BreachExchange mailing list archives
Former Tribune staffer denies giving hackers log-in credentials
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Thu, 21 Mar 2013 12:58:47 -0400
http://www.networkworld.com/news/2013/032113-former-tribune-staffer-denies-giving-267950.html IDG News Service - Former Tribune Company employee Matthew Keys has denied giving a username and password to anyone, or conspiring to cause damage to a protected computer. Keys was charged with one count each of conspiracy to cause damage to a protected computer, transmission of malicious code and attempting to transmit malicious code, according to a federal indictment filed last week in the U.S. District Court for the Eastern District of California. He was previously employed as a Web producer for television station KTXL Fox 40 in Sacramento, which is owned by Tribune, but was terminated in October 2010. In December that year, Keys is alleged to have given log-in credentials to the content management system (CMS) of the Tribune Group to members of hacker group Anonymous, and encouraged them to disrupt the website, the Department of Justice said. He is alleged to have used the nickname "AESCracked" for his IRC (Internet Relay Chat) communications with members of Anonymous. At least one of the computer hackers used the credentials provided by Keys to log into the Tribune Company server, and made changes to the Web version of a Los Angeles Times news feature, according to DOJ. In a Facebook post on Wednesday, Keys denies the charges. He wrote: I did not give a username and a password to anyone. I did not "conspire" to "cause damage to a protected computer." I did not cause "transmission of malicious code," and I did not "attempt" to cause "transmission of malicious code." Keys, who faces up to 25 years in jail, said his attorneys have said much the same in the past few days, but he felt it might mean more if it came from him directly. The indictment against Keys has been criticized by online rights groups. It comes after thesuicide in January of Internet pioneer and activist Aaron Swartz, who faced charges before his death for allegedly accessing and downloading over 4 million articles from the JSTOR online database through the network of the Massachusetts Institute of Technology. If convicted, Swartz could have faced up to 35 years in prison and a fine of US$1 million, which was seen as too disproportionate a sentence. The case "underscores how computer crimes are prosecuted much more harshly than analogous crimes in the physical world," said the Electronic Frontier Foundation about Keys' indictment. The EFF said physical vandalism like spray painting graffiti on a freeway sign can be punished under California state law either as a misdemeanor--which comes with a maximum of a one year sentence--or a felony which carries a sentence of 16 months, 2 years or 3 years. However, one of the counts on which Keys has been charged, which related to altering content of a news article, is a felony with a maximum punishment of five years in prison under the Computer Fraud and Abuse Act, EFF said last week. John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John's e-mail address isjohn_ribeiro () idg com _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges.
Current thread:
- Former Tribune staffer denies giving hackers log-in credentials Erica Absetz (Mar 21)