Hacker News new | past | comments | ask | show | jobs | submit login
16 Arrested as F.B.I. Hits the Hacking Group Anonymous (nytimes.com)
80 points by liuwei6 on July 20, 2011 | hide | past | favorite | 85 comments



In the San Jose case, all 14 suspects are accused of using a free program called Low Orbit Ion Cannon

...

When you have a decentralized group,” Ms. Granick said, “the question is, Are there big fish, and are any of these people big fish?”

No.

They're basically going to ruin a few kids' lives in order to deter other kids from "hacking" with things like LOIC.


> They're basically going to ruin a few kids' lives in order to deter other kids from "hacking" with things like LOIC.

They'll get probation is it's their first offense. Judges do have brains you know, and don't toss people in jail (or fine them) just because the prosecution wants them to.

But I doubt it'll go to trial. The prosecution will get lots of media out it (which is all they really want). Then they'll offer a plea bargain deal with probation, and that'll be all.


Have you seen the ages of the people arrested, I wouldn't say many of them are 'kids', one was i believe like 42, another 36 and another 32.. This from 'fox news':

"The department identified the suspects in the California indictment as Christopher Wayne Cooper, 23, aka “Anthrophobic;” Joshua John Covelli, 26, aka “Absolem” and “Toxic;” Keith Wilson Downey, 26; Mercedes Renee Haefer, 20, aka “No” and “MMMM;” Donald Husband, 29, aka “Ananon;” Vincent Charles Kershaw, 27, aka “Trivette,” “Triv” and “Reaper;” Ethan Miles, 33; James C. Murphy, 36; Drew Alan Phillips, 26, aka “Drew010;” Jeffrey Puglisi, 28, aka “Jeffer,” “Jefferp” and “Ji;” Daniel Sullivan, 22; Tracy Ann Valenzuela, 42; and Christopher Quang Vo, 22. One individual’s name has been withheld by the court.

Read more: http://www.foxnews.com/scitech/2011/07/19/exclusive-fbi-sear...


A fox news link? Surely there must be something more credible somewhere.


But then it would be on their record, wouldn't it?


Yah. You can sometimes get those purged if you complete the probation without issues. It depends on the judge I guess.


It's not clear from that description that they have people who are members of a group in any meaningful sense at all, versus just random people who downloaded/used the app.


I forked it on GitHub. Should I worry?


No. Were you serious? Just downloading it is not illegal - it's using it to DOS someone that is illegal.

You can even DOS your own site with it and be fine. Just not someone else.


"..even DOS your own site with it and be fine"

What if there are other sites/services are hosted on the same physical box?


Then it's not "yours", you are renting it, and whoever you bought hosting from specifically disallowed you to do that, and then you shouldn't.


Their lives aren't going to be ruined, especially if they're a minor. However, they took part in shutting down a business temporarily and need to be punished.


Hmmm... it seems like the FBI decided to go after some low hanging fruit. People using Low Orbit Ion Cannon are probably not the brains of the operations. And arresting a bunch of people who have no influence probably gives validation to the message of anonymous and lulzsec.


It will also scare the shit out of the kids who thought that they're "anonymous" and safe from prosecution.

It's not the severity of the punishment that deters from committing crimes, but rather the inevitability.


Isn't this the same strategy that the RIAA and MPAA used? And as far as I can tell it did not work very well.


Getting served by the RIAA or MPAA was far from inevitable. Also, your parents can't serve your jail sentence the same way they can pay your legal settlements.


I think it worked really well. Think about who used Limewire 8 years ago, and who uses BitTorrent now. I think swaths of people stopped pirating after the RIAA suits.


I think Apple and Amazon has had a bigger impact on pirating than any lawsuit. Most people seem to forget that the average price of a CD back then was $16-20. You could get the new albums for $10 but most of the back catalog stuff was priced way above what the market would bear.

Now, with subscriptions, better pricing models, and streaming you have access to more music than you could possibly listen to in a lifetime. The lawsuits did have an impact, it made people more selective and secretive about their activities. Instead of torrenting off public trackers people went to private trackers, newsbin, or LAN sharing (the last option was especially big on university campuses).


I think Youtube helped kill limewire off as well.

Why download a song when u can do a quick search and listen instantly to whatever? I havent downloaded anything in years and use youtube on my desktop and iphone(pandora, last.fm, vevo and others too).


A civil suit requiring a long string of evidence where the likely worst outcome is a fine is not the same as criminal felony charges that could carry jail time and result in a felony record for the rest of your life.


The criminal felony charge requires a much greater burden of proof for conviction.


Criminal charges definitely require a higher level of proof but for these examples I think that a conviction is more certain.

In the file sharing case consider what they need to prove: they need to establish that a file not only looks like it contains infringing material (e.g. a copy of a movie) but that it actually does. They need to prove that the defendant willfully downloaded the file at a particular point with the intention of violating copyright, which requires identifying the user via IP and establishing that the particular defendant's computer was using that IP at the time the transfer took place. In many such cases the defendant's computer has not been seized and can't be used as evidence.

Now look at the case for a LOIC DDoS prosecution. On the one hand you have the evidence from the targeted site, which consists of server logs, router logs, and ISP traffic logs which (as above) can tie the defendant to the DoS incident. On top of that you likely have IRC logs of the organization of the DoS, these even more uniquely identify the defendant since they include information unlikely to be duplicated on another user's computer. Also, because this is a felony criminal case it's likely that the defendant's computer's have been seized. That provides an additional depth of evidence, such as if the computer's have LOIC installed, if they still have local IRC logs which can be tied together with other evidence, etc. Additionally, a DoS attack has an unusual signature in that it represents a lot of upstream traffic from a client, there will be evidence of that signature in the ISP's logs and on the client computer itself (cached dns entries, up/down traffic data, etc.)

On the whole I think the DoS case is likely much easier to prosecute than the file sharing case, despite the higher burden of proof.


They need to prove that the defendant willfully downloaded the file at a particular point with the intention of violating copyright

No, all that is needed to prove is "making available". Even if you ripped your legally purchased CDs, and then installed Kazaa, which then detected the mp3s on your computer, and then began sharing them, without your knowledge, you would still be liable.

Infringement really has nothing to do with intent unless you are attempting to argue fair-use.

http://en.wikipedia.org/wiki/Capitol_v._Thomas


Maybe the idea is to scare people off from participating in LOIC bombings in the future?


The temporary DDoS attacks really aren't their main concern, however. The infiltration of companies and dumping of their data is a much more serious risk. Given that this all took place in 2010, we'll see if they arrest anyone from LulzSec in a year or so. My guess is no. I have no doubt that the NSA could probably track them down if they wanted to, but that's way outside their scope of interest, and the FBI just doesn't have the capability.


It might do that, but it won't make very much difference. Who brings down sites: a couple of people with LOIC or hundreds of people with LOIC and a handful with actual substantial botnets under their control.


Agreed on all counts.

IMO, these arrests will deter some, as intended. I think it'll also motivate coders/hackers to write more sophisticated tools--maybe something like bittorrent + TOR + LOIC, maybe with an installer fired off from an email attachment that'd only work if the user opened up certain ports.


Criminals is criminals.


Slave mentality is slave mentality.


Don't be absurd.


Don't confuse the intensional with the extensional.


I wonder if this Reddit thread: http://www.reddit.com/r/AskReddit/comments/iu93n/fbi_raided_...

Is the unnamed suspect (I would guess due to being a minor).


I would assume that the person is a troll. I don't see them having any significant proof for such a significant claim.


I think it's really strange how the father of the minor went onto Reddit to discuss what happened. And somewhat naive if this is a significant FBI investigation.


I find it hard to believe they would enter a house with 20 armed agents to arrest someone who did not commit an act of violence.


America is a terribly strange and terrifying place to those that didn't grow up there.


The suspects, in 10 separate states, are accused of conspiring to “intentionally damage protected computers.”

This seems to relate to refer to Title 18, Part I, Chapter 47, § 1030, Part a) 5) A):

knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

http://www.law.cornell.edu/uscode/18/1030.html

There was quite a bit of debate during the December DOS's about what you could even charge folks with. This seems to be their answer. You can indict for almost anything, though, as grand juries are notoriously easy especially in technical cases.

I find it hard to believe a judge would actually buy slowing a computer down equals damage. If that was the case people who maliciously search too often. Smells like plea bargain bait at best to me, what US Attorney would want to try that?


> ...a judge would actually buy slowing a computer down equals damage...

cough flash ads cough


Vista


Intent is the obvious differentiator. Intentionally abusing a system with the intent of taking it down and causing damage should be illegal.


Ask Aaron Schwartz.


And mounting an attack is..., with the right skills, relatively simple.

Do people think any more? Yeah, driving a formula one car is, with the right skills, relatively simple.

Anything is simple from the perspective of the person who has invested time to learn how to do it.


Right, but LOIC actually is ridiculously simple. You either enter the url of the server that's doing the fire control, or just enter the url of your target and click "fire lazorz". It's built to be used by masses of /b/tards, so simplicity is a key design choice.


PayPal has very good personal contacts at FBI due to FBI's interest in payment fraud. So attacking PayPal from the US will more likely lead to FBI action than attacking any other similarly sized consumer website.


I think this article summaries the whole big fish, small fish, decentralized discussion: http://risky.biz/anonymous


Am I the only one bothered by the fact that the New York Times just said "lulz" (as in LulzSec) with a straight face?


Hate to say it...but they brought this on themselves.


Seven proxies couldn't hold them back.


The fact that hackers are burned at the stake and made an example of, in America for crimes similar to 'reckless blocking of a store Entrance' is what will make our networks weak and feeble against the (100 to 1) army of professional hackers in India and China.

But I suppose if we get hacked by other nations we'll just get our hackers together and with their mad elite skills, will stop them. right? right guys? Oh yeah, PS, America has a massive shortage of security experts, if you are interested in hacking, call the FBI, they need you.


Apparently now a 16 year old was arrested in London. He is supposedly a prominent member of Lulzsec: http://www.foxnews.com/scitech/2011/07/19/leading-member-lul...

Apologies for the source, every other source just points to this one at the moment.


Then how do we know it's even true?


You wait until better sources are available. Like this one

http://www.telegraph.co.uk/technology/news/8649621/Teen-accu...


Recruitment?


What do they need with child script kiddies who completely lack common sense?


get them to hack China?


Anonymous civil disobedience just gives the powers-that-be the excuse to arrest anyone they choose.


Civil disobedience usually requires that you perform your action openly and notoriously. Running a program in your home and using an alias hardly qualifies.

Seriously, you're defending DDoS attacks?


You might say that being open and notorious is required for effective civil disobedience, but this is clearly still civil disobedience. (And consequently criminal.)

Personally, I find nonviolent resistance perfectly defensible for a just cause. Why do you suggest it's indefensible?


I don't buy your argument at all. For one thing, you can apply it to almost any instance of mob action against some other party. Is that really what you'd like to see?

I also don't buy your argument that it's nonviolent. By DDoSing a site, your interfering in the legal activity of the target and some outside party. Apply that same principle to the real world and you suggest that it's perfectly reasonable for someone to trespass into a commercial establishment, obstruct the interactions of patrons with staff, and otherwise use resources that are set aside for paying customers.

Since I depend on the availability of these sites, I'm not so enamored with folks who interrupt MY work just for laughs. I'm doubly irritated with people who call it "justified". That smacks of one-sided righteousness and anarchy.

If you believe in your cause, show your face. Make your case.


Would you still be against a group of people (non-violently) disrupting a business if that business illegally denied you service because of your race? Wouldn't you want the community to stand up for your rights?

I'm not defending the actions of the LOIC users, I don't think they are doing quite the same thing but it's close. If the balance of power is off then it is up to the community to try and put it back in place, as another commenter has posted one particularly successful method in the past has been the sit-in. Just as it's not ok for any mob to do whatever they want to a business, it's not ok for any company to do whatever they want to a community.


You're comparing apples and oranges, and using straw man attacks. PayPal did not ban them on the basis of their race. PayPal was perfectly within the law to do what they did.


Right. Paypal banned them because a 3rd party decided to use their privileged position working for the government to copy a bunch of classified files, and send them to Wikileaks.


Segregation was completely legal in many public and private sites. Those uppity kids breaking the law needed to get jail time for it.


everything you've posted here also applies to sit ins: http://en.wikipedia.org/wiki/Sit-in

the question of whether these guys should have been arrested is distinct from whether they're justified, which is distinct from whether ddos could ever be considered civil disobedience.


The people who participate in sit-ins are IDENTIFIABLE. It's often the whole point that you show your face and identify yourself as an aggrieved party.

Furthermore, lots of those folks get arrested. It's exactly the point that you force the state to take you into custody and deal with you as a means of overwhelming them with otherwise law-abiding citizens.

SO...I don't agree with your assertion that it's the same thing. It's a manifestly different thing.


I don't think that analogy is fair. It's a denial of service. It's similar to going into an Apple Store or any other store, and blocking customer checkout registers, preventing customers from paying and receiving their goods. But instead of affecting 30 customers for that one store, you're affecting millions of customers.


but that's exactly what the greensboro lunch counter sit-ins were (http://en.wikipedia.org/wiki/Greensboro_sit-ins). they went into woolworth's (the apple store of the day) and blocked service all day. I'm not equating the two by any means, but it does seem weird to say that civil disobedience is ok only if it causes just a small localized amount of inconvenience.


You have a compelling argument.


"civil disobedience is ok only if it causes just a small localized amount of inconvenience"

I never stated that. Personally, I believe it's far more efficient and more ethical to use a court system and support your representatives than disrupt a business illegally. We have courts and representatives for grievances.


Your youth is showing. There's a reason why sit-ins were used in America during the last century to enact change and the courts were part of that problem.


This.

Sit-ins were a LAST resort, not the first. There was a long, long history of unequal treatment and oppression by the state before non-violent resistance was used. More importantly, there was a consistent and protracted political movement that was also underway during the period in question. There was a dialog happening and resistance was used to "encourage" one party to stay in that dialog. Even then, it took almost the entire weight of the federal government to ensure the execution of the will of the political majority long AFTER the decision had been made.

Honestly, I think that making comparisons to the civil-rights movement in the US is just beyond the pale.

Anonymous is a mob; Pure and simple. It's an expression of a small, small minority of people that want to do damage and seek to cloak their actions in civic high-mindedness. I don't believe it for a second. The absolute lack of ANYONE willing to speak for them just proves my point. They embrace mayhem without accountability. Anarchy.

Who wants to live in that world? Not I.


The parent comment is using non-violence to mean the absence of physical violence which seem impossible to argue against. In the most common definitions of violence, DDoSing a site would be as violent as a large protest blocking traffic in the area.


Troll.


I never bought that civil disobediences needs to be committed in the open. Rather, I think that is just one of many forms it can take.

Example of it not being committed in the open, to no negated effect (and arguably greater effect): People anonymously posting "illegal keys" and cryptosystems for export on the internet for others to obtain. The often anonymous nature of their actions emphasizes how the current laws are absurd for being unenforceable when people with the right knowledge choose for them to be unenforceable.


Defending? No. Stating an observation that tyrannical institutions can use Anonymous as a pretense to arrest anyone with a computer. At least in the USA there is a shred of evidentiary requirement, but much of the world is not so lucky.

I suppose it's arguable that Anonymous is acting out of a sense of "Civil Disobedience". Perhaps it's more along the lines of "vandalism". Philosophically speaking, that is.


every act of civil disobedience can be construed as a more petty crime, if you squint. i believe gandi was guilty of loitering but that's not the salient part of his action, philosophically speaking.


Actually civil disobedience is the act of committing a crime for moral, ethical, or conflicting legal reason. And it is salient. The motivation is in part "to commit this crime I seek to prevent or change a worse crime". To say that Anonymous is acting out of a sense of civil disobedience is to say that they are motivated by a cause.

Personally, I have no idea what motivates Anonymous or if they feel morally obligated to act. It's just as likely that they believe they can commit a crime without penalty. The actions of the FBI are, in part, to deter future individuals from participating in Anonymous coordinated attacks by reminding people that they are not that anonymous and there are consequences to one's actions.

Gandhi, King and other activists all were willing to suffer the consequences of their actions. They were motivated by a principle higher than blind obedience after all.


Vandalism?

If I break your window, that's vandalism. If I burn down your home, that's arson.

DDoS attacks I've seen have completely shut down some major sites and had some pretty significant second-order effects. There are real dollars and real problems created for real life individuals who depend on the availability of these systems.

You can justify it all you like but civic action doesn't justify what these people do. It's mob mentality at work and it resembles a riot more than anything else. Innocent people get hurt in riots and no self respecting individual should be involved in one. Virtual or otherwise.


Putting gum in a lock == vandalism == DOS of a physical location. Real dollars are lost etc. in that scenario.

Seriously... please just stop posting. You are strictly putting words in his mouth so you can have something to argue with.


You're trolling, correct? If PayPal shuts down for an hour, it loses a lot of money (transaction costs, administrative costs, paying idle employees, etc.). Not just them, but millions of their customers who rely on PayPal for their business lose out too.


There is no form of protest that does not affect other people and lost revenue is not damage. Your comment reads very mobbish.

You are free to disagree with the opinion of the DDoSers that PayPal punished Wikileaks because of close ties with a vindictive government and therefore deserved a tangible reaction, but you can't go arguing that people should only disagree with you to the extent that you are able to ignore them.


"Your comment reads very mobbish."

Explain what "mobbish" means in the context of my comment. Because I disagree with your position, my comment somehow resembles 'mob' behavior?

"you can't go arguing that people should only disagree with you to the extent that you are able to ignore them"

What does that even mean? Sorry, but that's one huge straw man attack for something I didn't state. You're free to have your own opinion. I did not state otherwise.

Further, you state that I am free to disagree with an opinion, but then you state that I cannot have some opinion that you conjured up some argument on your own to misrepresent my position -- and then attacking that distorted position?


Fair enough.

I wasn't entirely satisfied with the word, but it was close enough. I meant that the words you (and others I read before) chose were of the polarizing variety, the kinds that people end up using in mobs. That is to say, instead of describing the situation at hand, I felt you were describing the closest clearly illegal thing someone could quickly think of, probably because your information was third-hand.

It seemed to me that you felt that the thing these DDoSsers did wrong was that they had an impact on the business of PayPal directly, rather than just the PR of PayPal. Well no, it seemed to me that you wouldn't have agreed with vocal badmouthing either, but that that would have resulted in an entirely different chain of events and so is not worth considering carefully.

If your opinion was not that no company's business should be directly manipulated for policy retribution purposes, I misunderstood. It was my intent to assert that this is not a position I consider valid and that the choice to briefly DDoS PayPal was almost certainly taken after considering less and more radical approaches. I saw no evidence towards the positions I do consider valid, that the retribution was overly severe or wholly unjust.


How so? Cite your source please.


I'm interested to see if the Government throws them away in some max security prison in Colorado or asks them to work along their sides.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: