Dennis Moran faces two charges of unauthorized access to a computer system. Each charge carries a sentence of up to 15 years in prison.
Moran is charged with hacking into DARE.com and defacing it with pro-drug slogans and images, including one depicting the Disney character Donald Duck with a hypodermic needle in his arm.
The polite 17-year-old who says he dropped out of school because he was bored admitted Friday he hacked into several Web sites, including one of a leading computer security company.
But Moran, who used the screen name "Coolio," denied responsibility for well-publicized attacks last month on major electronic-commerce companies. Sites including Yahoo! and Amazon.com were put out of business for hours by a barrage of messages sent to them all at once.
Moran said some friends started a rumor in an Internet chat room that he was responsible for those attacks and he jokingly took credit for them. Unbeknownst to the youths, a security expert from Stanford University was listening in and sent logs to the FBI, Moran said.
"He didn't realize I was joking," Moran said.
Last month, Justice Department officials identified "Coolio" as one of three hackers, known only by their monikers, sought for questioning in the string of attacks on popular Web sites. But federal investigators believe the New Hampshire boy is only one of a number of people who have used "Coolio" -- the name of a popular rapper -- as a screen name.
Los Angeles police became involved while investigating an attack on the anti-drug abuse site they founded.
After the youth's residence was searched a weeks ago, he told investigators he has been using computers since he was three years old, and spends about 16 hours a day on the Internet, Officer Joe Buscaino of the Los Angeles Police Department said Thursday.
Buscaino said Moran told the FBI he had hacked into 100 Web sites. Friday, Moran insisted it was only three -- Dare.com, a U.S. Commerce Department site that outlines rules for exporting chemicals that could be used to produce weapons, and Rsa.com, operated by RSA Security Inc., one of the nation's most prominent Internet security companies.
On Feb. 13, "Coolio" redirected visitors to RSA's Web site - which proclaims itself "the most trusted name in e-security" to another hacked computer at a university in South America. There, a nearly duplicate hoax site proclaimed: "Trust us with your data! Praise Allah!"
The hacker left a message, "owned by coolio," and derided RSA's earlier announcement that it had developed a countermeasure to the types of attacks suffered a week earlier at major commercial Web sites.
Dennis Moran Sr. said his son's intent was benign.
"He was showing these peope, 'You better shore up your systems because look what I can do here,'" said the elder Moran, a computer trouble-shooter for a small biotech company in southern New Hampshire.
The father said he is confident his son is telling the truth about being uninvolved in the attacks on major sites last month.
"He's been perfect all his life. He never caused anybody any trouble," he said.
CBS Worldwide Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report