In Swartz protest, Anon hacks U.S. site, threatens leaks

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://news.cnet.com/8301-1009_3-57566016-83/in-swartz-protest-anon-hacks-u.s-site-threatens-leaks/

In response to the death of tech activist Aaron Swartz, hacktivist
collective Anonymous hacked a U.S. government Web site related to the
justice system and posted a screed saying it would begin leaking a
cache of government documents if the justice system is not reformed.

The group hacked the Web site for the United States Sentencing
Commission late Friday, posting a message about what it's calling
"Operation Last Resort," along with a set of downloadable encrypted
files it said contain sensitive information. The sentencing commission
is the caretaker of the guidelines for sentencing in U.S. federal
courts.

"Two weeks ago today, a line was crossed," the group's statement
reads. "Two weeks ago today, Aaron Swartz was killed. Killed because
he faced an impossible choice. Killed because he was forced into
playing a game he could not win -- a twisted and distorted perversion
of justice -- a game where the only winning move was not to play."

The recent suicide of Swartz, a proponent of freely accessible
information, has been blamed by some on what they say were
outrageously aggressive efforts on the part of the U.S. Attorney in
Massachusetts to punish Swartz for his alleged theft of millions of
articles from a database of academic journals. The 26-year-old Swartz,
who struggled with bouts of depression, had been charged with 13
felonies and threatened with decades in prison and fines exceeding $1
million. U.S. Attorney Carmin Ortiz says Swartz's lawyers were also
offered a plea bargain in which he'd plead guilty and serve perhaps
six months.

Anonymous encouraged its followers to download the files on the hacked
site, a set of nine downloads named after the U.S. Supreme Court's
nine justices and collectively referred to by the hacking collective
as a "warhead."

"Warhead-US-DOJ-LEA-2013.AEE256 is primed and armed. It has been
quietly distributed to numerous mirrors over the last few days and is
available for download from this website now. We encourage all
Anonymous to syndicate this file as widely as possible."

The group wouldn't specify what, exactly, is in the files, saying only
that "the contents are various and we won't ruin the speculation by
revealing them. Suffice it to say, everyone has secrets, and some
things are not meant to be public. At a regular interval commencing
today, we will choose one media outlet and supply them with heavily
redacted partial contents of the file."

The contents of the encrypted files can apparently be accessed only
with a decryption key, and Anonymous said it didn't necessarily want
to provide that key to its followers -- it mentioned "collateral
damage" as a result of any leaks and said: "It is our hope that this
warhead need never be detonated." But the group said the U.S.
government must begin acting on reforms to the justice system
suggested by the system's critics, and in spelling out its demands
more specifically, it mentioned plea bargaining and suggested the
overhaul of legislation such as the mid-1980s antihacking law titled
the Computer Fraud and Abuse Act.

 ...in order for there to be a peaceful resolution to this crisis,
certain things need to happen. There must be reform of outdated and
poorly-envisioned legislation, written to be so broadly applied as to
make a felony crime out of violation of terms of service, creating in
effect vast swathes of crimes, and allowing for selective punishment.
There must be reform of mandatory minimum sentencing. There must be a
return to proportionality of punishment with respect to actual harm
caused, and consideration of motive and mens rea [criminal intent].
The inalienable right to a presumption of innocence and the recourse
to trial and possibility of exoneration must be returned to its sacred
status, and not gambled away by pre-trial bargaining in the face of
overwhelming sentences, unaffordable justice, and disfavourable odds.
Laws must be upheld unselectively, and not used as a weapon of
government to make examples of those it deems threatening to its
power.

The group said it had acquired the files by compromising various
government Web sites and installing "leakware," which it has since
removed to cover its tracks.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.