA4 Advanced Checkout, Control, and Maintenance System which was the ground control system for the next generation space shuttles at the time, a part of a multibillion-dollar program of NASA’s 2nd Generation Reusable Launch Vehicle.

 

 

The young hacker also hacked into the systems for a second time, this time he hacked NASA’s White Sands Test Facility. He produced multiple user accounts using an anonymous FTP vulnerability to conduct both hacks.

In later interviews, Nunez said that he wasn’t aware of the sensitivity of the information that he obtained illegally.

 

World of Hell members being prosecuted.

 

In 2001 multiple members were arrested when in July Robert Junior (CowHead2000), a lead member of the WoH group arrested by the police after an altercation, and when they searched his home, they found connections back to the group.

An investigation was carried and after four months he was arrested along with two other members, dawgyg and Vandal.

The members of the group didn’t have any information about the nationality or age of RaFa making it almost impossible for the authorities to find him after interviewing them.

 

Changing objectives and arrest

 

Near the end of 2001, Rafa left the hacking group for good. He proceeded in 2003 to acquire the international certificate Certified Ethical Hacker (CEH) and began working as a senior research scientist in Scientech (Now EnergySolutions).

In the same year, he went on to work for CANTV, a Venezuelan Internet service provider that was partially owned by Verizon Communications Inc.

Nunez also launched in the same year the Counter Pedophilia Investigative Unit website (https://cpiu.es/) that exists even today to fight against pedophilia.

cpiu.es website

website CPIU

 

Rafael Nunez website against pedophilia – source: https://cpiu.es/

 

Arrest and Trial

 

On April 5, 2005, almost four years since the investigation began for NASA’s and Department of Defense’s hacks by agents of the Pentagon’s Defense Criminal Investigative Service, Nunes was arrested at the Miami International Airport as a suspect when he arrived for a conference.

After his arrest, Law enforcement officials transferred Nunez to Denver, Colorado, where he was charged.

According to the court, they attributed two charges, one for computer fraud and the other for intentional damage to computer systems belonging to the State. He could face up to 1 year for the first charge and up to 13 years for the second.

 

 

During the lengthy trial, a lot of details played their role for the court to define a sentence for Nunez.

Nunez hacked the Department of Defense while being on Venezuelan soil, where no laws against computer crime apply. He did the attack before the 9/11 attacks, meaning that the Patriot Act wasn’t created which would be hurtful in his case.

He was working for an American company, CANTV at the time and also participated in the fight against pedophilia, maintaining a site for parents to teach their children to protect themselves from pedophiles, while also helping authorities to capture pedophiles end kidnapped kids.

In addition to that, Nunez had never committed a crime before and the officers didn’t find anything incriminating on his laptop. 

For all those reasons, his sentence was reduced only to nine months in prison. Afterward, he was deported back to Venezuela and he was not permitted to visit the U.S for 10 years.

 

 

Present

 

Rafael Nunez ceo MásQueDigital

 

 Rafael Nunez. – source: masquedigital.com

 

After his release, Nunez continue to work for what he loved, securing companies through ethical hacking.
He created his own information security consulting and digital marketing firm, MásQueDigital, where he works with banks and other institutions, such as New York Times, PC World, Computer World, etc., helping them secure their systems.Nunez also held conferences in more than 15 countries to help people know the mindset of a hacker and presented one of the central papers about ethical hacking, threats, and cyber-attacks against organizations at the 20th National Security Congress in the Dominican Republic. 

 

 

Share This