Former Tribune staffer denies giving hackers log-in credentials

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.networkworld.com/news/2013/032113-former-tribune-staffer-denies-giving-267950.html

IDG News Service - Former Tribune Company employee Matthew Keys has
denied giving a username and password to anyone, or conspiring to
cause damage to a protected computer.

Keys was charged with one count each of conspiracy to cause damage to
a protected computer, transmission of malicious code and attempting to
transmit malicious code, according to a federal indictment filed last
week in the U.S. District Court for the Eastern District of
California.

He was previously employed as a Web producer for television station
KTXL Fox 40 in Sacramento, which is owned by Tribune, but was
terminated in October 2010.

In December that year, Keys is alleged to have given log-in
credentials to the content management system (CMS) of the Tribune
Group to members of hacker group Anonymous, and encouraged them to
disrupt the website, the Department of Justice said. He is alleged to
have used the nickname "AESCracked" for his IRC (Internet Relay Chat)
communications with members of Anonymous.

At least one of the computer hackers used the credentials provided by
Keys to log into the Tribune Company server, and made changes to the
Web version of a Los Angeles Times news feature, according to DOJ.

In a Facebook post on Wednesday, Keys denies the charges.

He wrote: I did not give a username and a password to anyone. I did
not "conspire" to "cause damage to a protected computer." I did not
cause "transmission of malicious code," and I did not "attempt" to
cause "transmission of malicious code."

Keys, who faces up to 25 years in jail, said his attorneys have said
much the same in the past few days, but he felt it might mean more if
it came from him directly.

The indictment against Keys has been criticized by online rights
groups. It comes after thesuicide in January of Internet pioneer and
activist Aaron Swartz, who faced charges before his death for
allegedly accessing and downloading over 4 million articles from the
JSTOR online database through the network of the Massachusetts
Institute of Technology. If convicted, Swartz could have faced up to
35 years in prison and a fine of US$1 million, which was seen as too
disproportionate a sentence.

The case "underscores how computer crimes are prosecuted much more
harshly than analogous crimes in the physical world," said the
Electronic Frontier Foundation about Keys' indictment.

The EFF said physical vandalism like spray painting graffiti on a
freeway sign can be punished under California state law either as a
misdemeanor--which comes with a maximum of a one year sentence--or a
felony which carries a sentence of 16 months, 2 years or 3 years.
However, one of the counts on which Keys has been charged, which
related to altering content of a news article, is a felony with a
maximum punishment of five years in prison under the Computer Fraud
and Abuse Act, EFF said last week.

John Ribeiro covers outsourcing and general technology breaking news
from India for The IDG News Service. Follow John on Twitter at
@Johnribeiro. John's e-mail address isjohn_ribeiro () idg com
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.