Being crass should not be a crime, but that’s essentially what Andrew Auernheimer was convicted of. This was the case where AT&T accidentally published the emails and device ideas of the first iPad customers. Andrew downloaded them and published proof of the problem to Gawker. His “coconspirator” pled guilty, testified against Andrew, and provided private emails to prosecutors that “proved” Andrew’s bad intentions. These emails disclose things like Andrew talking about stealing the information and wanting to profit from the event. That made his simple actions look very nefarious.
But that’s how we in the cybersec community always talk. When we find cybersec problems, we dream of the worst ways we can be horrible people and exploit them. If you listened to any of our private conversations, you’d be convinced that we were all secretly one step away from triggering World War III.
I’m pretty sure had I been in Andrew’s place, the prosecutors would’ve found much worse to hang me by. Indeed, you’ll find much in my public Twitter feed and blog posts to convict me of. When the Mars Curiosity Rover landed last August, and the first pictures arrived from the planet, I was about to tweet the URL to view those pictures. But the site was already failing under the load of all the nerds worldwide getting those pictures. Therefore, I changed my tweet to comment on the fact that this was essentially a DDoS attack – the sort of attack that activists do against large corporations they don’t like. I therefore made the humorous tweet “Join our DDoS against NASA and click” on their website.
Of course, I’m not against NASA, nor do I think anybody else is. I can’t imagine why anybody would want to DDoS them. It should be obvious that my tweet is humor. But, prosecutors taking this out of context might use it to try to convict me, to prove to jurors of my evil intent.
Robert Graham, “Context matters: we only appear to be blackhats”
F-Secure has a good, quick, overview of the recent attacks against Facebook, Twitter, and (presumably) other mobile developers. Significantly, we’re seeing an uptick in attacks against developers rather than just against platform manufacturers. The significance? Even though the phone OS may be ‘secure’, the applications you’re loading onto those devices may have been compromised at inception.
Smartphones: the source of anxiety and worry for IT managers that keeps on going.
It saddens me that America’s so-called government for the people, by the people, and of the people has less compassion and enlightenment toward their fellow man than a corporation. Having been a party myself to subsequent legal bullying by other entities, I am all too familiar with how ugly and gut-wrenching a high-stakes lawsuit can be. Fortunately, the stakes in my cases were not as high, nor my adversaries as formidable as Aaron’s, otherwise I too might have succumbed to hopelessness and fear. A few years ago, I started rebuilding my life overseas, and I find a quantum of solace in the thought that my residence abroad makes it a little more difficult to be served.
Bunnie Huang, “A Moment of Silence for Aaron Swartz”
No, really, no joke: a Japanese hacker is playing with the authorities. The latest gambit involved attaching an SD card with malware code to a cat’s collar. Authorities still have no clue who designed the software or who the individual(s) is/are.