February 27, 2021

For Suspected Hackers, a Sense of Social Protest

But at least some of the suspects are not your typical hard-core hackers, judging from interviews with two of them and the online traces of others. Some did not bother to cover their digital tracks as they participated in what they saw as an online protest. And some say they were unaware that their feverish clicks on a home computer may have been against the law.

The suspects, mostly in their 20s and living unremarkable lives in small towns and suburbs across the country, now face up to 15 years in prison. Among them are a college student, an ex-Marine, a couple of self-taught computer programmers, even a young man whose only celebrity before last week’s arrest was that he dressed up as Harry Potter for a movie premiere.

While federal law enforcement officials are clearly keen to quash the notion that online attacks are a form of social protest, the arrests highlight a far bigger challenge facing the authorities as they try to stop digital raids carried out by a large and ideologically motivated group of people scattered across the globe.

The Justice Department has accused the suspects of being part of a criminal conspiracy to damage the Web site of PayPal, the online payment company owned by eBay, which announced last December that it would stop processing donations for WikiLeaks after it exposed classified government information.

Anonymous encouraged retaliation against PayPal, rallying supporters on Twitter. Untold numbers of people — probably hundreds — jumped into the Anonymous-affiliated chat rooms. Some of them began lobbing large packets of data aimed at overwhelming PayPal’s system, using a program called Low Orbit Ion Cannon. The site was hampered for several hours.

Drew Phillips, a wry, serious 26-year-old programmer with a paunch that testifies to hours spent hunched over a computer, admits to joining one of those chat rooms when the attack was being discussed, and to tinkering with the program used in the attack. He said he could have obscured his Internet Protocol address, which can be used to identify a computer, had he thought that anyone was interested in what he was doing.

“I didn’t have anything to hide. I didn’t feel I had to mask my I.P. address,” he said over a caffe mocha at a coffee shop not far from Santa Rosa, his placid middle-class hometown north of San Francisco. “What would anyone want with me?”

Mr. Phillips admits he was sympathetic to the strike against PayPal, but he maintains he did not actually participate.

It took federal officials only a few weeks to catch up with Mr. Phillips. Police and federal agents with a search warrant, arrived at his home early one morning in January.

“What, did I download one too many movies?” he remembers asking facetiously. Federal agents were interested in what he was doing with the Low Orbit Ion Cannon software. Mr. Phillips, who works for a solar energy company, said he used it to test the endurance of his employer’s computer systems. They left with all his equipment: a server he had built himself, a desktop, two laptops and several flash drives. Federal agents returned last week to arrest him, charging him with causing damage to a protected computer and a related conspiracy charge. He says wryly that he suspects the government needed to make an example out of him.

Eugene H. Spafford, a computer security professor at Purdue University, was not convinced that the arrests last week would serve as a deterrent. Rather, he said, it could prompt others to be more careful in the future and even prompt retaliatory strikes.

“A whole bunch of people were angry, they didn’t really think about whether it was legal or not. It never entered their minds,” Professor Spafford said. “This was kind of the equivalent of a spontaneous street protest, where they may have been throwing rocks through windows but never thought that was against the law or hurting anybody.”

A federal law enforcement official, who would not be named because he was not authorized to speak about an active case, argued that denial-of-service attacks like the one against PayPal were costly and illegal: “These things are costing companies millions of dollars.”

Lisa Bruno contributed reporting from Jacksonville, Fla.

Article source: http://feeds.nytimes.com/click.phdo?i=08a1c4fc4f7966c251f54ac971d4b9dc

Speak Your Mind