postimg
Nov 2012 26

by Nicole Powers

These days, it’s kinda like your computer illiterate granddad is laying down the law on the internet. Only worse. Cause your computer illiterate granddad doesn’t have the power to send your ass to jail for longer than most rapists for the crime of clicking on the wrong http link. Which is something the US government is trying to do. Fo’ realz. Yep. That.

Case in point. Andrew Alan Escher Auernheimer, a.k.a. @rabite, a.k.a. Weev. He’s just been found guilty on one count of not actually hacking anything and one count of having a list of email addresses, even though no one bothered to prove he ever actually had ’em, tho everyone agrees his mate did. Confusing right? You can totally imagine Gramps throwing his hands in the air at this point and saying to hell with this good-for-nothing with two too many silly-ass names – which is pretty much what the US government is doing.

Part of the problem is that the laws Andrew Alan Escher Auernheimer, fuck it, let’s just call him Weev, has been found guilty of violating – which came into being under the 1986 Computer Fraud and Abuse Act (CFAA) – predate Hypertext Transfer Protocol, the first documented version of which, V0.9, was codified in 1991. In light of the fact that we’ve yet to come up with a fully functioning flux capacitor, as you can imagine, the application of the CFAA on today’s internet works about as well as Doc Brown’s DeLorean time machine.

***

“Couldn’t it be argued that Weev actually did something good and beneficial for society?”

Wait? Wut? If that’s the case, remind me why Grampa Government is trying to throw his ass in jail?

I’m chatting with Jay Leiderman, a chap who knows a thing or three about the law and the internet. He’s an elite California State Bar Certified Criminal Law Specialist-grade lawyer who’s defended several high profile hacktivist types, including Raynaldo Rivera of LulzSec and Commander X of the Peoples Liberation Front. He also happens to be a Twitter ninja, which is how I got to know him. A quick perusal of his @LeidermanDevine twitter feed will tell you Jay’s a rare legit legal animal who clearly gets today’s wobbly whirly web, which is why I called him up to discuss Weev’s wobbly whirly situation, which is as follows…

On November 20, 2012, in a Newark, NJ court, Weev was convicted of USC 1028, “identity theft” (as in “stealing” a list of email addresses) and USC 1030 “conspiracy to access a computer device without authorization” –– which, according to Jay, is something we technically all do multiple times every day. Given that Weev was singled out of the entirety of America’s online population for prosecution, in real terms, it’s safe to say what he’s actually more guilty of is embarrassing the fuck out of a Fortune 500 company…and the government no likey that.

Let me explain: Back in 2010 when the iPad first came out, Weev’s mate figured out that AT&T was doing a sloppy ass job with autofill on an app, and in the course of achieving this great technological feat had publicly published the e-mail addresses and ICC-IDs (the identifiers that match a person to their SIM card in a mobile device) of its entire iPad customer base on the web – with no password, no firewall, no fuck off or die warning, no nothing to protect them. Yep. Really. They were that dumb.

“There’s an AT&T web app that had a URL on it with a number at the end, and if you added one to the number you would see the next email address,” explains Weev by phone after I tracked his ass down via teh twitters. Obviously there’s quicker ways to get kicks online than adding a digit to a URL and hitting return (have you tried Googling Goatse?), so Weeve’s ever resourceful mate, Daniel Spitler, created an app called the “iPad 3G Account Slurper” which sucked up well over 100,000 addresses. “My friend just wrote a script to irate though and add one to the number again and again and again,” Weeve tells me. “It’s not fucking rocket science. It’s basic arithmetic. It could have been done manually on any iPad.”

So that explains how they “stole” the list of publicly published email addresses, but why might be a better question to ask. “Comment and criticism against large companies which go unchecked in our country,” replies Weev, when I ask him. “And making a public spectacle and ridiculing them, which I think frankly makes me the best fucking American in the room. We used to be a country that valued criticism of the powerful, and we haven’t really been in the past three decades.”

To add context, at the time, Weev and his mate (who copped a plea bargain) were working under the banner of Goatse Security, and as such, their mission in life was to explore gaping holes (I told you to Google Goatse!). AT&T’s might not have been the sexiest of holes, but it was gaping and it could be argued that it was in the public interest that Goatse Security rummage around in it.

Among the private email addresses that AT&T were publicly publishing were ones belonging to politicians (New York Mayor Michael Bloomberg and White House Chief of Staff Rahm Emanuel), members of the military and multiple government agencies (DARPA, DHS, NSA, FAA and FCC), and high profile media types (Diane Sawyer and New York Times CEO Janet Robinson). Goatse Security could have had much lulz with the list and/or sold it for mucho dinero, an option which the duo allegedly discussed in IRC chats but put aside. Instead, they decided to go to the press to speak truth to power, which was really when the trouble began.

Weev served as Goatse’s spokesperson and spin master. It was his job to liaise with the media and present stories in a way that might titillate us lazy-ass scribes. “Hey, look, I just found a list of email addresses on a bunch publicly accessible web pages” might have been accurate, but it wasn’t the kind of story that would make copy even on the slowest of news days, so Weev sexed it up a bit. In a press release sent to several news outlets he wrote, “I stole your email,” and, like a magician offering to explain a trick, followed it up with, “Let me explain the method of theft.”

Because of this hyperbole, Weev essentially convicted himself on the first count of “identity theft.” The prosecution spent much of their time with Weeve on the stand discussing his use of the words “stole” and “theft” during cross-examination. I mean, I know it’s said that sarcasm is the lowest form of humor, but I didn’t know it was illegal! And speaking of the law’s humor bind spot, the prosecution also referred to Weev’s Encyclopedia Dramatica entry and used that against him, which, given the spoof nature of the site, is tantamount to using a Saturday Night Live skit as legitimate and damning character evidence. I. Kid. You. Not.

At no time did Goatse ever make the list publicly available – AT&T were the only ones doing that. The prosecution never really attempted to prove that Weev possessed the full list of email addresses. What neither side disputes is that Weev tapped the list for a handful of press email contacts (something he would have likely got by calling the media outlets direct anyways), then merely passed on a link to it to a journalist for verification. The journalist in question was Ryan Tate of Gawker. His story ran on June 9th, 2010, and it was because of this that the shit hit the proverbial fan.

“This access would have gone unnoticed if I hadn’t gone to the press. If I hadn’t informed AT&T’s customers,” says Weev. “They’re not really pissed about the access, they’re pissed about the speech attached to the access. God forbid corporations be subject to fair comment and criticism.”

Talking of access, the second count Weev was convicted of – “conspiracy to access a computer device without authorization” – is something that should be cause for concern for anyone that has ever clicked on anything on the web. The way this law – which predates all of One Direction and the hyperlinked internet as we know it – is interpreted means that accessing a “protected computer” could get your ass slung in jail. But what is a “protected computer” and how the fuck are you supposed to know when you’re accessing one? This is where the law gets interesting. And by interesting, I mean really fucking stupid.

“The definition of protected computer comes from comes from the Computer Fraud and Abuse Act of 1986, and in 1986 http hadn’t been invented yet,” says Weev. “This was a long time ago when servers were things that were only accessible by dial-up that every single one universally had a password for. There wasn’t the concept of a public network. At the time, if you were accessing a remote server, and you didn’t have permission to be there it’s clear that it wasn’t public data. But now it’s the age of the internet. We click links every day. You’ve never gotten Google’s permission to go to Google, you’ve never gotten any website’s permission that you’ve visited. It’s the universally understood aspect of the web that you can visit a public http server without pre-written authorization. It’s a ridiculous notion that you need it. And the prosecutor is using an ancient antiquated definition of a protected system, which is any system that engages in interstate commerce. So essentially, every cell phone, every computer, every public web server is a protected system, and the minute you do something that a website operator doesn’t like – if they’re rich enough of course, if they’re a Fortune 500 company – then they can have you.”

That might sound rather dramatic, but Jay, my favorite SG-lovin’ lawyer agrees. “Based upon this case, the government’s new position is that you are required to be clairvoyant in terms of determining what a protected computer is and what a non protected one is,” he tells me. “From now on you have to be a psychic…because if it isn’t password protected but it’s a ‘protected computer’ you’re potentially going to be found guilty like Weev was.”

Thank god there’s free tittysprinkles on the internet, because otherwise the risks of clicking on something you shouldn’t wouldn’t be worth price. As Weev puts it, “The law says every time that you click a link, if the person at the other end has enough money and connections, and they just don’t like you, they can have you arbitrarily thrown in jail by declaring your access – after the fact – unauthorized.”

But how did we get from “something good and beneficial for society” to “free tittysprinkles”? Well, some might see a very obvious linear connection, but those that don’t should consider this; There’s a cat and mouse game that goes on between big business and the internet security community, but it’s a symbiotic relationship nevertheless. And as consumers who are clueless when it comes to code, we should be grateful to those that are scanning for flaws, and pressuring big corporations to sort their shit out on our behalf.

“Perhaps the greatest lesson of Weev’s case is that not only is there no reward for helping these companies patch their holes and fix themselves, indeed now you’re going to be facing ten or fifteen years of prison if you do,” says Jay. “What’s the incentive to make these companies more secure? I mean, you’re better off just hacking them now. You’re better off just hacking these companies and not telling them. If you get caught essentially you’re facing about the same punishment anyway so what’s the difference?”

***

Weev is currently in the process of appealing his conviction. You can donate to help with his legal costs here.

And tell Grampa Government to get off our lawn and out of our emails.

Isn’t it time we upgraded our legal operating system?

postimg
Nov 2012 16

by Dell Cameron

The threat of an all out war between Israel and the Palestinian resistance has increased drastically over the past few days as the Israeli Defense Force began a bombing campaign in Gaza. The Israeli Defense Force has continuously blanketed Gaza City with air strikes from warplanes, drones and gunboats since announcing Operation Pillar of Cloud on Twitter. This marked the first military action ever announced by a government entity via a social networking site.


[@IDFSpokesperson – November 14, 2012]

The tweet was posted shortly after the confirmed kill by Israelis on Wednesday of Ahmed Jabari, Hamas’ military commander. An endless volley of Fajr rockets from within Gaza have been targeting Israeli cities in retaliation. According to Haaretz, Israel’s oldest daily newspaper, the Palestinian resistance rockets have a range of 75km, placing Tel Aviv well within range of their attacks.

A pysops campaign was also started by the Israeli Defense Force, who dropped leaflets early Thursday morning throughout Gaza, warning citizens to stay far away from Hamas forces. Some Gaza residents on Twitter claimed the leaflets warned of an impending ground force attack should Hamas continue to escalate their attacks.

While UN meetings were either canceled or adjourned with no course of action decided, this wasn’t the case with another group. The hacktivist collective Anonymous jumped into action late Wednesday evening under the banner of #OpIsrael – downing Israeli government websites and amassing support on Twitter for those caught in the crossfire in Gaza.

In a press release, which was translated into several languages, Anonymous outlined their position in defense of a free and open internet stating:

“But when the government of Israel publicly threatened to sever all Internet and other telecommunications into and out of Gaza they crossed a line in the sand. As the former dictator of Egypt Mubarack learned the hard way – we are ANONYMOUS and NO ONE shuts down the Internet on our watch. To the IDF and government of Israel we issue you this warning only once. Do NOT shut down the Internet into the “Occupied Territories”, and cease and desist from your terror upon the innocent people of Palestine or you will know the full and unbridled wrath of Anonymous. And like all the other evil governments that have faced our rage, you will NOT survive it unscathed.”

Prior to the press release, Anonymous issued an online “care package” which contained a variety of useful materials intended for residents of Gaza. Resources included information on how to access the internet in the event that the Israeli government shuts off, instructions on how to hide data traffic from surveillance, a first aid guide, and meshnet apps to help Palestinian’s access Egyptian cell networks if their service is cut.

Anonymous spent much of Wednesday night locating and utilizing Arabic-speaking volunteers to translate their communiqués, since Google Translate does not function adequately for Arabic. In addition to the Arabic translations, as of Thursday afternoon, Anonymous Twitter accounts were also seeking assistance from Hebrew speakers, claiming they intended to provide the same technical support to victims of Palestinian attacks in Tel Aviv. A short statement by Anonymous in a separate press release stated:

“Anonymous does not support violence by the IDF or by Palestinian Resistance/Hamas. Our concern is for the children of Israel and Palestinian Territories”.

Additionally, hundreds of users reportedly congregated in IRC chat rooms Thursday to carry out denial of service attacks on a variety of targets. The Israeli Defense Force website was downed several times throughout the day, though not for very long. One Anonymous user claimed that up to 40 sites had been targeted. Other websites, such as securityacademy.com/ – an Israeli security training company – were hacked and defaced with the Fawkesian symbols and suited imagery commonly used by the collective.

It is unclear what overall impact Anonymous will have in the Israeli-Palestinian conflict, but a number of mainstream news outlets including Tribune.com, Salon.com and The Huffington Post have already begun reporting on the collective’s action. Meanwhile, the IDF’s public relations and social media charm offensive has been countered by Anonymous and supporters of the #GazaUnderAttack hashtag. If bombing continues in Gaza, internet and phone services are likely to go offline. If that happens, as with the Arab Spring, Anonymous may once again receive credit for restoring communications to a population whose global access is being intentionally suppressed by a military force.

**UPDATE – 4PM PST, NOVEMBER 17, 2012**

[..]

Page 5 of 58« First...34567...102030...Last »