Category Archives: Hacking
British computer hackers behind bars – from the archive, 22 May 1993
Two hackers become the first offenders to receive jail sentences under the 1990 Computer Misuse Act
Yesterday, two bright young men described by a judge as having indulged in ‘intellectual joyriding ‘ were jailed for six months.
Neil Woods, aged 24, from Manchester, and Karl Strickland, aged 22, from Liverpool, thus became the first people imprisoned under the 1990 Computer Misuse Act, introduced to deal with the growth of hacking by a breed of bright young men whose ingenuity was directed towards their computer screen.
Judge Michael Harris said at Southwark crown court, south London, that he would be failing in his public duty if he did not impose immediate custodial sentences.
He told the two men he was jailing them ‘both to penalise you for what you have done and for the losses caused, and to deter others who might be similarly tempted’.
The pair worked from home and ran up phone bills of at least £25,000 for other computer users. They were said to have caused damage to systems of more than £120,000.
Their equipment was simple: basic terminals, modems and telephone lines. Their hacking took them metaphorically to Russia, Canada, Taiwan, Singapore, Sweden, Norway, Germany, Iceland, India and Australia. One officer said the list of databases they penetrated was like ‘reading an atlas’.
Mr Strickland, a research assistant at Liverpool university, and Mr Woods, a computer salesman and Manchester university computer science graduate, both pleaded guilty to conspiring to obtain telegraphic services dishonestly, and engaging in the unauthorised publication of computer information. Mr Woods also pleaded guilty to causing £15,000 of damage to a computer owned by Central London Polytechnic.
Judge Harris said he accepted their hacking was not designed to damage systems or to make a profit, but he believed they knew what they were doing was illegal.
‘If your passion had been cars rather than computers we would have called your conduct delinquent, and I don’t shrink from the analogy of describing what you were doing as intellectual joyriding,’ he said.
‘There may be people out there who consider hacking to be harmless, but hacking is not harmless. Computers now form a central role in our lives, containing personal details, financial details, confidential matters of companies and government departments and many business organisations.’
     |
Related posts:
British computer hackers behind bars – from the archive, 22 May 1993
Two hackers become the first offenders to receive jail sentences under the 1990 Computer Misuse Act
Yesterday, two bright young men described by a judge as having indulged in ‘intellectual joyriding ‘ were jailed for six months.
Neil Woods, aged 24, from Manchester, and Karl Strickland, aged 22, from Liverpool, thus became the first people imprisoned under the 1990 Computer Misuse Act, introduced to deal with the growth of hacking by a breed of bright young men whose ingenuity was directed towards their computer screen.
Judge Michael Harris said at Southwark crown court, south London, that he would be failing in his public duty if he did not impose immediate custodial sentences.
He told the two men he was jailing them ‘both to penalise you for what you have done and for the losses caused, and to deter others who might be similarly tempted’.
The pair worked from home and ran up phone bills of at least £25,000 for other computer users. They were said to have caused damage to systems of more than £120,000.
Their equipment was simple: basic terminals, modems and telephone lines. Their hacking took them metaphorically to Russia, Canada, Taiwan, Singapore, Sweden, Norway, Germany, Iceland, India and Australia. One officer said the list of databases they penetrated was like ‘reading an atlas’.
Mr Strickland, a research assistant at Liverpool university, and Mr Woods, a computer salesman and Manchester university computer science graduate, both pleaded guilty to conspiring to obtain telegraphic services dishonestly, and engaging in the unauthorised publication of computer information. Mr Woods also pleaded guilty to causing £15,000 of damage to a computer owned by Central London Polytechnic.
Judge Harris said he accepted their hacking was not designed to damage systems or to make a profit, but he believed they knew what they were doing was illegal.
‘If your passion had been cars rather than computers we would have called your conduct delinquent, and I don’t shrink from the analogy of describing what you were doing as intellectual joyriding,’ he said.
‘There may be people out there who consider hacking to be harmless, but hacking is not harmless. Computers now form a central role in our lives, containing personal details, financial details, confidential matters of companies and government departments and many business organisations.’
| |
Related posts:
The man who ‘nearly broke the internet’
Sven Olaf Kamphuis is accused of global cybercrime, but Spanish police found him in a squalid flat with his name on the letterbox
The day Sven Olaf Kamphuis parked his huge orange Mercedes van with its German numberplates outside Bar Javis, in the Catalan town of Granollers, the owner’s son snapped a picture with his mobile phone.
“Not a lot happens in this street,” Maria Cruz, the bar’s owner, explained. “And it was so huge, with all those funny antennas and solar panels poking out of the roof, that it blocked the light to the bar.”
Even stranger was the 35-year-old Dutch man who parked it in this narrow street after renting a small attic flat with windows made of glass blocks in the poorer end of this nondescript town 15 miles from Barcelona.
Even on hot early summer days, Kamphuis wore a woollen hat. And he spoke no Spanish, answering “yes, yes” in English to everything people from this friendly neighbourhood said to him.
Kamphuis, 35, is one of the most controversial characters in the murky world of spam and hacking – deemed the internet’s public enemy number one by some, though others believe his reputation has been blown out of proportion by the grandstanding of his foes.
Capable of rigging up sophisticated computer systems anywhere, including the back of a van, he allegedly masterminded a flurry of March internet attacks that the security company CloudFlare claimed “almost broke the internet”, plunging the world into digital darkness. When Spanish and Dutch police arrested him they found the flat occupied by a tangle of cables and computer gear. A copy of the science fiction writer Neal Stephenson’s Quicksilver lay on the unmade bed.
Kamphuis displayed a Napoleonic sense of grandeur. “He claimed he had diplomatic status,” said the Spanish police officer who led the operation, but asked not to be named. “He said he was the telecommunications minister and foreign minister of a place called the Cyberbunker Republic. He didn’t seem to be joking.”
“The request to arrest him came from the Netherlands,” said the police officer, who heads the cybercrime unit in Barcelona. “But Britain, the United States and Germany were all affected by the massive denial of service attacks that he launched.
“The van was fitted out as a mobile office from which he could launch his attacks. Amongst other things we found the IP addresses of his targets and that is part of the evidence we are sending to the Netherlands.”
Kamphuis has yet to be tried, but Spanish police believe they know his modus operandi. “He brought together hackers from around the world to launch the attacks. It is obviously not all over yet, because the Dutch have been under attack again in recent days – presumably as revenge by his friends.
“Some of them have networks of zombie computers, having spread viruses that let them control others people’s computers. They all agree to launch the attack and they do millions of requests to the server at the same time.”
The result was what the New York Times called an attack of previously “unknown magnitudes”, producing a 300bn-bits-per-second data stream that targeted the British and Swiss-based anti-spam operator Spamhaus and its allies. This had reportedly blacklisted his CB3ROB/Cyberbunker company, which claims its servers are housed in an old Nato nuclear bunker near Rotterdam, for hosting hundreds of spam and malware websites. Kamphuis happily claimed to be punishing Spamhaus for “abusing their influence”.
“Nobody ever deputised Spamhaus to determine what goes and does not go on the internet,” he told the New York Times in an angry message. He later denied involvement. “We want to be absolutely clear that the DDoS [distributed denial of service] attacks are not and have not ever been orchestrated within CB3ROB/CyberBunker, nor are they conducted under the supervision of Sven,” he wrote on his Facebook page.
But the huge number of spammers he hosts has led even hacktivists sympathetic to his pro-Pirate party, Anonymous and Julian Assange’s stance to question his real activities.
Several other mysteries remain. If this was one of the most successful spammers in history, why was he living in a squalid flat and a camper van?
“If you get paid a few cents for each spammed email and you send out million emails every day, then you can make a lot of money,” said the Spanish police chief.
Kamphuis certainly did not behave like a criminal on the run. “He seemed too relaxed to be a crook,” said Cruz. “And he certainly didn’t hide away. He had even written his name on the letterbox.”
“He wasn’t really trying to hide,” agrees the Spanish police chief. “I think he thought that we wouldn’t track the attacks to him or that we would leave him alone because he was not attacking Spanish targets.”
His attacks were widely reported to have slowed the entire internet down, but internet speed trackers such as Internet Traffic Report barely registered a blip.
Some point to publicity-seeking grandstanding by CloudFlare, an internet security company called in to protect Spamhaus. It claimed this was “the DDoS [attack] that almost broke the internet”.
“The record-breaking attacks were initially directed at Spamhaus infrastructure such as websites, mailservers and nameservers. Then, over the course of the following two weeks, the attacks escalated to targeting Spamhaus’s supporting networks and services including various internet exchanges,” Spamhaus’s British founder Clive Linford said on his blog, describing the attacks that started in the middle of March. “While the DDoS caused disruptions to our organisation and its hosts and partners, the flow of the Spamhaus anti-spam data that protects over 1.7bn mailboxes worldwide was never interrupted.”
Kamphuis was last week taken to the Netherlands – a country that recently announced plans to let police hack into computers located abroad, installing spyware, reading emails and deleting files. He is being held in jail while investigators decide what charges to bring.
A spokesman for the Dutch public prosecutor’s office said he would appear before a court in Rotterdam again this week to have bail conditions reviewed after the “unprecedented heavy attacks” on Spamhaus and its partners in the US, Netherlands and Great Britain.
No related posts.
Why are the LulzSec hackers being locked up? | James Ball
A chance to put these young hackers’ skills to better use goes wasted, while gangs who rob for personal gain go unpunished
For lawmakers, illicit downloaders and hackers alike, the internet is one of the few bits of frontier territory left in the world: for the “rogues” there’s lots more scope to get away with things not possible in more civilised, everyday reality, while for the lawmakers there’s an ungovernable mess.
The problem with frontier justice is, of course, that when it strikes, it tends to be rough. And so it’s proved for the four members of the hacking group LulzSec, sentenced in a London court: three were jailed for between two years and 32 months (they’ll serve half), with the fourth receiving a suspended 20-month sentence.
Untangling the rights and wrongs of this case is difficult. The group carried out a series of cyber-attacks that caused millions of pounds’ worth of damage, particularly on the Sony Playstation network. (And gamers won’t have been happy about the disruption to services).
That fact shouldn’t be ignored by those mounting a defence of LulzSec: some of the group’s actions were political (of which more later), but some were fairly tenuously justified at best. And the consequences were real and expensive: anyone causing that much damage offline would certainly also face jail.
But the rest of the case is far less clear-cut. Three of the four convicted were teenagers at the time of their offence. Computer crime is one of the few areas where teenage pranks can dramatically escalate, a product of the interconnected nature of the internet.
How much should teens be held responsible for the structural vulnerability of internet institutions? How much culpability lies with those who leave architecture as easy to attack as it is? We could continually be locking up teens unless something changes.
The data obtained in the various hacking attacks could have been used for significant large-scale fraud and financial gain. At the time of his arrest, the computer belonging to Jake Davis (the group’s spokesman, “Topiary”) held more than 750,000 lines of data, including passwords, credit card details and more. There’s no sign he ever made any attempt to profit from any of this.
It seems almost uncontroversial to suggest that hacking attacks made without the intent of personal gain should be treated as a very different beast to those by large, professional groups – who, it should be noted, almost universally escape detection and prosecution.
If personal gain wasn’t the motivation, what was? And does it matter? While one of the main professed motivations was “the lulz” – hacking for kicks – many LulzSec actions had a political aspect.
LulzSec grew out of Anonymous, the amorphous hacking collective, which rose to prominence (in the mainstream media at least) once it had attacked Paypal and other sites after they joined a credit-card blockade against WikiLeaks.
WikiLeaks, like it or loathe it, had committed no crime, been charged with no crimes, and yet was cut off in all practical terms from funding sources. Attempts to redress the situation in the courts have proven slow and erratic, and any compensation for lost donations certainly hasn’t materialised.
Anonymous and the other hacktivists engaged in direct action in the belief the justice system would let them down. And they were right.
The justice system could be letting everyone down again. When it comes to real, serious hacking actions across the web, there are only two shows in town. The first and most extreme comprises state-backed hackers across the world, targeting information systems, trade secrets, and even – in the case of the US and Israel – centrifuges used to enrich uranium.
The other is sophisticated criminal gangs, often operating from Russia, eastern Europe or Africa. These are the guys who’ll empty your bank account, hold email accounts to ransom and more.
Instead of either of these groups being arrested and taken through the courts, we’re seeing teenage hacktivists put on trial instead. Are they really the ones we should focus on?
And if we are going to arrest and convict them – let’s remember the financial damage caused at this point – couldn’t we be more creative and constructive with what we do next?
Several of those arrested are clearly gifted. Jake Davis could put many a professional PR to shame. Why waste their skills, and their life prospects, not to mention a wodge of public money, with prison sentences?
In the least imaginative scenario, these guys could be engaging in hundreds upon hundreds of hours of unpaid teaching work, building IT skills. In the most imaginative one, why not get them creating a dotcom startup for the public good?
A chain-gang incubator might seem like a mad idea. But it’s no more bizarre or brutal than anything we’ve done in real life to those who do wrong on the online frontier.
• This article was amended on 17 May 2013. It originally referred to centrifuges inside nuclear reactors. This has now been corrected.
| |
No related posts.
Strongbox: New Yorker’s salvo in the ‘war between data capture and privacy’
New open-source drop box for leaked documents co-created by Aaron Swartz launches, provides ‘secure route’ for sources
When Kevin Poulsen, a former hacker who now edits at Wired magazine, came up with the idea two years ago of creating an open-source drop box for leaked documents along the lines of WikiLeaks, he could not have imagined that its launch would coincide with one of the most aggressive US government assaults on press freedom in a generation.
Deaddrop unveiled itself to the world on Thursday, three days afterAssociated Press revealed that it had been subjected to a “massive and unprecedented intrusion” into its news gathering by the Justice Department. Leak investigators had obtained phone records of more than 20 telephone lines used by AP journalists, without the news agency being informed of the violation.
For Poulsen, this week’s coincidental confluence of events underlines the potential value and importance of the DeadDrop project. “With the risks now so high – not just from the US government but also the Chinese government that is hacking newsrooms in the West – it’s crucial that news outlets find a secure route for sources to come to them.”
But this week’s AP saga has also underscored the perils involved for anyone brave enough to try and leak information. As a further reminder of the dangers, Bradley Manning will go on trial next month facing possible life in military custody with no chance of parole for having been the source of the huge WikiLeaks trove of US state secrets.
The Manning trial has a further relevance to the launch of DeadDrop, Poulsen believes. In a pre-trial hearing in February, Manning disclosed that before making contact with WikiLeaks he had attempted to hand his enormous mountain of digital documents to the Washington Post, New York Times and Politico but failed to find a way into any of those organisations.
“This is the important lesson here. There was no natural route for Manning to gain entry, and it was a simple idea from WikiLeaks of creating a web forum where documents could be securely uploaded that led to their huge scoops.”
DeadDrop relies on code that was written by the open data campaigner Aaron Swartz and completed just a month before he committed suicide in January. It will be open for any person or institution to use and develop. Poulsen expects that some people will spin off their own versions – or “fork the code” as it’s known in the business – while a canonical top copy will be maintained that can be constantly updated and improved.
The first major use of the code has been pioneered by the New Yorker, Wired’s sister magazine within Condé Nast, which has posted its version on its website under the title Strongbox. Nicholas Thompson, editor of newyorker.com, hopes that the new anonymous information sharing service will help redress the imbalance in what he calls the “data arms race”.
“Technology for surveillance and data capture by companies monitoring our behaviour has developed at such a pace that data privacy has failed to keep up. It’s an arms race between data capture and data privacy, and data capture is winning.”
The drop box is already a leap ahead of the technology used by WikiLeaks in that it allows for a two-way communication between source and journalist, and not just a one-way handing over of information. Sources are able to upload documents anonymously through the Tor network onto servers that will be kept separate from the New Yorker’s main computer system. Leakers are then given a unique code name that allows New Yorker reporters or editors to contact them through messages left on Strongbox.
Early reviews of the service have generally been favourable. Jonathan Stray of the Overview Project praises the use of the Tor network as the “gold standard for anonymous online communication”.
But Stray warns potential leakers against being lulled into a false sense of safety: “I think we need to understand it is far from a complete solution to the problem of source security.”
Strongbox may be secure, but if journalist and source are tempted to step outside its boundaries and communicate in other ways – by phone or email, for instance – they will leave behind a trail that can be traced. “Whether or not this is a problem depends on who you are trying to keep secrets from – as the recent secret DOJ subpoena of AP phone records shows,” Stray writes.
That danger was neatly illustrated by Bradley Manning. He was undone not through any breach in the secure channels through which he uploaded information to WikiLeaks, but because he engaged in a web-chat with the former hacker Adrian Lamo who then shopped him to the authorities.
Paradoxically, the transcript of those web chats were first published by Wired, having been brought to the magazine by Kevin Poulsen.
So far, experimentation with the creation of drop boxes to facilitate anonymous digital leaking has failed to reach the dizzy heights that WikiLeaks attained in 2010. Since 2011, WikiLeaks and its founder Julian Assange have been so beleaguered by legal and financial problems that they have closed their secure uploading channel altogether; the only way currently to pass information to the organisation is through direct contact with one of its small inner coterie.
An attempt by WikiLeaks defector Daniel Domscheit-Berg to create a spin-off called OpenLeaks has failed to make much impression. Similarly disappointing results have been experienced by mainstream news organisations attempting to take on the mantle of WikiLeaks.
The Wall Street Journal came under heavy criticism for the technical glitches contained in its anonymous drop box, SafeHouse, launched in 2011 that analysts said could have put leakers at risk of detection. The service is still available on wsj.com, but the Journal declined to comment about it suggesting it has been less than an unqualified success.
The New York Times also considered setting up a leakers’ drop box in 2011, but decided not to go ahead. A spokeswoman said: “As with any potential reporting tool, we’ll likely revisit the idea in the future as our reporting needs evolve.”
Jay Rosen, media critic at New York university, said the patchy record of such innovations told their own story. “It’s obvious the difficulties are greater than we thought. Since WikiLeaks, the authorities have become much more aggressive in prosecuting, and we’re still a long way from offering confidence in this system.”
No related posts.
Why is Anonymous helping teenage lesbians? | James Ball
Anonymous may not be known for its gay rights credentials, but this loose collective of libertarians loves an underdog
Any experienced internet denizen might feel wary on seeing the words “teenage lesbians” and “hacker collective Anonymous” in close proximity. And, quite probably, with good reason, especially if they’re using a work computer.
But the situation isn’t what they might fear: members of Anonymous have vowed to take action in the case of Kaitlyn Hunt, an 18-year-old women from the US who is facing prosecution over her relationship with her 15-year-old girlfriend.
Shortly after her 18th birthday, the parents of Hunt’s girlfriend secretly recorded the duo discussing a make-out session in the school bathroom – and used this to go to the police. She is facing charges of “lewd and lascivious battery” on a minor.
Generously, prosecutors are offering her a deal in which she’ll face a mere two years in prison for having a younger girlfriend. Naturally, prosecutors and the girlfriend’s parents alike claim the case is nothing to do with Hunt’s sexual orientation.
For many members of Anonymous – Anons – lesbianism has, for now, begun and ended with what we might politely refer to as, ah, “adult entertainment” videos.
The collective is not traditionally known for having fantastic gender politics or gay rights credentials. The word “fag” as a jest, an insult and virtually punctuation across the group’s chats.
But this case has all the right ingredients to provoke Anonymous’s ire. Young people facing criminal prosecution for typical teenage acts. Parents apparently allowed to surveil the conversations of teenage girls (creepy, no?) with impunity. And sentences which, as seems so common in the US, seem to bear no proportion to the “crime” concerned.
So their pledge to step in should really come as no surprise. The reason that it does, for some, is that Anonymous seems entirely inconsistent on alleged sex offences, treatment of women and attitude towards gay people.
Anonymous is often, but not always, among the core defenders of Julian Assange against the accusations of sex crimes he faces in Sweden. And shamefully, many Anons have played a large part in the demonisation of his accusers, chronicled in Alex Gibney’s “We Steal Secrets” WikiLeaks biopic, out in the US this week.
But Anons have also been at the forefront of trying to seek justice for alleged rapists of women elsewhere – to the point of bordering on vigilantism.
Viewed in isolation, the three separate operations seem entirely contradictory. But they’re partly explained by Anonymous’s underlying politics and attitudes: Anons are libertarian. They mistrust the state, and don’t like interference. And they will pick the underdog every day of the week.
Anons will join whichever side of the fight seems to be losing, or seems to be facing an injustice (real or imagined). They’re not about to start discussing intersectionality at length.
This also accounts for a lot of Anons’ perceived homophobia to outsiders: they are not, and will never be, delicate with language. Anonymous grew out of 4chan, one of the bluntest, rudest, trolls’ nests on the internet. Just because the language is homophobic doesn’t mean their intentions are – or at least, not always.
Anonymous is widely misunderstood. It’s thought of as a group, or a membership organisation, maybe the online version of a political party. Even members of political parties can have widely divergent groups – just ask David Cameron – but Anonymous is far less coherent even than that.
Want to be a member of Anonymous? Say you’re a member of Anonymous. And you’re done. The unifying idea, if there is one, is a sense of injustice, belief in free speech bordering on the fundamentalist, and a libertarian streak. Everything else is optional. So, when it comes to gender and LGBT politics, Anonymous can be a crowd of misogynistic asshats with bigoted opinions. Or they can be progressives who either couldn’t care less about sexuality, or actively support LGBT rights, and fight against injustices. Or anywhere in between.
In other words, there are as many attitudes towards LGBT within Anonymous as there are Anons. Just like everyone else, really.
Continue reading →
Related posts: