Forgot your password?
typodupeerror
The Courts AT&T United States Technology

Andrew Auernheimer Case Uncomfortably Similar To Aaron Swartz Case 400

Posted by Soulskill
from the struggling-to-find-a-reasonable-punishment dept.
TrueSatan writes "Andrew Auernheimer doesn't appear suicidal, no thanks to U.S. prosecutors, yet he has been under attack for his act of altering an API URL that revealed a set of user data and posting details of same. 'In June of 2010 there was an AT&T webserver on the open Internet. There was an API on this server, a URL with a number at the end. If you incremented this number, you saw the next iPad 3G user email address. I thought it was egregiously negligent for AT&T to be publishing a complete target list of iPad 3G owners, and I took a sample of the API output to a journalist at Gawker.' Auernheimer has been under investigation from that point onward, with restrictions on his freedom and ability to earn a living that are grossly disproportionate to any perceived crime. This is just as much a case of legislative overreach and the unfettered power of prosecutors as was Swartz's case."
This discussion has been archived. No new comments can be posted.

Andrew Auernheimer Case Uncomfortably Similar To Aaron Swartz Case

Comments Filter:
  • by Anonymous Coward on Wednesday January 23, 2013 @05:21AM (#42667367)

    The United States, collectively, has lost its fucking mind.

    • by Anonymous Coward on Wednesday January 23, 2013 @05:45AM (#42667467)

      That seems to summarize the root of the problem quite well. Individually, I believe most Americans are quite sane and normal people. But as a whole, the USA has gone insane. It's caught in its own stupid system.

      • by Anonymous Coward on Wednesday January 23, 2013 @06:00AM (#42667527)

        Individually, I believe most Americans are quite sane and normal people.

        Normal people are highly unintelligent, so it's not a good thing that they're "normal." Sane? No one sane would accept the TSA, the Patriot Act, free speech zones, or hell, basically warrantless anything. They're both unintelligent and insane.

        • You know how dumb the average person is?

          50% are worse.

          • Re: (Score:3, Insightful)

            by fatphil (181876)
            That assumes no skew. If you'd said "median", you'd be right. Assuming a small minority of bright sparks are pulling up the average, the bell-curve will be skewed to the left, and more than half of the population will be below the mean intelligence level. (I've made some assumption about what the curve really looks like, but I know similar logic applies to income levels, where a few mega-earners again pull up the mean.)
            • Re: (Score:3, Informative)

              by Jmc23 (2353706)
              Try not to make an ass out of yourself. If you knew anything about IQ you would know it's deemed a regular bell distribution.
      • by qbast (1265706) on Wednesday January 23, 2013 @06:49AM (#42667727)
        "The system" has been built bit by bit by those "sane and normal" American. You live in republic not dictatorship, remember? You can either have that warm feeling of superiority over you "land of free" OR you can pretend that "the system" is something you have no responsibility for. So next time you read about teen hounded to death by "the system", remember: it is also YOUR fault.
        • by bbelt16ag (744938)
          "and to those who are to blame you only need look in a mirror..." V
        • Re: (Score:3, Insightful)

          by Rich0 (548339)

          Agree in part, but as long as 80% of the voters watch Fox News and attack ads and do what the rest of the 80% of America tells them to do we're going to end up with more of the same.

          Very few people enter into reasoned debate and bother to understand issues before voting on them. If everybody they associate is talking about death panels, then there must be death panels.

          The result is that the only way to get elected is to spend enormous amounts of money on advertising and influencing public opinion. The onl

          • by Anonymous Coward on Wednesday January 23, 2013 @07:26AM (#42667899)

            >Agree in part, but as long as 80% of the voters watch Fox News

            Uhm, it's the Obama administration, silly.

            The sad truth that NO ONE wants to hear or face:

            In general, the slashdot crowd voted for this. Obama sold the VP to the copyright industry for two terms before his first election: http://news.cnet.com/8301-13578_3-10024163-38.html

            This issue has always been avoided by the slashdot crowd, and downvoted when Obama needed to be elected.

            Biden, however, before Obama's first election, has made very clear that he wants hard prison time for copyright violators. This is his job, he was hired for it by the industry. You know, hard prison time for REAL persons. His sponsors are also public and well known.

            So most of you voted for this. And are hypocrites now. Because you choose to ignore it, to get your man elected. Granted, the other man was worse, but had other sponsors. The hard prison time for REAL persons was ignored. So, Swartz' death is the collateral damage of your own actions and vote, and to make it worse, many are totally ignoring this while pointing fingers at "the government" and "the prosecutor", who are just implementing the administration's policy, which you voted for. Or even blame Fox.

            How convenient for you.

            • Idiot, a systemic fail cannot by nature be the responsibility of one person.

            • by _anomaly_ (127254) <anomaly.geekbits@com> on Wednesday January 23, 2013 @09:25AM (#42668855) Homepage

              Granted, the other man was worse

              So, practically speaking, what would you suggest those who voted for Obama had done instead? Abstain from voting all together? Then they'd be labeled as not participating in the system and "part of the problem". OK then, I guess we have to take it one step further: everyone who voted for Obama because "the other man was worse" should have ran for office themselves? In part, I agree.

              I ran for State Representative in my state 4 years ago because my "representative" was running unopposed. Rather than complain for 4 months leading up to the election about how the system is so screwed up that many, many incumbents run unopposed, I paid the $200 (yes, it costs money to be on the ballot) and ran myself. I was a no-name, had no money to spend (I had just under $1k in donations that I used on yard signs and door hangers so I'd have a little chance). I even had a few neighborhood get togethers, one where our Senator attended (for which I was surprised, and very grateful) in support. Let me tell you, it's very disconcerting when you realize just how the parent post is correct, about having to spend enormous amounts of money. Of course, it's usually proportional to the office you're seeking.

              What seems to always get overlooked, it seems to me, is that the root of the systematic problem in the US political system is the dire need for campaign finance reform. And I mean severe campaign finance reform. It's such a huge problem, the solution won't be easy, and it certainly won't be perfect. But it must be pushed by "we the people" or we'll be stuck in this two-party freak show.

              • by terec (2797475)

                Don't bet that financial reform helps; it may make things worse. In the US, running is expensive, but at least you can do it as an independent candidate. Here in Germany, nominally, running for office is cheap, but no independent candidate has ever been elected to German parliament. If you aren't part of one of the party machines, you don't have a chance. Furthermore, many seats in parliament are just given away by parties to their political cronies. You get an electrician without a college education trying

              • by hypergreatthing (254983) on Wednesday January 23, 2013 @11:15AM (#42670145)

                I voted for a third party candidate this year, and will probably every year going forward. Because the two main parties are the same old broken shit and are copies of one another. They pit people against themselves and offer the same exact solution, which is to say, not a solution, but just the same old stuff.

          • by l3v1 (787564)
            "Very few people enter into reasoned debate and bother to understand issues before voting on them."

            My experience - which is failry limited, mind you, and also anecdotal, since of course I can't prove it, so take it as it is, an opinion - is that older generation [i.e. they and some or many of their ancestry is born american] americans seem to be more accepting than debate-oriented, vs. younger- or first-gen. americans, especially who are from mid-western european countries. The latter seem more willing to
          • by wizkid (13692)

            Agree in part, but as long as 80% of the voters watch Fox News and attack ads and do what the rest of the 80% of America tells them to do we're going to end up with more of the same.

            It's not just Fox News. CNN, MSNBC ABC are all pumping out filtered garbage too. It's sad, but the US is now the land of the sheep. Almost nobody thinks for themselves. The first amendment has become a joke, because the corporations have been allowed to buy all the news outlets, and they only let you see what they want yo

        • by usuallylost (2468686) on Wednesday January 23, 2013 @08:26AM (#42668297)

          "The system" has been built bit by bit by those "sane and normal" American. You live in republic not dictatorship, remember? You can either have that warm feeling of superiority over you "land of free" OR you can pretend that "the system" is something you have no responsibility for. So next time you read about teen hounded to death by "the system", remember: it is also YOUR fault.

          The citizens are responsible for the system. I see two real problems. One is we have an electorate where a major percentage of the people cannot tell you anything much about how the system works. They can't tell you anything useful about the bill of rights or the constitution. Everyone knows about the first amendment and maybe the 2nd but ask them about the others and few can tell you anything. They certainly have no understanding of the issues currently being debated beyond whatever 30 second news byte they have seen. There is a sizable portion of the electorate who votes on things like who is most attractive, who has the best hair, who went on their favorite talk show or who makes the biggest claims about whatever pet cause they have. The end result of all of this is that the political system has effectively been on auto pilot for decades.

          The other problem we have is that congress, in large part because the system has been on autopilot, has gotten really lazy and corrupt. A lot of the abuses we see are because of the run away power of administrative agencies. It used to be that congress passed actual laws that said in some detail what was to happen. Now they pass vague laws that say things like "administrative agency X will write regulations to achieve result Y". Where those regulations have the force of the law under which they were written. So a huge percentage of the "laws" that exist in this country are actually administrative regulations. In all probability most members of congress probably could not tell you what actual regulations came out of any given law that they passed. So in effect the vast majority of "laws" that we live under aren't laws at all they are regulations developed by a whole host of agencies that are, at best, minimally supervised by congress.

          Where all of this becomes a problem is that the people at the agencies aren't elected. They don't really change, other than the appointed heads, after elections. Other than the budget process congress has very little ability to even impact what these people do. The end result is an ever more powerful bureaucracy. A Bureaucracy which is so vast, so powerful and so entrenched that even the President, who is supposed to control it, can't really tell what it is doing most of the time. Congress, having outsourced most of their job, is free to engage in the kind of shenanigans we have come to expect from them.

          I don't know how we fix this. At this point the problem is so vast it maybe beyond fixing. I hope not because it is an ill omen for all of us if that is true. It would help a lot if the various administrative regulations had to be voted on by congress before they could go into effect. Unfortunately I have no idea how we would force them to do that. They certainly aren't going to volunteer since as it stands now they are relieved of all manner of drudgery involved with actually doing their jobs. My only suggestion is encouraging people to actually learn about the system. Learn about the hows and whys of how it is setup and operates. Learn about this history. An informed electorate is our only real hope. Sadly the electorate is going the other way fast.

          • by Jmc23 (2353706)
            An informed electorate is NOT the solution! You, and everybody else, must accept the fact that the majority of the population cannot or willnot understand the system.

            Do not pin your hopes on false realities, the bell curve will always be there. So start thinking of a solution that's actually plausible in reality.

          • by VortexCortex (1117377) <VortexCortex@Nos ... t-retrograde.com> on Wednesday January 23, 2013 @12:51PM (#42671369)

            I don't know how we fix this.

            Simple. Outlaw Bribery, i.e. Outlaw Lobbyists, Campaign Contributions, Perks, Promises of Jobs after your term, etc. There should be strict punishments for that type of corruption. Then the only people who'll want to do the job of governing are the people who actually care about people, not corporate and foreign interests. Vastly reduce the amount of classified information -- There's no reason we have to make shady (illegal) deals with enemies for diplomacy, we can put forth a stance and stick by it, and be open about the times when we say, sell a bunch of weapons to warlords for intel; The public will understand if you tell them why (if not, then you shouldn't be doing it, what have they got to hide?). Get rid of the redundant agencies, e.g., we have Police and FBI, we don't need Federal Police (DHS), that's a huge tax burden and they serve no purpose that a well armed public could not. Protip: The police can't protect you, after you or your loved ones are dead then they go after the bad guys; It's the citizen's job to protect themselves. Place a 6mo to 1yr probationary period for new laws so that knee jerk reactions like ridiculous gun control regs or things like the PATRIOT Act, or SOPA can easily get tossed out. Teach civics in school along with US history, EVERY YEAR, not just one course -- If ignorance is a big problem, then education is the answer. Ditch the current voting system and have votes be a prioritized list of candidates, so if your option #1 loses, then the votes are recalculated using your option #2, then repeat for #3 and so on removing candidates until there's one winner. This way you can show support for a 3rd (or 7th) party in your #1 vote, and still use #2 as your fall-back vote. It's not rocket science we have the technology.

            Do I think ANY of that will happen? No, not at all. All of this is easier said than done, and most people are lazy and greedy; Unwilling to spend the money to change anything. Read the history books folks, nations begin with people having some degree of power & rights, then governments take those powers for themselves and reduce the citizen's rights and freedoms until shit hits the fan. Every Time. The only way to stop the cycle is to give the people back the control, and make the government accountable for their actions by the people. It seems the US is going the other direction... You can't let the government police itself! You don't put rats in charge of cheese! Rome wasn't built in a day, but it was destroyed in one, that day was September 4, 476.

    • Re: (Score:2, Offtopic)

      by havana9 (101033)
      Read the title in Dalek voice. The World Economic Foum i sel in Davos in 1971. The Dalek's creator is Davos? Coincidence? We think not.
    • by couchslug (175151)

      The idea that things have gotten worse implies some magical time when they were different.

    • by Anonymous Coward on Wednesday January 23, 2013 @07:13AM (#42667839)

      The United States, collectively, has lost its fucking mind.

      More precisely, the US has collectively been asleep for the last 35 or so years and has morphed into a corporatocracy [wikipedia.org], in which case the Justice Department is behaving as expected and protecting the interests of AT&T.

    • by Zemran (3101)

      Wrong, it should 'selectively prosecute those who threaten profit, lets not worry about all those crazies with sub machine guns'

    • Weev tried to sell this to gawker. The difference between the Swartz case and weev's case is that weev really fucked up. The fact that he's kind of a looney isn't helping his case much.

      So, no it hasn't lost it's mind.

  • by Anonymous Coward on Wednesday January 23, 2013 @05:24AM (#42667385)

    Simply put the guy in court, thus correcting the security hole once and for all.

    Appears to be the American way of dealing with security breaches.

    • by FriendlyLurker (50431) on Wednesday January 23, 2013 @05:38AM (#42667441)
      I think their aim is to put the guy in Jail, not court. Its worth repeating: this and Swartz's case are just a symptom of the two tiered justice system [salon.com] at work. Persecution ingrained at the Institutional level, it is not not just a few overzealous prosecutors as some apologists try claim.

      two-tiered justice system — the way in which political and financial elites now enjoy virtually full-scale legal immunity for even the most egregious lawbreaking, while ordinary Americans, especially the poor and racial and ethnic minorities, are subjected to exactly the opposite treatment: the world’s largest prison state and most merciless justice system.

      • Thanks for the link.

      • by SirGarlon (845873) on Wednesday January 23, 2013 @07:07AM (#42667803)

        I'm just an observer (not an attorney or prosecutor), but I suggest the hypothesis that the two-tiered system is attributable to prosecutors being lazy and cowardly. The rich and powerful can take full advantage of legal tactics to draw out a trial and delay an inevitable verdict, even when they're guilty as hell. Thus, it is much costlier and more uncertain to prosecute a banker than a hacker. Prosecutors advance their careers and reputations by getting a lot of convictions. Their incentive is to go after the easy prey.

        So, the way to fix this mess is to change the incentives for prosecutors so they are motivated to pursue the most harmful crimes, not the ones that are easiest to convict. Easier said than done.

        • It's more than going after the most harmful crimes, and requires perhaps a bit of a redefinition of the prosecutor's role. A defense lawyer's role is to get his client off the hook by any (legal) means available. The prosecutor's role should not be the opposite of this, getting a conviction by any means. It should be to have justice prevaiL. That doesn't mean asking for a lighter sentence if there are some irregularities in the investigation, let the defense and the judge worry about that. It does mean
        • by dcollins (135727)

          The key part missing in the current system is a check and balance on prosecutors (and who, what, and how much they charge). The original check and balance was supposed to be the jury of peers; but of course these days only 5% or less of people going to prison get a jury trial. So the first part of the solution is fairly simple: ban plea bargains, restore the fundamental right to a jury trial, and require every single charge to be confirmed by a jury of peers without exception.

          • by the eric conspiracy (20178) on Wednesday January 23, 2013 @09:13AM (#42668741)

            The problem is the laws. What Aaron did should have never been a felony.

            Take away the felony charges and the AG loses interest in a hurry.

            The US has more people in prison than any place else in the world for a reason. The penalties for minor crimes are over the top.

      • by Anonymous Coward on Wednesday January 23, 2013 @07:16AM (#42667863)

        Interestingly, Auernheimer disagrees with this interpretation.

        From TFA: (the techcrunch statement)
        "Ivy league educated and wealthy, Aaron dealt with his indictment so badly because he thought he was part of a special class of people that this didn’t happen to. I am from a rundown shack in Arkansas. I spent many years thinking people from families like his [Swartz] got better treatment than me. Now I realize the truth: The beast is so monstrous it will devour us all. None will be spared."

  • by eksith (2776419) on Wednesday January 23, 2013 @05:24AM (#42667387) Homepage

    Dump and humiliate instead of disclose "responsibly". That word applies to both parties; when a vulnerability is revealed "responsibly", and the end result is for the powers that be to act irresponsibly with no regard to measured response, what's the incentive to do good?

    Delicacy is over. Expect nukes.

    I'm just gonna grab the popcorn and enjoy how the restless kids will respond to the power high prosecutors expect to get massaged.

    • by Dr. Evil (3501) on Wednesday January 23, 2013 @06:05AM (#42667537)

      It looks like he was already nuking.

      " I took a sample of the API output to a journalist at Gawker."

      "I did this because I despised people I think are unjustly wealthy and wanted to embarass them."

      "...We were able to establish the authenticity of Goatse Security's data through two people who were listed among the 114,000 names. "

      I share his dislike for the telcos... but "Oh look, a leak", then "I'm pulling all the records and sending it to the media" is not responsible disclosure.

      " it might be possible to spoof a device on the network or even intercept traffic using the ICC ID."

      He was wrong, but despite thinking the breach were more serious than a privacy issue, he still published the information, then speculated on nefarious uses to reporters.

      That said, it does not warrant the prosecution... his actions were only unethical.

    • by gmuslera (3436) on Wednesday January 23, 2013 @07:15AM (#42667851) Homepage Journal

      "Responsibly" like the report of a Java vulnerability in August, that exploded in everyone's face after Oracle sit on that report for months?

      The problem is not the people that find and report the problem in a way or another (and advising the users too, just because there are too many cases like Oracle). Is the ones that find and exploit it silently.

      Law is (in some cases, literally) killing the messenger, if you find something that could be exploited, better don't tell anyone because even reporting it to the company could get you in trouble too. Eventually someone in the dark side will exploit it (if is not doing that already) but is not your problem, maybe is even designed that way to always get fresh 0-day exploits for the new generation of Stuxnet (lawyers are involved, you can't attribute that to stupidity)

      • by Lehk228 (705449)
        There is no more responsible disclosure.

        not if you want to stay out of prison anyways

        if you find an exploit, maka a metasploit plugin and publish anonymously via TOR
    • by argStyopa (232550)

      Did he 'disclose responsibly'?
      I know nothing of the case aside from the summary, and /. summaries often are entirely wrong.

      But: "...I thought it was egregiously negligent for AT&T to be publishing a complete target list of iPad 3G owners, and I took a sample of the API output to a journalist at Gawker.'..."

      Posting AT&T exposure details to a journalist?
      Telling AT&T their data is exposed, getting ignored/whatever, THEN taking to a journalist - something entirely different.

      • by kenh (9056)

        Like the fellow in the JSTOR case, he decided his crime was OK because he was trying to further his political aims.

  • US Attorneys (Score:5, Interesting)

    by ShakaUVM (157947) on Wednesday January 23, 2013 @05:26AM (#42667399) Homepage Journal

    Yes, US Attorneys are the most powerful, and least controlled, people in our government. Even the president has more checks and balances on his power than what these guys get away with.

    A US Attorney is trying to seize the assets of a friend of mine, who is guilty of doing nothing but leasing land to some farmers, that grew pot on it without his knowledge. He's running into debt fighting the case, but the US Attorney is going full bore anyway, since it doesn't cost *him* anything to try to make an example out of someone.

    I think we should institute loser-pays in all lawsuits involving US Attorneys. (Unless we have this already? I don't know.) There's a reason why 90%+ of all cases with them are plea bargained out - the US Attorneys have effectively unlimited resources, and can drain you dry fighting them.

    • Re:US Attorneys (Score:5, Insightful)

      by mwvdlee (775178) on Wednesday January 23, 2013 @05:35AM (#42667433) Homepage

      try to make an example out of someone.

      This is where the problem starts. Nobody deserves or has earned to be treated differently in a legal system.

      • Re:US Attorneys (Score:5, Insightful)

        by ShakaUVM (157947) on Wednesday January 23, 2013 @05:43AM (#42667455) Homepage Journal

        Regardless, US Attorney Wagner seems to think that seizing the assets of non-drug-related landowners will be sufficient to scare them all into doing the police work for him.

        • it has a chilling effect... it's already been used elsewhere to get medical marijuana stores closed down as the landlords evict the tenants rather than have the authorities fall down on them...
        • Re:US Attorneys (Score:5, Informative)

          by sesshomaru (173381) on Wednesday January 23, 2013 @09:27AM (#42668879) Journal

          n 2009, the 69-year-old owner, Russ Caswell, received a letter from the DOJ indicating the government was pursuing a civil forfeiture case against him with the intention of seizing his family's motelâ"it was built in 1955 by Russ's fatherâ"and the surrounding property. Ms. Ortiz's office asserted that the motel had been the site of multiple crimes by its occupants over the years: 15 low-level drug offenses between 1994 and 2008 (out of an estimated 125,000 room rentals). Of those who stayed in the motel from 2001 to 2008, .05% were arrested for drug crimes on the property. Local and state officials in charge of those investigations never accused the Caswells of any wrongdoing.

          Nor is the U.S. attorney charging Russ Caswell with a crime. The feds are using a vague but increasingly common procedure known as civil asset forfeiture. In criminal forfeiture, after a person is convicted of a crime the state must prove that the perpetrator's property had a sufficiently strong relationship to the crime to warrant seizure by the government. In civil forfeiture proceedings, the state asserts the property committed the crime, andâ"under civil lawâ"the burden of proof is on the defense to demonstrate their property is innocent.

          "I've found... I'm responsible for the action of people I don't even know, I've never even met, and for the most part I have no control over them," Mr. Caswell told WBUR Boston. "And when they do something wrong, the government wants to steal my property for the actions of those people, which to me makes absolutely no sense. Itâ(TM)s more like we're in Russia or Venezuela or something."

          According to the sworn testimony of a DEA agent operating out of Boston, it was his job to comb through news stories for properties that might be subject to forfeiture. When he finds a likely candidate, he goes to the Registry of Deeds, determines the value of the property in question, and refers it to the U.S. attorney for seizure. It is DEA policy to reject anything with less than $50,000 equity. -- Carmen Ortiz's Sordid Rap Sheet [whowhatwhy.com]

          The US Attorney's office is a breeding ground for monsters, and it certainly isn't any better under the current administration than previous ones.

          In the old Roman Empire, this kind of property seizure was done by emperors like Caligula using similar methods.

    • Re:US Attorneys (Score:4, Interesting)

      by Anonymous Coward on Wednesday January 23, 2013 @06:28AM (#42667625)

      There's a reason why 90%+ of all cases with them are plea bargained out - the US Attorneys have effectively unlimited resources, and can drain you dry fighting them.

      That's not true. Large corporations kick their asses every day due to the budgetary restrictions on the Justice Department. Large Banks and Investment Firms, Big Pharmaceuticals, etc. can out maneuver and spend the government. They can, and do, drag a case on for years and turn it into a war of attrition. And because everyone in the US loves a winner and abhors a loser, US Attorneys look for easy victories, as picking on David is easier to do than fight Goliath.

      As for the the large amount of plea bargains, that relates to all accused persons--not just the innocent ones. The fact of the matter is, the vast majority of folks being prosecuted are guilty of the crime they are accused of. So, if you are guilty, taking a deal for a lighter sentence in return for not costing the government huge sums of money to prosecute your case only makes sense...

      • If it applies to innocents as well as the guilty, taking a deal is completely irrelevant and unrelated to actual guiltiness. Thus, you can't use the number of deals as measure to estimate that a majority is guilty.

    • by Mikkeles (698461)

      Where is the judge in all this? He certainly has the power to throw out the case.

  • by Anonymous Coward on Wednesday January 23, 2013 @05:27AM (#42667405)

    a case of a bunch of clueless pricks in the legal system extending jurisdiction to a field they have no knowledge of but feel they need to be responsible for. The fact that the people involved are not so embarrassed that they automatically resign when these acts come to light but instead defend their position also speaks volumes.

    It's as if Jen from the 'it crowd' got a law degree.

  • kim.com has his megakey system which works as an ad blocker but replaces existing advertisments on web pages with ads served by mega. There has already been some rumbling from advertisers and web page publishers that changing a web page in this way violates their copyright. So is it always going to be legal for me to view source on a web page and view it in my preferred way?

    Likewise, I can put any address I like into the URL bar but these guys are being prosecuted for doing that. Isn't it their web browser?

    • Re: (Score:3, Insightful)

      by Rich0 (548339)

      He embarrassed a large corporation. That makes powerful people upset. He must be punished.

  • by Anonymous Coward on Wednesday January 23, 2013 @05:44AM (#42667459)

    and saw something I wasn't expecting to see. I should have told my sorry story to a journalist at The Onion!
    "Area man, who miss typed a URL and saw something he didn't expect to see, is now under expensive investigation"
    In a comment, average taxpayer stated "This is definitely the right way to spend tax dollars and why I am proud to be a taxpayer."

  • by Anonymous Coward on Wednesday January 23, 2013 @06:05AM (#42667535)

    The problem is that the law makes it a crime for 'unauthorized' access, but allows the 'victim' to detrtmin whatwas 'unauthorized' *after* the fact and for a public offering that is automated.

    It is as if someone puts a stack of newspapers on a sidewalk with a sign that says 'free' and then asking the DA to prosecute for 'theft' anyone they don't like that took them upon their offer and took more then one. I.e.they decide afterwards that one is The 'limit' and the sign just says 'free'.

    Oh and these sleazy DAs count each URL issued as a separate count of the 'crime' with a penalty of 5 years and $300,000 possible on each count of 'unauthorized access'.

    It is all to appear 'tough on crime' for their next election. And, yes, they have all the resources of their office to put on your case against you.

    Fair? No. Disproportionate penalty for the 'crime'? Certainly. It is really a contract dispute - a civil matter, not criminal.
    The law is just wrong. Make your vote count on these issues and hold your legislators and judiciary oversight officials accountable in the voting booth.

    • Yes, people should use their voting power to stop this insanity. Only catch here is that most of the people are coming to vote after watching some TV news/shows with the same prosecutor, and not after reading Slashdot. These same people then are found sitting in the jury box, listening to the same prosecutor, who then colorfully portrays the defendant as a master criminal, evil genius hacker on the level of Bond's villains. And the wheel continues to roll.

      It is sad for me to say, but I think that it'll tak
    • Re: (Score:2, Insightful)

      by swalve (1980968)
      Easiness of access doesn't mean that access is allowed. It's not a zero sum game. If I leave my house unlocked and it gets ransacked, I'm an idiot and deserve blame for the trouble. But the person doing the ransacking doesn't lose any of the blame for his own part.
    • by fatphil (181876) on Wednesday January 23, 2013 @10:47AM (#42669797) Homepage
      There's history. Humans aren't allowed to hand-edit URLs now, according to the US legal system. The first case I remember was someone going up a directory tree, and then playing clicky with the other directories he found.

      In that case, and this, every single 'GET' request they were complaining about was one which was responded to with data, not a 403 (or other) error. In my view, as someone with a technological bent, that means that their webserver had vetted the request, and decided that the access was authorised. And therefore not 'unauthorised'.

      Due to the lack of any consideration, this isn't contract law. But you're right, it certainly shouldn't be criminal to edit a URL, or to accept (which is what the client does) what is freely offered (which is what the server does). The courts don't seem to understand that *the server is in control*, it is *responsible for everything that gets transmitted* - that's its sole job.
  • Stephen Heymann (Score:4, Insightful)

    by andydread (758754) on Wednesday January 23, 2013 @06:13AM (#42667565)
    Stephen Heymann is to "computer crime" prosecutorial zealotry like China is to Expionage hacking.
    Stephen Heymann is the poster child for this kind of overreach when it comes to prosecuting so called "computer crimes"
    He has written papers and lobbied for more harsher penalities and easier access to data without a warrant to prosecute "computer criminals"
  • Attaching your name to things is vanity.

    Next time you find something amusing, dump it on /b/, post it as fiction, and enjoy the show.

  • Bought Influence (Score:3, Interesting)

    by slimdave (710334) on Wednesday January 23, 2013 @06:54AM (#42667743)
    $5.3 Million in political contributions from AT&T? http://www.opensecrets.org/orgs/summary.php?id=D000000076 [opensecrets.org]. I doubt that Andrew can match that level of purchased justice.
  • by tsa (15680) on Wednesday January 23, 2013 @07:07AM (#42667805) Homepage

    Here in the Netherlands we had a similar thing just before Christmas. Someone had altered a URL on the website of our monarchy and in this way found the Queen's Christmas speech that was to be broadcasted on Christmas Day (logically). He made that public and there was some consternation about whether or not this was a punishable act, but mainly about how our government fails in securing their internet activities tima and time again. The person who had found the speech was not prosecuted and the speech was broadcasted as planned.

  • Just deserts (Score:5, Interesting)

    by symes (835608) on Wednesday January 23, 2013 @07:10AM (#42667823) Journal

    As far as I know - this guy highlighted a security flaw that exposed private data to the world. This meant he knew that that data was private and should not be maliciously exploited. He then wrote an application that accessed that data maliciously. The first bit is laudable. The second bit is as stupid as it gets given that he'd just told the company this sensitive data was exposed.

    • by Sockatume (732728)

      In what way was his access malicious? The word means "with harmful intent" - intent, mind you, not effect, although I don't believe any actual harm has been demonstrated either.

  • Was AT&T prosecuted? (Score:4, Interesting)

    by SmallFurryCreature (593017) on Wednesday January 23, 2013 @07:10AM (#42667825) Journal

    Under EU law at least AT&T would be in trouble for violating privacy laws, they didn't protect private customer data and that is a violation.

    So what was the reason this guy who went to a reporter (not just published the list or sold it) prosecuted? And why is there no link of said reporter defending his source?

    This case could not have happened in say my own country. There have been cases were it was TRIED but the judges slapped it down hard. So... what part is missing from the story (we are reading just one side of it) or is the US really that different? I can't imagine the US has no privacy laws at all that AT&T would not have violated by making data so easely available. Can't someone bring a case against AT&T? Making this guy evidence in a far great case, possibly worth some outrageous sum in a settlement and worthy as a bargaining chip to get this case dropped?

    What is missing from this story? Because on its own it seems to make no sense. Why should AT&T risk bad publicity when a simple "don't do that again" would have buried the story years ago.

  • by CuteSteveJobs (1343851) on Wednesday January 23, 2013 @07:24AM (#42667893)
    Federal Prosecutor Oritz said Aaron's suicide won't change how she handles cases:
    http://bostonherald.com/news_opinion/local_coverage/2013/01/ortiz_says_suicide_will_not_change_handling_cases [bostonherald.com]

    And Assistant United States Attorney Stephen Heymann 'drove another hacker Jonathan James to suicide in 2008 after he named him in a cyber crime case':
    http://www.dailymail.co.uk/news/article-2262831/Revealed-Aaron-Swartz-prosecutor-drove-hacker-suicide-2008-named-cyber-crime-case.html [dailymail.co.uk]

    Here are some other grubby cases Oritz has been involved in: http://whowhatwhy.com/2013/01/17/carmen-ortizs-sordid-rap-sheet/ [whowhatwhy.com]

    Ortiz’s husband attacked the Swartz family on Twitter: "Truly incredible that in their own son's obit they blame others for his death and make no mention of the 6-month offer ... 6 months is not 35 years or lifetime" What an asshole.
    http://www.boston.com/business/innovation/blogs/inside-the-hive/2013/01/15/attorney-carmen-ortiz-husband-attacks-swartz-family-twitter/vzxbY5lrrG7BvGjQGnNDtJ/blog.html [boston.com]
    http://twitchy.com/2013/01/15/husband-of-mass-attorney-general-deletes-twitter-account-after-defending-prosecution-of-aaron-swartz/ [twitchy.com]

    There are "We the people" petitions to remove both Orirz and Heryman, but don't hold your breath. She is an Obama appointee and Heymann's father is a Clinton staffer. How about Someone in the press corps ask Obama what he thinks of his appointees killing off bright young kids?
    https://petitions.whitehouse.gov/petition/remove-united-states-district-attorney-carmen-ortiz-office-overreach-case-aaron-swartz/RQNrG1Ck [whitehouse.gov]
    https://petitions.whitehouse.gov/petition/fire-assistant-us-attorney-steve-heymann/RJKSY2nb?utm_source=wh.gov&utm_medium=shorturl&utm_campaign=shorturl [whitehouse.gov]

    Civil liberties attorney Harvey Silverglate said of Aaron: "He was being made into a highly visible lesson, He was enhancing the careers of a group of career prosecutors and a very ambitious — politically-ambitious — U.S. attorney who loves to have her name in lights.” http://news.cnet.com/8301-13578_3-57564212-38/prosecutor-in-aaron-swartz-hacking-case-comes-under-fire/ [cnet.com]

    The problem is Federal Prosecutors pick a career-building target and then shop for a crime. Big Criminals are too much work, but small fry like Aaron don't have the resources to fight back so all they have to do is bully them into taking a plea bargain and then bask in the glory. It's been going on for a long time and many people have been swallowed up, but the media usually never reports it:
    http://books.google.com/books?id=Tu5RB6YHf10C&pg=PP1&lpg=PP1&ots=51Ya4U8XFt&dq=lynch+in+the+name+of+justice [google.com] (Go to page 43 of this Google Books preview).
    • by Rogerborg (306625)
      You know what they say. Kill one nerd and you're a monster. Kill a hundred and you're ready to be the Attorney General.
  • by flimflammer (956759) on Wednesday January 23, 2013 @07:28AM (#42667911)

    This guy is nothing but an attention whoring internet troll. He did what he did for nothing more than to try to publicly shame AT&T in the most irresponsible way possible, and generally goes out of his way to cause trouble all over the internet. He had no sense of care for the data he was putting under the public spotlight instead of sensibly disclosing the vulnerability to AT&T. For him to suggest he did because of AT&T's "egregiously negligence" yet chose himself to make the most egregiously negligent response is hypocritical to say the least.

    I have no sympathy for this Weev guy. Do not liken his situation to Aaron Swartz. That would be doing a massive disservice to his memory. Tools like this should get what is coming to them.

    • by eldavojohn (898314) * <eldavojohn AT gmail DOT com> on Wednesday January 23, 2013 @07:59AM (#42668113) Journal
      Yeah and, if what I read on wired [wired.com] is true, this guy should probably get the book thrown at him:

      Spitler: I just harvested 197 email addresses of iPad 3G subscribers there should be many more weev: did you see my new project?

      Auernheimer: no

      Spitler: I’m stepping through iPad SIM ICCIDs to harvest email addresses if you use someones ICCID on the ipad service site it gives you their address

      Auernheimer: loooool thats hilarious HILARIOUS oh man now this is big media news is it scriptable? arent there SIM that spoof iccid?

      Spitler: I wrote a script to generate valid iccids and it loads the site and pulls an email

      Auernheimer: this could be like, a future massive phishing operation serious like this is valuable data we have a list a potential complete list of AT&T iphone subscriber emails



      Spitler: I hit fucking oil

      Auernheimer: loooool nice

      Spitler: If I can get a couple thousand out of this set where can we drop this for max lols?

      Auernheimer: dunno i would collect as much data as possible the minute its dropped, itll be fixed BUT valleywag i have all the gawker media people on my facecrook friends after goin to a gawker party

      At one point the two discussed the legal risks of what they were allegedly doing:

      Spitler: sry dunno how legal this is or if they could sue for damages

      Auernheimer: absolutely may be legal risk yeah, mostly civil you absolutely could get sued to fuck

      At the same time, others on the IRC chat allegedly discussed the possibility of shorting AT&T’s stock.

      Pynchon: hey, just an idea delay this outing for a couple days tommorrow short some at&t stock then out them on tuesday then fill your short and profit

      Rucas: LOL

      Auernheimer: well i will say this it would be against the law for ME to short the att stock but if you want to do it go nuts

      Spitler: I dont have any money to invest in ATT



      Auernheimer: if you short ATT dont let me know about it

      Spitler: IM TAKIN YOU ALL DOWN WITH ME SNITCH HIGH EVERYDAY

      In the wake of news stories about the breach, they allegedly discussed their failure to report the vulnerability to a “full disclosure” mailing list, as well as the opportunity to push their Goetse Security business as a result of the breach:

      Nstyr: you should’ve uploaded the list to full disclosure maybe you still can

      Auernheimer: no no that is potentially criminal at this point we won

      Nstyr: ah

      Auernheimer: we dropepd the stock price

      Auernheimer: lets not like do anything else we fucking win and i get to like spin us as a legitimate security organization

      Sound like some classy fellows there. It's a shame for Swartz that he's being lumped in with this guy. At some point, I hope Slashdot pulls its collective head out of its own ass and realizes that these aren't black and white issues and stops comparing them to things that were like the Civil Rights Movement. Auernheimer: "this could be like, a future massive phishing operation serious like this is valuable data we have a list a potential complete list of AT&T iphone subscriber emails" ... yeah, no criminal intent there.

  • by Dcnjoe60 (682885) on Wednesday January 23, 2013 @07:32AM (#42667955)

    Fascism

  • Here's what I've learned recently: If I ever discover a major security hole, do not even attempt to release it responsibly. Instead, layer up behind some proxies and Tor and leak it into a blackhat forum or IRC channel. That way the security hole will eventually get fixed, and I can't be prosecuted.

    • by scotts13 (1371443)

      Or, shut the heck up and forget you ever saw it. I've done EXACTLY the kind of "hacking" they're talking about; sometimes out of curiosity, more often just trying to get past a broken link. I recall about 10 years ago I came across a list of USN ballistic missile sub deployments... don't know if it was classified, but I backed out of there fast, wiped the browser history and cache, and kept my mouth shut (well, until now).

  • by nstlgc (945418) on Wednesday January 23, 2013 @09:20AM (#42668805)
    Andrew Auernheimer, aka 'weev', former president of the trolling group GNAA, was not doing this out of some kind of altruism. He did not do this to point out the vulnerability. By his own admittance, "[he] did this because [he] despised people [he] think[s] are unjustly wealthy and wanted to embarass them."

    If you think Auernheimer is anything like Aaron Swartz, think again.
  • by Joe_Dragon (2206452) on Wednesday January 23, 2013 @09:31AM (#42668917)

    We need tech jury's and better jury's pay.

    In a lot of places jury pay is way under min wage and some people can't just pay to miss work for a long trial.

    Also there are a lot's of tech cases where a jury made up people who know about tech is needed and the system that we have now may have so you only get 1 person on the jury that knows about IT and can drive there views on to the full group.

  • by MobyDisk (75490) on Wednesday January 23, 2013 @09:54AM (#42669153) Homepage

    We need a responsible disclosure law. Following the law should do two crucial things: 1) indemnify the security researcher and 2) indemnify the company if they fix the problem in some reasonable amount of time. Not following the law should leave you at the mercy of the courts.

    The law could require the researcher to notify the company/organization, or allow them to notify some responsible body like CERT or the FBI. If the problem is not fixed by some deadline, then the researcher should be able to disclose or sell the information as they choose with no criminal charge or liability.

"Everything should be made as simple as possible, but not simpler." -- Albert Einstein

Working...