The Justice Department indicted Reuters social media editor Matthew Keys on Thursday for allegedly conspiring with the hacktivist collective Anonymous to deface the website of The Los Angeles Times and other Tribune Co. newspapers. According to the indictment (read it below), Keys, using the handle AESCracked, gave Anonymous hackers access to Tribune servers. Keys had recently been fired from Tribune-owned TV station KTXL FOX 40 and still had valid login credentials — so he allegedly unleashed Anonymous, urging the group to "go f**k some s**t up."
They did, kind of. This headline ran on LATimes.com for roughly a half hour on Dec. 14, 2010:
According to chat transcripts in the indictment, the same hacker, "sharpie," also had a full front-page layout of the Chicago Tribune ready, but was thwarted by Tribune system administrators. Federal prosecutors are leveling three charges against Keys — conspiracy to transmit information to damage a protected computer, transmitting information to damage a protected computer, and attempted transmission of information to damage a protected computer. And while he is, of course, "innocent unless and until proven guilty in court," says Doug Mataconis at Outside the Beltway, it sure looks like "the feds have an airtight case."
How did the feds track him down? Well, Keys has written about his interactions with Anonymous, from the perspective of a journalist interacting with the notorious hacker collective, and in one article for Reuters "he even talks about a hack involving the front page of LATimes.com, but without indicating he was involved in any way," says Jeff Bercovici at Forbes. On the other hand, maybe the feds just read Twitter. Two years ago, before his arrest, an Anonymous über-hacker named Sabu (Hector Xavier Monsegur) tweeted this:
Since the same prosecutor that took down Sabu is going after Keys, "this raises two big possibilities," says Sam Biddle at Gizmodo: "Sabu turned in Keys for a slightly better deal with the government, or perhaps the FBI is hoping to get Keys to roll on his former friends as well." Either way, 25 years for "providing login information that resulted in a joke headline which lasted 30 minutes" is "enormously steep, given the alleged crime."
Biddle isn't alone. This is Trevor Trimm of the Electronic Frontier Foundation:
"Keys is being charged under the general federal conspiracy statute and under the Computer Fraud and Abuse Act (CFAA), the same act under which Aaron Swartz was charged," says Justin Peters at Slate. Swartz, the co-founder of Reddit, committed suicide in January before he was to face charges for allegedly downloading millions of files illegally from MIT computers. He, like Keys, was threatened with jail time, of up to 35 years. And the similarities don't end there. The vagueness of the CFAA — passed in 1984, to nab "sophisticated, malicious hackers" targeting the only entities networked at the time: Banks, universities, and the federal government — allows prosecutors to push for "outrageously severe" punishments like this, for whatever reasons. In this case, "just like with the Swartz case, the feds are going to use the threat of a huge maximum sentence to intimidate Keys into accepting a plea bargain."
The DOJ doesn't want to lock Keys up for 25 years, but they'll be more than happy to pretend they do in order to get the outcome they really want — likely for Keys to spend no more than a few months in jail and provide information about members of Anonymous.... The government wants Anonymous pretty badly, but I'm not sure what their actual game is here. Do they think Keys will roll over and lead them to other Anonymous members in exchange for a reduced sentence? Are they trying to make an example out of Keys so that other people will think twice before cooperating with Anonymous? Or are they simply being disproportionate and unreasonable out of habit? Apparently, they didn't take away any lessons from the Aaron Swartz case. [Slate]
Perhaps aware of the comparisons to Swartz, Keys sent out this tweet Thursday night: