When Digital Protest Becomes Cyber Crime: A Lesson for Would-Be Hacktivists
On the surface, the life of an Internet hacktivist sounds pretty cool. You get to go by nicknames like Anthrophobic, Toxic, or Reaper; avenge innocent victims while punishing the wicked; and get home in time for mom to make you lunch.
But here's some unsolicited career advice for would-be enemies of the state: If you're planning to embark on a life of politically motivated cyber crime, don't leave a trail of cyber crumbs behind.
[ For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter and follow Cringely on Twitter. ]
Some 16 U.S. citizens, most of them in their late teens and early 20s, found this out the hard way. Yesterday the FBI arrested this crew for their alleged roles in cyber attacks conducted under the name of Anonymous and/or Lulz Security.
Most of the arrests stemmed from attacks on PayPal, an act of revenge after PayPal withdrew its support for WikiLeaks last December (which was, of course, in response to yet another hack, the 200,000-odd confidential state department cables allegedly leaked by 21-year-old Private Bradley Manning). The other arrests were for attacks on InfraGard, a private security firm with strong ties to the federal government, and AT&T.
Ryan J. Reilly at TPM Idea lab describes how one of the alleged Anon/Lulz members, 21-year-old Scott Matthew Arciszewski of North Fort Myers, Fla., got nabbed:
First, they got the IP address of the individual who attacked the [InfraGard] website with the account "AntiSecTest" on June 21. Then they used info on the Twitter account voodooKobra which posted a "bitly" link to the vulnerability he allegedly created with the phrase "Infraguard Tampa has one hell of an exploit."
Based on the twitter info associated with the Twitter account, they visited his website at kobrascorner.com and did a Google search for his "VoodoKobra" screenname. They turned up his Wikipedia user page, which listed his real name as Scott Arciszewski. They compared his drivers license photo to the avatar on his account on hackforums.net and on his Facebook profile.
So much for being "Anonymous." Reading Arciszewski's tweet stream, he just sounds like your average, broke college kid:
I also don't own a car, and the only bicycle I own has no brakes and the handlebars are loose. I have less than $60 to my name until August.
My cell phone is also currently out of service due to being broke. I tried to reactivate it today, and MetroPCS*** went "hahaha no"
As Reilly describes, these folks were anything but criminals by profession -- more like landscapers, cashiers, and students. Assuming they actually did what they're accused of, I'm sure they see themselves as activists -- protestors raging against the machine. Only their acts of protests involved breaking the law, and now they're all looking at up to 10 years in the pokey and fines of $250,000 for each offense.
In thematically, if not circumstantially, related news: 24-year-old Aaron Swartz, one of the early contributors to what became Reddit and a well-known digital activist, has been indicted in Boston. His alleged crime: downloading some 4 million academic papers from the JSTOR archive, which charges fees for access to that research.
Swartz has been accused of breaking into a server closet at MIT and installing hardware to download academic materials from JSTOR. Given Swartz's prior history -- in 2009 he legally downloaded some 19 million pages of court records from the Federal Appellate system and distributed them free across the Net -- it's a safe assumption his intent was to "liberate" those 4 million documents.
Swartz is facing a possible 35 years in prison and more than $1 million in fines for what Aaron's activist colleagues describe as "trying to put someone in jail for allegedly checking too many books out of the library."
Well, not exactly -- more like breaking into Barnes & Noble, cloning all the books that are now in public domain, and distributing free copies on the sidewalk. But I take his point.
There's no question that accessing computers you don't have permission to access should be a crime. My guess is that somebody is trying to make an example out of the 16 Anons and Swartz, in the hopes that the splashy arrest headlines will deter others from following the hacktivist path, while they quietly plea down to a more reasonable punishment.
Still I can't help thinking that as crimes go, these pale in comparison to, say, hacking people's voice mail, bribing police to look the other way, or swindling billions of dollars from America's retirees. It would be nice if somebody somewhere made an example out of those folks. Just my humble opinion.
What's your humble opinion? Should the hacktivists have the e-book thrown at them? Post your thoughts below (Add a comment) or email me directly: firstname.lastname@example.org. And please try to keep your voices down, editors are trying to sleep.
This article, "When digital protest turns into cyber crime -- a lesson for would-be hacktivists," was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, and subscribe to Cringely's Notes from the Underground newsletter.