Thursday, April 17, 2014

2014-04-17: Is former Sacramento media employee Matthew Keys a victim of overzealous, misguided cybercrime prosecution?

Is former Sacramento media employee Matthew Keys a victim of overzealous, misguided cybercrime prosecution?

His trial here in Sacramento in federal court to wrap up soon


This article was published on .

Some say the U.S. Department of Justice’s priorities are out of whack when it comes to cyberterrorism prosecutions.
The trial of former KTXL Fox40 Web producer Matthew Keys in Sacramento federal court appears to be approaching its anticlimax.

The 27-year-old blogger and journalist is accused of helping hackers break into the Los Angeles Times website, where they changed the headline of a story. Keys has even confessed to the substance of the crime, though it hardly qualifies as misdemeanor vandalism. So why make a federal case out of it? Couldn’t Department of Justice resources be better directed elsewhere?

It’s a question of priorities, according toSurviving Cyberwar author Richard Stiennon. “For those in justice, your career path is to get a whole bunch of successful prosecutions and get noticed,” Stiennon says. “So you’re going to go after the low-hanging fruit.”

Lately, prosecutors have been taking advantage of the wide latitude afforded them by the Computer Fraud and Abuse Act to press cases involving “network security.” And they press hard.

Last January, Internet entrepreneur and activist Aaron Swartz killed himself while under felony prosecution for downloading academic journals. Swartz, who helped create the crowdsourced entertainment site Reddit, was facing 50 years and $1 million in fines.

“The days of ’Let’s haul this kid in front of the judge, scare him and send him home with a warning’ are long since gone,” says attorney Jay Leiderman, who represents Keys. “Prosecutorial discretion is a great thing if it’s exercised, but it doesn’t happen in any meaningful way these days, because prosecutions are so politicized.”

That’s the crux of the problem for Keys, the former Reuters social-media editor and possessor of 23,000 Twitter followers. In December 2010, he crossed paths with Hector Xavier Monsegur, a.k.a. Sabu, the eventual leader of AntiSec, a more mischievous offshoot of hacktivist group Anonymous. Keys passed them the credentials he once used to log into KTXL’s computers, which were linked to the Tribune Company network.

Keys left KTXL two months earlier, and he’s since expressed surprise that the credentials still worked. An AntiSec member used them to access the L.A. Times website and change a story headline from “Pressure Builds in House to Pass Tax-cut Package” to “Pressure Builds in House to Elect CHIPPY 1337,” a reference to another hacker group. Within 30 minutes, the hacker was frozen out and the headline corrected.

Keys might have expected, at worse, a stiff warning and small fine. But he literally messed with the wrong guy. Sabu had been an FBI informant since his arrest in June 2011, right around the time he started AntiSec.

For months, Monsegur encouraged his followers to commit cybercrime while under the FBI’s control. He was the “honeypot” attracting would-be perps into an operation seemingly designed to intimidate future hackers and anyone who might associate with them, like Keys.

“Part of this is [the feds’] broader push to send a message that anything and everything is going to go punished that appears to suggest that the control of the Internet is up for grabs,” says Hanni Fakhoury an attorney at Electronic Frontier Foundation in San Francisco. “It is not a coincidence that this was linked to behavior undertaken in the name Anonymous.”

It wasn’t always like this. Keys and Swartz were charged under CFAA, a 28-year-old law whose contours, like the shore, have worn away with time, yielding to much wider application.

The CFAA was conceived in the wake of the Matthew Broderick movie WarGames, about a hacker who inadvertently almost starts a nuclear war. The original drafters focused narrowly on government computers and the intent of the intrusion.

But changes in the law and vague wording have turned “unauthorized access” to a computer into a prosecutorial blank check.

Eleven years ago, nearby Fiddletown resident Bret McDanel was jailed under the CFAA for a crime the government later admitted he hadn’t really committed.

McDanel noticed a security flaw in his firm Tornado Development’s Web-based communications software. He told his supervisors, but his concerns went unaddressed. After leaving their employ, he sent an email to all the software’s users informing them of the issue. The Amador County resident was charged with undermining the “integrity of a computer system.”

By the time the feds admitted the law wasn’t meant to protect a software company’s reputation, he had already served his 16-month sentence. He’d lost his fiancée and was living with his parents, while his former employer had gone out of business. But McDanel can surely tell you which way the railroad runs.

As Keys has discovered, the feds lean hard and wear you down. He faces up to $750,000 in fines and 25 years in prison.

Swartz initially faced only 35 years, but four months before his death (20 months after his initial arrest), they added nine more felony counts, raising his jeopardy to 50 years. The idea, critics say, was to squeeze a plea out of him; Swartz found a different way out.

Swartz’s act of martyrdom generated a firestorm of protest. It caught the attention of Bay Area Congresswoman Zoe Lofgren, who sponsored (still-stalled) legislation known as Aaron’s Law to change some CFAA provisions.
“In talking to Aaron’s family and others who were involved in his situation, it was a real eye-opener to what happens in the criminal-justice system,” says Lofgren. “What they felt was very abusive was this sort of thing where you more or less try to extort concessions through the use of overprosecution.”
Keys’ odyssey appears to be drawing to its close, for better or worse. His last court appearance, on April 2, was accompanied by news that the case had gone to “reverse proffer.” This involves the prosecution sharing their case with the defense, generally with an eye toward an agreement.

Nearly all those swept up in the feds’ Anonymous-related enforcement actions have been processed. The sole remaining exceptions are Keys and cooperating ringleader Monsegur. In January, Monsegur’s sentencing was delayed for a third time, so it’s not difficult to believe he’s the bow on the whole operation.
Keys is certainly guilty of something, but probably not a felony. In that respect, he’s perhaps a victim of cybercrime’s intrigue and a prosecutor’s desire to leverage that publicity.

“Any case that has the word ’cyber’ in it brings headlines, because it’s interesting. There’s a degree to which careers are made this way,” says Leiderman. “’Cyber prosecutor blah-blah-blah.’ Nobody reads the ’blah-blah-blah.’ They just go, ’They caught a cybercriminal. Fantastic.’”

Lofgren continues to push changes in the law to make it less prone to abuse. Unfortunately, there’s precious little to be done about overzealous prosecutors.

“You really can’t impose good judgment legislatively,” Lofgren says, “but we do need to have better oversight over the Department of Justice.”

Thursday, April 3, 2014



After Signing a Plea Deal, Barrett Brown Could Leave Prison This Year

Illustration by Dell Cameron

On Monday, US Attorney Sarah Saldaña filed a superseding indictment in the government’s case against Barrett Brown.
“It’s conceivable,” attorney Jay Leiderman told me yesterday, that the prosecution, which dismissed 11 of Brown’s charges last month, “is about to reach a plea deal with Barrett.”
It appears now, that a plea deal has been reached. After bringing multiple cases against Brown, three of which he had pleaded "not guilty" to, federal prosecutors have salvaged a minute victory over Brown. Originally, they sought to put him behind bars for 105 years. The prosecutors were granted a seal on the plea agreement by the court.
Of the two counts pleaded to in the indictment, one, of “Accessory After the Fact,” links Brown to Jeremy Hammond a/k/a “o,” and the 2011 Stratfor hack. The otherclaims that Brown, having been “aided and abetted by another person,” (his mother), obstructed the execution of a search warrant on March 6, 2012, the day after Hammond’s arrest.
Leiderman, who was driving while we spoke, had me read the three-page indictment to him. If Brown pleaded to the two counts, we calculated together that he would face a maximum punishment of 4.5 years: the accessory charge carries a 2.5 year punishment, and the second count carries two maximum punishments (18 U.S. Code § 1501-1502) of “not more than one year.”
“Realistically, what he faces is 30 months with 19 already served,” said Kevin M. Gallagher, director of Free Barrett Brown. He added that Brown will likely petition the court for leniency, and told me, “We believe he has a strong chance of getting time served, and ultimately will be out of jail this year.”
The new indictment illustrates just how differently the government and his supporters view Brown's actions. Federal prosecutors state that he intentionally diverted attention away from Hammond, misleading the authorities (and Stratfor) with regards to his identity.
Brown is, however, a credentialed journalist who has been published by numerous respected outlets. As such, supporters would argue he had a constitutional right to defend his sources against prying federal investigators. The prosecution has continuously shifted its tactics in pursuing the case, and "has thoroughly embarrassed itself," said Leiderman. He reflected on the Government's dismissal of charges that sought to criminalize Brown's sharing of a hyperlink, citing a clear inability for prosecutors to hold their case together.
A re-arraignment is scheduled to take place in the Dallas federal courthouse on April 29th, according to electronic filings.
"Yeah," said Gallagher, "he's coming home soon."
TOPICS: journalismbarrettBrownfederalcourtcasehackingJeremyHammond,AnonymoustexasDallaspower

Thursday, January 30, 2014

Federal agents accused of unwarranted search through journalist's computer

Attorney for journalist Matthew Keys, indicted for conspiring with hackers, contests the legality of investigators' tactics

Federal agents have been accused of carrying out an improper search of documents contained on the computer of a former Reuters journalist who has been charged with conspiring with hackers to deface the website of the Los Angeles Times.
Matthew Keys, 26, has been indicted for providing a username and password to the hacker group Anonymous that allowed it to hack into the Los Angeles Times website and alter a headline.
At the US district court in Sacramento on Wednesday, an attorney for Keys, Jay Leiderman, said federal agents carried out a trawl of files on Keys's computer in 2012 that was not allowed under their search warrant. He asked that information taken from the computer be suppressed by the court.

"The warrant did not give the power to rummage through the journalist's files," Leiderman said, adding "there is no indication of why all this information needed to be seized".

The computer in question was used by Keys to send files regarding his own case to another journalist who was writing a book about Anonymous in 2012. It is not clear what the prosecution intends to do with the information agents found during the search or if any of it will be used in an upcoming trial.

The prosecution argued that agents carried out a broad search of the computer because they were concerned relevant files could have been moved or hidden. They further argued that child pornography cases, in which entire hard drives are seized and used as evidence, set a precedent for such indiscriminate searches.

Leiderman responded by saying, as a journalist, Keys would be unlikely to move or tamper with files relating to an ongoing story and rejected the idea that child pornography cases are analogous to this case.

Judge Kimberly Mueller is expected to give her decision on the legality of the search on 26 February.

The case against Keys has caused a stir in the online media community, where many are concerned he is the victim of over-stringent action by law enforcement. He faces three charges in total under the 1984 Computer Fraud and Abuse Act. Each charge carries a potential fine of $250,000 and potential jail terms of five years on one count and 10 on each of the other two.

Supporters of Keys point out that his actions caused little disruption to the LA Times. The hackers used the password to change one headline from "Pressure Builds in House to Pass Tax-Cuts" to "Pressure Builds in House to Elect CHIPPY 1337." CHIPPY 1337 is a reference to another hacking group.

The headline was quickly amended and the password changed to avoid further breaches. The company that owns the LA Times spent $5,000 updating security measures to avoid a recurrence, according to the indictment.

The alleged offences occurred in 2010 when Keys was working for KTXL Fox 40, a Sacramento-based television station owned by the Tribune Company, which also owns the LA Times.

Keys later moved to Reuters where he worked as a social media editor before being put on paid leave once the charges were brought against him. He was later dismissed. He will appear in court again on 26 February when Mueller will giver her decision on the application to suppress.

US federal agents illegally obtained evidence against a former Reuters journalist when they scoured his computer for documents that were not mentioned in the search warrant they were granted, the reporter’s attorney argued in court Wednesday.
Matthew Keys, 26, was charged in 2012 with conspiring with hackers from Anonymous, providing them with a username and password that allowed them access to the Los Angeles Times website and subsequently change a headline. When federal agents investigating Keys examined the computer in question they accessed files Keys had sent about his own case to another journalist who was at work on a book about the anonymous hacking collective.
Keys’ attorney, Jay Leiderman, asked the US district court in Sacramento to suppress any evidence the police obtained from that computer.
The warrant did not give the power to rummage through the journalist’s files,” he said Wednesday, nothing “there is no indication of why all this information needed to be seized.”
How the prosecution plans to use the information investigators obtained is unclear, however authorities said the search needed to be conducted because files relevant to the investigation may have been deleted by Keys. Attorneys cited child pornography investigations, in which entire hard drives are often seized, provide a precedent for this case.
According to the Guardian, Leiderman responded by saying that a child porn example is irrelevant to this case and asserted that Keys, being a journalist, would not destroy files that were part of an ongoing story.
The Justice Department claims that Keys, dejected over being fired from his job at KXTL Fox 40, a Tribune Company subsidiary, gave his log-in information to hackers in an Anonymous chat room and told them to “go f**k some shit up.” They then infiltrated the site of the Los Angeles Times, another Tribune company, and changed a headline from “Pressure builds in House to Pass Tax-Cuts” to “Pressure Builds in House to Elect CHIPPY 1337,” a reference to another hacker group.
Prosecutors explained that the plan was designed to “make unauthorized changes to web sites that the Tribune Company used to communicate news features to the public; and to damage computer systems used by the Tribune Company.”
Leiderman said that Keys was acting as an embedded journalist when the alleged criminal activity occurred in 2010. Keys faces up to 25 years in prison and a $750,000 fine if convicted, although prosecutors told the Associated Press last year that Keys would likely be sentenced to between 10 and 27 months behind bars because he has no criminal record. Keys has refused a plea bargain.
He met these people in chat rooms, they knew he was a journalist and knew where he used to work,” Leiderman told the Huffington Post, adding that the credentials Keys provided were incapable of gaining access to the LA Times site. “There’s an incongruity to all of this that we’re hoping to get to the bottom of in the next couple months.”

Wednesday, November 27, 2013

Huff Post Live - Jay Leiderman and Peter Ludlow discussing the Jeremy Hammond Sentencing 2013-11-15

Huff Post Live
Jay Leiderman and Peter Ludlow 
discussing the Jeremy Hammond Sentencing


Anonymous Hacktivist Sentenced To 10 Years In Jail

Jeremy Hammond, a hacktivist and former member of Anonymous, faces 10 years in prison for one count of conspiracy under the Computer Fraud and Abuse Act. We speak with experts and members of his legal team ahead of his sentencing.
Originally aired on November 15, 2013
Hosted by: 
  • Alyona Minkovski
  • Jay Leiderman  (New York, NY) Criminal Defense Lawyer Specializing in Computer Crimes; Law Offices of Jay Leiderman
  • Peter Ludlow  (Chicago, IL) Professor of Philosophy, Northwestern University

Thursday, October 24, 2013

Lorax Live on Radio AnonOps with Jay Leiderman

The Hitchhiker's Legal Guide to the Cyber Galaxy

18 October 2013

Link to the show: 

Lorax Live  Jay Leiderman
Jay Leiderman is a criminal law specialist and defense attorney who has represented members of Anonymous and Lulzsec.