November 22, 2024

Outcry Over Computer-Crime Indictment of Matthew Keys

A federal indictment of Mr. Keys filed in California on Thursday met an online cacophony of protests against the 1984 computer crime law under which he was charged, the Computer Fraud and Abuse Act.

The indictment says that Mr. Keys, who previously worked as a Web producer at KTXL Fox 40, a Sacramento-based television station that, like The Los Angeles Times, is owned by the Tribune Company, provided a user name and password to hackers associated with the group Anonymous. Those hackers then changed a headline on a Times online article from “Pressure Builds in House to Pass Tax-Cut Package” to “Pressure Builds in House to Elect CHIPPY 1337,” a reference to another hacking group.

Each of the three charges against Mr. Keys could result in fines of as much as $250,000, with possible prison terms of as many as five years in one count and as many as 10 in the other two. The Tribune Company spent more than $5,000 to update its systems in response to the attack, the indictment says.

The aggressive tactics by prosecutors come amid an uptick in prominent cyberattacks in recent months. Last week, President Obama met with chief executives to discuss online security, which has become a hot issue on Capitol Hill.

In Mr. Keys’s case, the scale of the potential punishment relative to the actual harm caused — the vandalism to the Web site was quickly fixed — raised comparisons to the potential sentence in the indictment of Aaron Swartz, a 26-year-old computer programmer and Internet freedom advocate. Accused of breaking into a university system to download an archive of scholarly papers, Mr. Swartz committed suicide in January.

“Anyone horrified by the amount of jail time” Mr. Keys faced should join in calling for Congressional reform of the computer fraud act, Trevor Timm, an advocate and blogger at the Electronic Frontier Foundation, a nonprofit that supports an open Internet, wrote in a Twitter post on Thursday.

Still, it is not clear that an overhaul of the fraud act would change the damage charges Mr. Keys is facing. Orin S. Kerr, a former computer crimes prosecutor who now is a legal scholar at George Washington University, said that the part of the fraud act covering damage to a computer, which Mr. Keys was accused of violating, was more straightforward than the part involving authorized access, which Mr. Swartz was charged with violating; some scholars, including Mr. Kerr, have called those provisions overbroad.

Moreover, several legal specialists said that even if Mr. Keys were convicted on all three charges, they most likely would be collapsed into a single offense for purposes of calculating a sentence since they involved the same basic conduct. The sentencing guidelines would then be consulted in light of Mr. Keys’s previous criminal history, if any, and the economic harm caused by the vandalism — including any overtime or outside consultants piad to audit the system after the intrusion was discovered.

Mark Eckenwiler, a former deputy chief of the Justice Department’s computer crime section, said that statutory maximums cited in department news releases are “purely theoretical” in most cases, and that it would be inappropriate for the department to speculate at the start of the case about what an eventual sentence would be.

“The truth is that a lot of first-time offenders may well come in the very bottom band” of the sentencing guidelines, he said.

Nevertheless, Mr. Keys’s defense team stoked the furor. “I think hackers are the new Communists for the D.O.J.,” Tor Ekeland, a Brooklyn-based lawyer representing Mr. Keys, said in an interview. He maintained his client’s innocence and said that he intended to “vigorously litigate” the charges.

Jay Leiderman, a criminal defense lawyer in Ventura, Calif., known for representing computer hackers affiliated with Anonymous, is also representing Mr. Keys.

The case against Mr. Keys struck a particular nerve because of his outsize, and outspoken, online presence. A popular and at times volatile figure in the world of social media, Mr. Keys is in many ways emblematic of the new-media landscape. The writer of what was described by Time magazine as one of the 140 best Twitter feeds, Mr. Keys quickly used his feed to discuss the indictment and assure his nearly 25,000 Twitter followers that he was “fine.”

Mr. Keys is among a coterie of young journalists adept at social media who see their stars rise quickly and often are snapped up by major media organizations, said Sree Sreenivasan, chief digital officer at Columbia.

“At a young age you can have more influence than at any time in journalistic history,” Mr. Sreenivasan said, adding, “and the mistakes you make at a younger age are more visible than ever before.”

A Thomson Reuters spokesman said on Friday that Mr. Keys had been suspended with pay. “Any legal violations, or failures to comply with the company’s own strict set of principles and standards, can result in disciplinary action,” the company said in a statement, adding that Mr. Keys joined Reuters in 2012; the apparent crimes occurred in December 2010.

Supporters of Mr. Keys echoed criticism that reached a high pitch in January, when online activists accused prosecutors of trying to bully Mr. Swartz into pleading guilty. An article in Slate was posted on Friday under the headline “Has the Justice Department Learned Anything from the Aaron Swartz Case?”

Article source: http://www.nytimes.com/2013/03/18/technology/outcry-over-computer-crime-indictment-of-matthew-keys.html?partner=rss&emc=rss

16 Arrested as F.B.I. Hits the Hacking Group Anonymous

In an indictment unsealed Tuesday afternoon in United States District Court in San Jose, Calif., 14 people were charged in connection with an attack on the Web site of the payment service PayPal last December, after the company suspended accounts set up for donating funds to WikiLeaks. The suspects, in 10 separate states, are accused of conspiring to “intentionally damage protected computers.”

Anonymous had publicly called on its supporters to attack the sites of companies it said were turning against WikiLeaks, using tools that bombard sites with traffic and knock them offline.

A Florida man was also arrested and accused of breaching the Web site of Tampa InfraGard, an organization affiliated with the F.B.I., and then boasting of his actions on Twitter. And in New Jersey, a former contractor with ATT was arrested on charges that he lifted files from that company’s computer systems; the information was later distributed by LulzSec, a hacker collective that stemmed from Anonymous.

The PayPal attack came in response to the release by WikiLeaks last November of thousands of classified State Department cables. Members of Anonymous, a clique of worldwide hackers with a vague and ever-changing menu of grievances, have claimed responsibility for a number of attacks on government and corporate Web sites over the last eight months.

In recent weeks, police in Britain and the Netherlands have arrested several people suspected of having participated in those attacks. Justice Department officials said British and Dutch police also made related arrests on Tuesday. FoxNews.com reported Tuesday that the police in London had arrested a 16-year-old boy who they believed was a core member of LulzSec and used the alias Tflow.

The arrests of suspected Anonymous supporters in the United States were among the first known in this country.

Ross W. Nadel, a former federal prosecutor who founded the computer hacking and intellectual property unit at the Federal District Court in San Jose, said the arrests could be “a highly visible form of deterrence.”

The prosecution is expected to face at least two major challenges, said Jennifer Granick, a San Francisco-based lawyer who specializes in computer crimes and has defended hackers in the past. Because hackers often use aliases and other people’s computers when they carry out attacks, prosecutors will have to prove that those arrested “were the ones with their fingers on the keyboard,” she said.

Second, the conspiracy charge could be especially difficult to prove, given that Anonymous boasts of being leaderless and free-floating. “When you have a decentralized group,” Ms. Granick said, “the question is, Are there big fish, and are any of these people big fish?”

The charge of “intentional damage to a protected computer” is punishable by a maximum of 10 years in prison and a $250,000 fine, while conspiracy carries a maximum penalty of five years in prison and a $250,000 fine.

Cyberattacks are made possible by a combination of two features of the Internet economy. Poor security at many companies and agencies makes sensitive government and private data vulnerable to breaches. And mounting an attack is inexpensive and, with the right skills, relatively simple.

In the San Jose case, all 14 suspects are accused of using a free program called Low Orbit Ion Cannon to hurl large packets of data at PayPal’s site with the intention of overwhelming it.

With the exception of one suspect, whose name was redacted by the court for reasons that federal officials did not explain, those arrested were identified by their real names and nicknames, ranging from Anthrophobic to Toxic to MMMM. Most were in their 20s, and just three were above the age of 30. It is unclear if any of them knew one another.

Article source: http://feeds.nytimes.com/click.phdo?i=ef7a8d709849ca4067ec978652db46e1

Murdoch Faces Questions, but Gains Vocal Support

But he did receive one piece of good news: vocal support from a prominent board member.

Tom Perkins, an independent member of the board of directors and the first to speak out on the scandal, said the board “is fully supportive of the top management.”

A well-known venture capitalist in Silicon Valley, Mr. Perkins said the independent board members “were stunned to discover the magnitude of the scandal over the last 10 days.”

“The board did discuss this several times two or three years ago, maybe earlier,” he said. “We’ve known about the phone hacking for a long time. We were told and top management, I’m sure, believed that the early news was the whole story. There’s no reason to believe top management was lying. That’s my very strong belief.”

“We all felt it was inexcusable for sure. We paid some money out, fired some people and we thought we’d fixed it.”

Mr. Perkins was also a member of the board of directors during a scandal at Hewlett-Packard, when the high-tech giant was involved in spying on board members and reporters to determine the source of leaked information. Mr. Perkins resigned from the board when he learned of the surveillance.

He said the News Corporation situation is different. “This is not like the HP situation,” he said. “The board supports top management.”

The hacking group Lulz Security claimed responsibility on Monday for a fake article about the death of Mr. Murdoch, the chairman of News Corporation, that appeared on one of the company’s Web sites, and for disruptions on other sites. The article was posted on the Web site new-times.co.uk, which appeared to be a defunct site related to The Times of London.

Lulz Security, or LulzSec, then apparently altered the Web site of The Sun, another Murdoch newspaper, so that it sent site visitors to the fake article. Soon after, the Sun site instead forwarded visitors to the LulzSec Twitter page.

The e-mail at The Times of London was also hacked into, a staff member said, leaving it nonfunctional on Monday evening.

Mr. Murdoch’s more immediate concern is Tuesday’s hearing. He spent much of Monday working on his opening statement at News International’s headquarters in Wapping, East London. A team of lawyers that works for the company, led by Joel I. Klein, a News Corporation senior vice president, was on hand to help him and his son, James, prepare.

They will be grilled in the Wilson Room of Portcullis House, adjacent to the British Parliament, along with Rebekah Brooks, the former chief executive of News International, who resigned on Friday and was arrested on Sunday, although no charges have been filed. The room will seat just 40 to 50 spectators, although interest is judged so large that Parliament is opening spillover rooms where others can follow the proceedings on television — as surely will much of Britain, and beyond.

The 10 members of the House of Commons select committee on culture, media and sport, drawn from the three main political parties in the British Parliament, will have agreed on lines of questioning. The demands are likely to come rapid fire, given that there will be only an hour for this rarest of events. In British parliamentary hearings, the witnesses do not testify under oath. Instead, they are obliged to answer “on their honor.”

If they are found to have lied, not even well-informed media lawyers could predict the consequences: they would earn the contempt of Parliament. It is not clear what the punishment, beyond opprobrium, would be.

The witnesses can choose not to answer — in American terms, plead the Fifth — if they judge their comments could be self-incriminating. The three will most likely appear with their lawyers, to whom they can turn for whispered advice.

The committee members to watch — those members of Parliament who have most aggressively denounced the phone hacking in the past — include Labour members Paul Farrelly and Tom Watson and the chairman, John Whittingdale, a Conservative. The committee’s clerks will have prepared many of the specific questions — they will be on green sheets of paper before the members — but the most combative members are likely to go off script.

Graham Bowley reported from London, and Matt Richtel from San Francisco. Jeremy W. Peters, Michael Luo and Nick Bilton contributed reporting from New York.

Article source: http://www.nytimes.com/2011/07/19/world/europe/19murdochs.html?partner=rss&emc=rss

Arrest Puts Spotlight on Brazen Hacking Group LulzSec

But charges by the British police link Mr. Cleary to a hacking group called Lulz Security, or LulzSec, which has been on an Internet crime spree in recent weeks, attacking Web sites and computer networks including those of the United States Senate, the Central Intelligence Agency and Sony.

The British tabloids have been quick to cast Mr. Cleary as the young criminal mastermind behind LulzSec, calling him “Hack the Lad” in front-page headlines. His mother, Rita, has said her son is highly intelligent but has a history of mental illness, including agoraphobia. His lawyer, Ben Cooper, described Mr. Cleary as “a vulnerable young man.”

Though it is not clear how much notoriety he deserves, Mr. Cleary’s arrest has made him a focus of the public fascination with a wave of computer hacking cases, carried out by amorphous online collectives.

The police say Mr. Cleary is guilty of illegally using a computer to perform denial of service attacks — bombarding Web sites with so many automated messages that they shut down. They say his targets were organizations including the British Serious Organized Crime Agency.

In the hierarchy of computer hacking, the accusations against Mr. Cleary and the actions of LulzSec fall broadly into the category known as hacktivism. Hackers of this type are not motivated by money, but are mainly interested in protesting against or antagonizing their targets, or in showing off technical skills.

Hacktivists, according to computer security experts, are a different breed from mainstream cybercriminals, who seek financial gain. Such criminals, for example, manipulated Citigroup’s Web site to steal the personal information of credit card holders.

The third category, experts say, are warriors, either working in the “cybercommands” of governments like those of the United States and other countries, or for mercenary or terrorist groups. They defend computer networks, power grids and state secrets of their own country, while devising tactics to attack enemies.

Hacktivists tend to portray their activities as digital sit-ins, a form of protest. But security experts say their attacks often cause real damage to computer networks and financial losses. LulzSec has been more aggressive than most, and more brazen in its choice of targets.

“This is organized criminal activity that is typically distributed across many different countries,” said Mark Rasch, a former prosecutor in the Justice Department, who is director of security for CSC, a computer services company. “It’s a serious crime.”

On Thursday evening LulzSec released what it said were hundreds of internal documents from the Arizona Department of Public Safety, including material related to border patrol and counterterrorism operations. It said it was taking aim at the agency because of Arizona’s anti-immigrant policies. A Department of Public Safety spokesman, Capt. Steve Harrison, said the documents appeared to be authentic but were sensitive, not confidential.

Hacking has been a pursuit of mischievous young men — and they are nearly all men — since shortly after computers were invented. But the Internet made it an increasingly international pursuit. The intruders quickly became power users of online bulletin boards and Internet chat software, using those tools to communicate and organize activities.

“Hackers were among the first to figure out the benefits of social networking,” said Alan Brill, a senior managing director of Kroll, a security consulting firm.

The far-flung hacker networks present a formidable challenge for law enforcement. But in recent years, they and prosecutors have more and more formed their own international networks of communication, sharing information across borders. Mr. Cleary’s arrest, for example, involved cooperation between Scotland Yard and the F.B.I.

LulzSec, on a Twitter feed that it uses to communicate with more than 250,000 followers, has said that Mr. Cleary is “at best mildly associated with us.” The group did not respond to a Twitter message seeking comment for this article.

LulzSec, experts say, is a splinter group from Anonymous, another online hacking collective. Anonymous is best known for its attacks last year in support of WikiLeaks, led by Julian Assange. The group went after the Web sites of companies like MasterCard and PayPal, which had refused to process donations to WikiLeaks after it disclosed confidential diplomatic cables.

Earlier this year, said Barrett Brown, a former Anonymous activist, “some of the most prominent leaders and hackers broke off and are now LulzSec.”

The two hacker groups certainly strike different poses. LulzSec’s statements and its actions display a spirit of exuberant anarchic glee. Lulz, in essence, means mean-spirited laughter, and LulzSec’s Web site describes the group as “a small team of lulzy individuals who feel the drabness of the cybercommunity is a burden on what matters: fun.”

The group is strongly antagonistic to the media. When a TV journalist for Russia Today asked for an interview, she was told it would be granted only if she and her producer wore shoes on their heads and wrestled in mud while singing. They declined.

There seems to be far less glee in the Anonymous culture. In a YouTube video describing the group, a voice intones: “There is no control, no leadership, only influence. The influence of thought.” Later, the video adds that Anonymous’s actions have “brought justice to our world.”

LulzSec’s exploits have riled others in the hacker world who object to its activities, particularly exposure of personal information of innocent Internet users. Those people are now working to stop LulzSec by investigating its members’ identities and providing information to the F.B.I.

The core LulzSec group, according to Mr. Brown, the former Anonymous activist, numbers between five and 10. Mr. Brown said the members he had dealt with — known by online nicknames like Topiary and Sabu — are mostly men in their early 20s.

Mr. Brown said he had dealt with Mr. Cleary, and that he believed — contrary to LulzSec’s statement — that he was involved with the group. But a person involved with Anonymous, who declined to be named for fear of prosecution, said Mr. Cleary was peripheral.

On Thursday the court agreed to delay Mr. Cleary’s application for bail while police investigated.

Hacker networks and their activities are murky by design, said Bruce Schneier, chief security technology officer of the British company BT Group. LulzSec, Mr. Schneier said, “is a badge, a name you call each other if you’re one of the cool hacker kids now.”

Riva Richmond contributed from New York.

Article source: http://feeds.nytimes.com/click.phdo?i=1a38a255fd11f28178502e8f7cd85fe6

British Police Charge Teenager in Connection With Hacking Attacks

But charges by the British police link Mr. Cleary to a hacking group called Lulz Security, or LulzSec, which has been on an Internet crime spree in recent weeks, attacking Web sites and computer networks including those of the United States Senate, the Central Intelligence Agency and Sony.

The British tabloids have been quick to cast Mr. Cleary as the young criminal mastermind behind LulzSec, calling him “Hack the Lad” in front-page headlines. His mother, Rita, has said her son is highly intelligent but has a history of mental illness, including agoraphobia. His lawyer, Ben Cooper, described Mr. Cleary as “a vulnerable young man.”

Though it is not clear how much notoriety he deserves, Mr. Cleary’s arrest has made him a focus of the public fascination with a wave of computer hacking cases, carried out by amorphous online collectives.

The police say Mr. Cleary is guilty of illegally using a computer to perform denial of service attacks — bombarding Web sites with so many automated messages that they shut down. They say his targets were organizations including the British Serious Organized Crime Agency.

In the hierarchy of computer hacking, the accusations against Mr. Cleary and the actions of LulzSec fall broadly into the category known as hacktivism. Hackers of this type are not motivated by money, but are mainly interested in protesting against or antagonizing their targets, or in showing off technical skills.

Hacktivists, according to computer security experts, are a different breed from mainstream cybercriminals, who seek financial gain. Such criminals, for example, manipulated Citigroup’s Web site to steal the personal information of credit card holders.

The third category, experts say, are warriors, either working in the “cybercommands” of governments like those of the United States and other countries, or for mercenary or terrorist groups. They defend computer networks, power grids and state secrets of their own country, while devising tactics to attack enemies.

Hacktivists tend to portray their activities as digital sit-ins, a form of protest. But security experts say their attacks often cause real damage to computer networks and financial losses. LulzSec has been more aggressive than most, and more brazen in its choice of targets.

“This is organized criminal activity that is typically distributed across many different countries,” said Mark Rasch, a former prosecutor in the Justice Department, who is director of security for CSC, a computer services company. “It’s a serious crime.”

On Thursday evening LulzSec released what it said were hundreds of internal documents from the Arizona Department of Public Safety, including material related to border patrol and counterterrorism operations. It said it was taking aim at the agency because of Arizona’s anti-immigrant policies. A Department of Public Safety spokesman, Capt. Steve Harrison, said the documents appeared to be authentic but were sensitive, not confidential.

Hacking has been a pursuit of mischievous young men — and they are nearly all men — since shortly after computers were invented. But the Internet made it an increasingly international pursuit. The intruders quickly became power users of online bulletin boards and Internet chat software, using those tools to communicate and organize activities.

“Hackers were among the first to figure out the benefits of social networking,” said Alan Brill, a senior managing director of Kroll, a security consulting firm.

The far-flung hacker networks present a formidable challenge for law enforcement. But in recent years, they and prosecutors have more and more formed their own international networks of communication, sharing information across borders. Mr. Cleary’s arrest, for example, involved cooperation between Scotland Yard and the F.B.I.

LulzSec, on a Twitter feed that it uses to communicate with more than 250,000 followers, has said that Mr. Cleary is “at best mildly associated with us.” The group did not respond to a Twitter message seeking comment for this article.

LulzSec, experts say, is a splinter group from Anonymous, another online hacking collective. Anonymous is best known for its attacks last year in support of WikiLeaks, led by Julian Assange. The group went after the Web sites of companies like MasterCard and PayPal, which had refused to process donations to WikiLeaks after it disclosed confidential diplomatic cables.

Earlier this year, said Barrett Brown, a former Anonymous activist, “some of the most prominent leaders and hackers broke off and are now LulzSec.”

The two hacker groups certainly strike different poses. LulzSec’s statements and its actions display a spirit of exuberant anarchic glee. Lulz, in essence, means mean-spirited laughter, and LulzSec’s Web site describes the group as “a small team of lulzy individuals who feel the drabness of the cybercommunity is a burden on what matters: fun.”

The group is strongly antagonistic to the media. When a TV journalist for Russia Today asked for an interview, she was told it would be granted only if she and her producer wore shoes on their heads and wrestled in mud while singing. They declined.

There seems to be far less glee in the Anonymous culture. In a YouTube video describing the group, a voice intones: “There is no control, no leadership, only influence. The influence of thought.” Later, the video adds that Anonymous’s actions have “brought justice to our world.”

LulzSec’s exploits have riled others in the hacker world who object to its activities, particularly exposure of personal information of innocent Internet users. Those people are now working to stop LulzSec by investigating its members’ identities and providing information to the F.B.I.

The core LulzSec group, according to Mr. Brown, the former Anonymous activist, numbers between five and 10. Mr. Brown said the members he had dealt with — known by online nicknames like Topiary and Sabu — are mostly men in their early 20s.

Mr. Brown said he had dealt with Mr. Cleary, and that he believed — contrary to LulzSec’s statement — that he was involved with the group. But a person involved with Anonymous, who declined to be named for fear of prosecution, said Mr. Cleary was peripheral.

On Thursday the court agreed to delay Mr. Cleary’s application for bail while police investigated.

Hacker networks and their activities are murky by design, said Bruce Schneier, chief security technology officer of the British company BT Group. LulzSec, Mr. Schneier said, “is a badge, a name you call each other if you’re one of the cool hacker kids now.”

Riva Richmond contributed from New York.

Article source: http://www.nytimes.com/2011/06/24/technology/24hack.html?partner=rss&emc=rss