Matthew Keys, a deputy social media editor at Reuters, has been indicted by the Department of Justice for his alleged involvement with Anonymous, a computer hacking group. Politico reports that Keys is charged with providing Anonymous members with log-in information to Tribune Company computer servers.

According to a DOJ release, Keys began working with Anonymous when he worked for Fox 40, a Tribune Company network:

Keys identified himself on an Internet chat forum as a former Tribune Company employee and provided members of Anonymous with a login and password to the Tribune Company server. After providing log-in credentials, Keys allegedly encouraged the Anonymous members to disrupt the website. According to the indictment, at least one of the computerhackers used the credentials provided by Keys to log into the Tribune Company server, and ultimately that hacker made changes to the web version of a Los Angeles Times news feature.

Keys’ employment status is currently unknown, but a Reuters employee said his desk was being disassembled and his security pass was deactivated.

The three counts Keys faces each carry a maximum sentence of 10 years in prison and fines up to $250,000.

Source: http://www.mediabistro.com/fishbowlny/reuters-social-media-staffer-indicted-for-allegedly-aiding-computer-hacking_b78779

Hi Tech Crime Solutions

Add Tiger Woods to the list of celebrities and public figures whose personal information has been published online by a computer hacker or hackers, according to reports Wednesday.

Woods joins a list of hacking victims that includes the likes of Michelle Obama, Mitt Romney, Kim Kardashian, Paris Hilton, Al Gore, Kanye West, Mel Gibson, Donald Trump and pro wrestler Hulk Hogan. Such information includes social security numbers, credit card bills and other personal financial information.

The information was made public on a website with an address suffix for the former Soviet Union. It was linked to a now-deactivated Twitter account in Russia.

The New York Daily News reviewed the site and reported it revealed Woods has an American Express balance of $14,826 and good credit standing.

Hogan was revealed on Tuesday to be one of the victims.

“We are aware of the problem and are taking all the necessary steps necessary to work with appropriate law enforcement agencies to bring whoever may have done this to the light of day,” Hogan’s lawyer David Houston told the Daily News.

Source: http://msn.foxsports.com/golf/story/tiger-woods-hulk-hogan-reported-among-celebrity-computer-hacking-victims-031313

Hi Tech Crime Solutions

It’s not every day you open an email and it’s about someone you know that begins with: The United States of America vs. Matthew Keys.

Matthew is my friend from when he worked in Sacramento, Calif. He was the web editor for the local Fox TV affiliate. I am the news director for the local news radio station KFBK. We shared a love of news and social media. The U.S. Attorney in Sacramento handed down the indictment against Keys on Thursday. Imagine me at work and seeing your friend’s name listed on an indictment in an email from the U.S. Attorney’s Office.

Keys currently works as a deputy social media editor for Reuters in New York City. They immediately contacted me for comment. I was reluctant, but told Reuters reporter Alistair Barr that I was friends with Matthew and have always known him to be accurate in his successful news Twitter feed @TheMatthewKeys. I added: “I trust him.”

The calls, texts and emails came in quickly, from New York to San Francisco. Wow! Did you hear about Matthew? Many of us in the Sacramento news community were very proud of Matthew. He went from leaving a local, small TV affiliate here to working in New York City for the international news service Reuters. He was an inspiration to other journalists of what they could achieve with hard work.

But the indictment is serious. Three felony hacking counts for allegedly using the codes from the Tribune Company job he was fired from to help others to hack into The Los Angeles Times webpage. Keys is facing up to 10 years in prison and fines of $250,000 for each charge. As the Atlantic Wire wrote, it would have been better for Keys to assault and pop the former boss who fired him in the face with his fist than hack into a company computer. Assault in New York City is a $5,000 fine. Cyber crimes? Keys is facing up to 25 years and $750,000 in penalties.

Yet Matthew tweeted Thursday he’s OK. He also tweeted me that it was okay that the Reuters story did not include my positive comments about him I gave to their reporter.

On Friday, Keys was placed on paid suspension from Reuters.

Matthew is my 21st-century social media friend — not the kind of friend you go out and have drinks or dinner with but one you kept in touch with 3,000 miles away via Twitter, DMs, Facebook and email. I got into the social media game with him after he started and we would counsel each other over the past three years, ruminating about the downside of the changing news industry where we are all required to work more for less to asking each other who we trust on social media. We were able to keep close and connected via our exchanges on social media rather than having a conversation, which we did a few times.

I trust Matthew Keys — as far as his news reporting abilities. To his nearly 25,000 Twitter followers, he is respected as an aggressive, worldwide news tweeter armed with at least two or three computers at his fingertips to bring breaking news in real time to a hungry news audience. Keys was a social media phenom, often working tirelessly 24/7 without sleep, tweeting out breaking news such as the Gabrielle Giffords shooting and the Japanese earthquake. He brought you comments from journalists worldwide and audio links to TV and radio stations on the scene of breaking news. And he did this before other major news agencies started doing it. And as many of us who knew him as @ProducerMatthew, he was usually way ahead of The New York Times, Associated Press or Washington Post on breaking news.

Keys has always been accurate. When I’ve asked him to keep a confidence on a sensitive matter he always agreed. He has never broken my trust. I found myself in the odd position of having to write up his story and report it on my radio station.

Yet, already, Keys’ case is being compared to Aaron Swartz, the whiz kid computer expert who hanged himself when he came under investigation from the Feds for downloading articles from MIT’s servers. Swartz committed suicide at age 26; same age as Keys.

I do not know if Keys is guilty or not. I do know we are all trying to comprehend and navigate the new age of social media and computer laws and what we can and cannot do. We all agree we cannot hack although I’ve known people who have.

Some are already describing Keys with that cliche of “disgruntled employee.” Aren’t many of us disgruntled today with either lack of finding jobs or if you have one, disgruntled by all the extra work we have to do now in reduced workplaces without extra pay?

I hope Keys does not live up to that cliche. He will be back in Sacramento in April for arraignment before a U.S. Attorney.

Source: http://www.huffingtonpost.com/judy-farah/my-friend-alleged_b_2885813.html
http://TheCyberWars.com, http://HackerForHireinternational.com, AmIHackerProof.com, http://ParentSecurityOnline.com

Hi Tech Crime Solutions

Reports suggesting that the computers of highly-sensitive Defence Research and Development Organisation (DRDO) have been hacked have created a flutter in the Government which today ordered a probe into the issue.

According to media reports, Chinese hackers have had access to some sensitive information.
When asked about it, Defence Minister A K Antony said, “Intelligence agencies are investigating the matter at this stage and I do not want to say anything else.”
The Minister was asked if the DRDO computer networks containing sensitive information were hacked and if information was compromised.

The Defence Minister later asked Defence Secretary Shashikant Sharma to inquire into the matter and submit a report, Ministry sources said here.

Commenting on the issue, DRDO spokesperson Ravi Gupta said, “As per available information, no incidence of breach of security of  DRDO’s computers has come to notice.

Appropriate measures are in place for safety and security of computer systems.”
In the past also, such incidents have occurred and the Defence Ministry has taken several actions to stop the hacking of sensitive information pertaining to armed forces.

Recently, the Navy had to take action against some of its officers in the Eastern Command after their networks were hacked as they did not follow the standard operating procedures.

Source: http://www.deccanherald.com/content/318623/probe-ordered-hacking-drdo-computers.html

High Tech Crime Solutions

Matthew Keys, the 26-year-old deputy social media editor at Reuters charged with assisting computer hackers, has emerged as the latest lightning rod in the continuing battle between proponents of Internet freedom and the Justice Department.

A federal indictment of Mr. Keys filed in California on Thursday met an online cacophony of protests against the 1984 computer crime law under which he was charged, the Computer Fraud and Abuse Act.

The indictment says that Mr. Keys, who previously worked as a Web producer at KTXL Fox 40, a Sacramento-based television station that, like The Los Angeles Times, is owned by the Tribune Company, provided a user name and password to hackers associated with the group Anonymous. Those hackers then changed a headline on a Times online article from “Pressure Builds in House to Pass Tax-Cut Package” to “Pressure Builds in House to Elect CHIPPY 1337,” a reference to another hacking group.

Each of the three charges against Mr. Keys could result in fines of as much as $250,000, with possible prison terms of as many as five years in one count and as many as 10 in the other two. The Tribune Company spent more than $5,000 to update its systems in response to the attack, the indictment says.

The aggressive tactics by prosecutors come amid an uptick in prominent cyberattacks in recent months. Last week, President Obama met with chief executives to discuss online security, which has become a hot issue on Capitol Hill.

In Mr. Keys’s case, the scale of the potential punishment relative to the actual harm caused — the vandalism to the Web site was quickly fixed — raised comparisons to the potential sentence in the indictment of Aaron Swartz, a 26-year-old computer programmer and Internet freedom advocate. Accused of breaking into a university system to download an archive of scholarly papers, Mr. Swartz committed suicide in January.

“Anyone horrified by the amount of jail time” Mr. Keys faced should join in calling for Congressional reform of the computer fraud act, Trevor Timm, an advocate and blogger at the Electronic Frontier Foundation, a nonprofit that supports an open Internet, wrote in a Twitter post on Thursday.

Still, it is not clear that an overhaul of the fraud act would change the damage charges Mr. Keys is facing. Orin S. Kerr, a former computer crimes prosecutor who now is a legal scholar at George Washington University, said that the part of the fraud act covering damage to a computer, which Mr. Keys was accused of violating, was more straightforward than the part involving authorized access, which Mr. Swartz was charged with violating; some scholars, including Mr. Kerr, have called those provisions overbroad.

Moreover, several legal specialists said that even if Mr. Keys were convicted on all three charges, they most likely would be collapsed into a single offense for purposes of calculating a sentence since they involved the same basic conduct. The sentencing guidelines would then be consulted in light of Mr. Keys’s previous criminal history, if any, and the economic harm caused by the vandalism — including any overtime or outside consultants piad to audit the system after the intrusion was discovered.

Mark Eckenwiler, a former deputy chief of the Justice Department’s computer crime section, said that statutory maximums cited in department news releases are “purely theoretical” in most cases, and that it would be inappropriate for the department to speculate at the start of the case about what an eventual sentence would be.

“The truth is that a lot of first-time offenders may well come in the very bottom band” of the sentencing guidelines, he said.

Nevertheless, Mr. Keys’s defense team stoked the furor. “I think hackers are the new Communists for the D.O.J.,” Tor Ekeland, a Brooklyn-based lawyer representing Mr. Keys, said in an interview. He maintained his client’s innocence and said that he intended to “vigorously litigate” the charges.

Jay Leiderman, a criminal defense lawyer in Ventura, Calif., known for representing computer hackers affiliated with Anonymous, is also representing Mr. Keys.

The case against Mr. Keys struck a particular nerve because of his outsize, and outspoken, online presence. A popular and at times volatile figure in the world of social media, Mr. Keys is in many ways emblematic of the new-media landscape. The writer of what was described by Time magazine as one of the 140 best Twitter feeds, Mr. Keys quickly used his feed to discuss the indictment and assure his nearly 25,000 Twitter followers that he was “fine.”

Mr. Keys is among a coterie of young journalists adept at social media who see their stars rise quickly and often are snapped up by major media organizations, said Sree Sreenivasan, chief digital officer at Columbia.

“At a young age you can have more influence than at any time in journalistic history,” Mr. Sreenivasan said, adding, “and the mistakes you make at a younger age are more visible than ever before.”

A Thomson Reuters spokesman said on Friday that Mr. Keys had been suspended with pay. “Any legal violations, or failures to comply with the company’s own strict set of principles and standards, can result in disciplinary action,” the company said in a statement, adding that Mr. Keys joined Reuters in 2012; the apparent crimes occurred in December 2010.

Supporters of Mr. Keys echoed criticism that reached a high pitch in January, when online activists accused prosecutors of trying to bully Mr. Swartz into pleading guilty. An article in Slate was posted on Friday under the headline “Has the Justice Department Learned Anything from the Aaron Swartz Case?”

Last week Attorney General Eric Holder Jr. was questioned at a Congressional oversight hearing on whether there had been prosecutorial misconduct in the Swartz case. Mr. Holder called the case tragic but defended prosecutors’ conduct, noting that they had offered Mr. Swartz several versions of a plea deal that would involve only a few months of prison time.

“I don’t look at what necessarily was charged as much as what was offered in terms of how the case might have been resolved,” Mr. Holder said.

Mr. Kerr, the former prosecutor, said the Justice Department had noted the maximum statutory punishments in news releases in part for their deterrent effect — to dissuade others from committing similar crimes — and not because they were realistic. “It’s mostly for show,” Mr. Kerr said.

Anonymous, the global collective of loosely organized “hacktivists” who have used computer attacks to protest political causes, has recently faced particular scrutiny. In August, Higinio O. Ochoa III, a member of an offshoot of Anonymous, was sentenced to two years in prison after he pleaded guilty to defacing Web sites and stealing confidential data when he tapped into several law enforcement computers. In 2011, hackers associated with the group targeted the Sony Corporation’s PlayStation online network, costing the company around $171 million.

“They’re an organization that should be taken seriously, and anyone who is thinking about their network and their security should consider them a force to be reckoned with,” said Edward Schwartz, chief security officer for RSA, the security arm of the EMC Corporation.

“There are three categories of hackers: Russian criminals trying to rob us blind; the Chinese who are trying to steal our secrets; and then there’s Anonymous, and a lot of them are like merry pranksters,” said Chester Wisniewski, a senior security adviser at the electronic security firm Sophos. He added: “We’re treating them all the same.”

According to the F.B.I., Mr. Keys went by the name “AESCracked” and in Internet chat rooms offered hackers access to the Fox 40 computer systems and e-mail addresses. “That was such a buzz having my edit on the LA Times,” a user named “sharpie” suspected of being associated with Anonymous wrote, according to the indictment. Mr. Keys is said to have responded, “Nice.”

When compared with recent attacks by Chinese hackers on media organizations including The New York Times, Mr. Keys’s apparent crime is “nothing,” said Josh Shaul, chief technology officer at Application Security Inc., a New York-based provider of database security software. “It’s like someone handed you the keys to a building and you used them to get in.”

Source: http://www.nytimes.com/2013/03/18/technology/outcry-over-computer-crime-indictment-of-matthew-keys.html?pagewanted=all&_r=0

Hi Tech Crime Solutions

http://computer-security-expert.com, http://www.GregoryDEvans.net, http://ParentSecurityOnline.com, http://www.hackerforhireusa.com

The U.S. Congress may need to create stiffer penalties for criminal computer hacking to deter the growing number of attacks on U.S. government agencies and businesses, some lawmakers said Wednesday.

Congress may revisit the Computer Fraud and Abuse Act (CFAA), the oft-amended law first passed in 1984, in an effort to counter widespread cyberattacks on U.S. computers, said Representative Jim Sensenbrenner, a Wisconsin Republican and chairman of the House of Representatives Judiciary Committee’s crime subcommittee.

[ ROUNDUP: 4 Internet privacy laws you should know about ]

Congress needs to respond to the recent reports of attacks from China and other countries, Sensenbrenner said during a subcommittee hearing.

“The United States has been the subject of the most coordinated and sustained computer attacks the world has ever seen,” he said. “The systematic and strategic theft of intellectual property by foreign governments threatens one of America’s most valuable commodities: our innovation and hard work.”

Lawmakers didn’t provide concrete ideas at the hearing on how they would update the CFAA. Several indicated they will work on cybersecurity legislation in the coming months.

While some lawmakers called for stronger computer hacking laws, others questioned whether there’s a need. Hearing participants didn’t mention the controversial Massachusetts prosecution of activist hacker Aaron Swartz, who committed suicide earlier this year, but some lawmakers’ questions and witness statements seemed to refer indirectly to the case.

The CFAA is “remarkably vague,” said Orin Kerr, a professor at the George Washington University Law School in Washington, D.C. Some courts have ruled that an employee who violates his employer’s computer-use policy violates the law, and the U.S. Department of Justice has suggested that an Internet user who violates a website’s terms of use is also acting illegally, he said.

“The lower courts are deeply divided on the statute’s scope, with some courts concluding that the law is remarkably broad,” he said. “As a result of this confusion, the meaning of the law presently varies depending on which part of the country you happen to be in. This situation is intolerable.”

Kerr called on Congress to step in and clarify the CFAA. “The law should both punish what should be punished and ensure that innocent conduct is not criminalized,” he added.

Robert Holleyman, president and CEO of BSA, a software trade group, called for updates to the law and for appropriate prosecutions. “It is important for laws and law enforcement to be strengthened in appropriate proportions, so that innocent and minor infractions are not over-penalized, but serious crimes are effectively deterred,” he said.

Holleyman also called for more congressional focus on cybersecurity research and development, for legislation to make cyberthreat information-sharing easier and for a national data breach notification law.

Lawmakers also debated whether there should be mandatory minimum sentences under the CFAA. President Barack Obama’s administration is not calling for mandatory minimums as it has in the past. Jenny Durkan, U.S. attorney for the Western District of Washington, didn’t explain the reasoning behind the change in policy, other than saying judges need to have sentencing discretion and the administration’s priorities lie elsewhere.

Representative Bobby Scott, a Virginia Democrat, said mandatory minimum rules are unnecessary and sometimes “violative of common sense.”

Sensenbrenner disagreed. “Does the administration oppose mandatory minimums as a matter of principle, or don’t they think that the crimes that we’re talking about here deserve a mandatory minimum?” he said.

Source: http://www.networkworld.com/news/2013/031313-lawmakers-tougher-computer-hacking-laws-267675.html?page=1
http://www.networkworld.com/news/2013/031313-lawmakers-tougher-computer-hacking-laws-267675.html?page=2

Hi Tech Crime Solutions