ACLU files a lawsuit to repeal the Computer Fraud and Abuse Act, used to prosecute Aaron Swartz

The ACLU is suing to repeal parts of the Computer Fraud and Abuse Act (CFAA), a 1980s-vintage hacking law that makes it a felony to "exceed authorization" on a remote computer, and which companies and the US government have used to prosecute researchers who violated websites' terms of service. Read the rest

How crowdfunding helps haters profit from harassment

Meet the professional victimizer.

Appeals court overturns conviction of Andrew “weev” Auernheimer in iPad hacking case

Notorious hacker and troll weev was released from prison this evening. A federal appeals court today overturned his conviction in a case of significance for all security researchers.

Weev exposed a security flaw in AT&T's website and obtained the personal data of more than 100,000 iPad users. He was charged with violating the Computer Fraud and Abuse Act (CFAA), and sentenced to three and a half years in prison. Today's ruling says prosecutors did not have the right to charge him in a state where none of the alleged crimes occurred. Read the rest

Assistant AG admits he doesn't understand what Weev did, but he's sure it's bad

Andrew “weev” Auernheimer is serving a 41-month sentence for visiting a publicly available webpage and revealing that AT&T had not secured its customers' sensitive financial information. Now, weev's lawyers are appealing, and in the opening day's arguments, Assistant US Attorney Glenn Moramarco admitted I don’t even understand what [Auernheimer actually did.]" Then he compared it to blowing up a nuclear power-plant. Read the rest

Victorian Transport Department calls cops on 16 year old for reporting bug that exposed customers' personal data

Last month, around Christmas, a sixteen-year-old Australian named Joshua Rogers living in Victoria told the Transport Department that its Metlink website was exposing the sensitive details of over 600,000 transit users, including "full names, addresses, home and mobile phone numbers, email addresses, dates of birth, and a nine-digit extract of credit card numbers."

He waited two weeks, but after he had not heard from Metlink -- and as the data exposure was ongoing -- he went to the national newspaper The Age, who called the Transport Department for comment. Whereupon the Transport Department called the police, who arrested the teenager.

It may be that the mistake that exposed all this sensitive data was an "honest" one -- after all, there's no experimental methodology for verifying security apart from telling people what you're doing and asking them to poke holes in it. Security is a process, not a product.

But that means that anyone who keeps sensitive public information on hand has a duty to take bug reports about vulnerabilities seriously, and to act on them quickly. Killing (or arresting) the messenger is absolutely unforgivable, not merely because of the injustice to this one person, but because it creates a chilling effect on all future bug-reporters, and not just for your service, but for all of them.

The Transport Department hasn't only unjustly punished an innocent person; it hasn't only weakened its own security; it hasn't only failed in its duty to its customers -- it has struck a blow against the very idea of security itself, and harmed us all. Read the rest

The "cult" of trolls and how to deal with them

Greg Sandoval at The Verge writes about the Internet's indifferent amplification of rape threats and other unacceptable behavior from men. The conundrum is exemplified by Andrew "Weev" Auernheimer, whose stalking and defamation of one woman went unpunished, but who was eventually jailed for specious reasons that made him a cause celebré for internet freedom.

Aurora and other women’s advocates aren’t expecting much change in the current tech environment. They note most websites are operated by men and since few men experience harassment, there isn’t much empathy for this issue. There is also the likelihood that some in tech sympathize more with the abusers. A few victims of online harassment argue that a large section of the tech industry showed where its priorities were by embracing the Free Weev movement.

Sandoval calls them "angry young men", but I don't think this is fair to angry young men. Trolls are only incidentally angry. They're driven by narcissism. It's more about that--the internet-bound inner lives of skilful creeps--than anything that might be called a cult.

But he nailed the the problem: how do we get rid of them without supporting exclusionary systems likely to hurt them least of all? Read the rest

Twitter's Jack Dorsey confesses to criminal violation of CFAA on "60 Minutes" (sort of)

Firedoglake highlights the moment in Jack Dorsey's recent 60 Minutes profile at which the Twitter co-founder effectively copped to violating the Computer Fraud and Abuse Act.

According to some in the US gov, this makes the affable entrepreneur "a greater threat to America than Al-Qaeda."

JACK DORSEY: I found a way into the website, I found a security hole. And –

LARA LOGAN: Is that the same thing as hacking?

JACK DORSEY: It’s uh, yes.

As noted in recent Boing Boing posts, CFAA is the wrong-headed, hacker-panic law involved in the cases of both the late Aaron Swartz and Andrew “Weev” Aurenheimer, who just got 3 years in prison for exposing an AT&T security hole.

(HT: @DanSWright) Read the rest

Weev: Hackers should keep security holes to themselves

Weev. Photo: Gawker

Andrew Auernheimer, aka “weev,” the hacker found guilty last week of computer intrusion for obtaining the unprotected e-mail addresses of more than 100,000 iPad owners from AT&T’s website and passing them to a journalist, has an opinion piece in Wired News today.

Auenheimer, who founded troll group Gay Nigger Association of American and once said "some big Jews" would love to serve him a summons, sees his conviction as an unjust way to AT&T punish the messenger, rather than owning responsibility for a weak system.

In the Wired op-ed, he argues that hackers should forget about disclosure, and keep what they learn of security holes to themselves.


Andrew "Weev" Auernheimer, the Adrian Chen profile Weev convicted: court finds "iPad hacker" guilty of breaching AT&T ... Andrew "Weev" Auernheimer, hacker in AT&T iPad case, on Occupy ... Hacker and internet troll Weev befriends DSK: "We're all like one big ... AT&T iPad hack discoverer arrested Read the rest

Andrew "Weev" Auernheimer, the Adrian Chen profile

Weev. Photo: Gawker

Adrian Chen at Gawker has a must-read profile on Weev: so-called "iPad hacker," founder of the anti-blogging Internet-trolling organization "Gay Nigger Association of America," and born-again Mormon troll. Snip:

For Auernheimer, the AT&T breach was one of his finest works as a troll. He personally didn't hack anything—the program used to collect the email addresses was written by Spitler—except the media. He was the hype man for Goatse, and he claims blew the breach up far beyond its actual significance. "The bug that I'm indicted over isn't a big deal," he says. "What made it big is the way I presented it." He boils down his success at promoting the AT&T job to three bullet points: "Rhetoric, persuasion, and meme reference."

But was collecting the email addresses actually a crime? "If somebody mistakenly puts information out there on the web and somebody mistakenly gets that information, that's not illegal," says Jennifer Granick, a lawyer and the director of the Center for Internet and Society at Stanford. This is why Auernheimer decided to fight his charges instead of take a plea deal, as Spitler did last year.

"I contend there is no crime in telling the truth or using AT&T's, or anybody's, publicly accessible data, to cite it to talk about how they made people's data public," he told CNET.

Auernhemier's jury disagreed.

Read: The Internet's Best Terrible Person Goes to Jail: Can a Reviled Master Troll Become a Geek Hero?. Read the rest

Weev convicted: court finds "iPad hacker" guilty of breaching AT&T site

Andrew "Weev" Auernheimer, the 26-year-old "iPad hacker" charged with federal crimes for obtaining personal data of more than 100,000 iPad owners from AT&T’s website was found guilty on Tuesday in federal court in New Jersey. The court convicted him in one count of identity fraud and one count of conspiracy to access a computer without authorization. Kim Zetter in Wired has the details. Weev tweeted that he plans to appeal. Read the rest

Strange superhero Flaming Carrot goes digital

The 1980s had many surreal and outré comic-book stars. I recall particularly following The Tick, Concrete, and Nexus. They were respectively a nigh-invulnerable, possibly mentally ill superhero with a chubby accountant sidekick in a moth-themed flying suit; a writer whose brain was transplanted by aliens (themselves possibly escaped slaves) into a nearly invulnerable rock-like body often performing missions of mercy; and a man (later others, including men, women, and children) picked by a nearly omnipotent being residing in the center of a planet to atone the genocide of his father by being forced to be an almost indestructible and thoroughly powerful superhero, lest he face disabling pain.

You catch the theme here, right? Omnipotence, invulnerability, superhero—all but the Tick reluctant. Into that mix, Flaming Carrot was something altogether different. Read the rest

A first for Black Hat hacker con: Apple in the house

Apple has never before participated in Defcon or Black Hat, but Bloomberg reports that this will change Thursday "when Dallas De Atley, manager of Apple’s platform security team, is scheduled to give a presentation on key security technologies within iOS, the operating system for iPhones and iPads" at Black Hat in Las Vegas, NV.

It’s significant because in recent years, Apple products have been stripped of their image of being hack-proof. The company’s rise has made it a bigger target, as hackers have been discovering bugs in the iPhone since it came out in 2007. Earlier this year, more than 600,000 Macs were infected, the first major malicious software attack targeting Apple computers.

Weev: Not Amused. Read the rest

Nexus Q media streaming ball

Google briefly exposed its Nexus Q media streaming box—or, rather, a ball—today at the Google Play store before taking the page down. An official announcement will likely come at today's Google I/O conference. In the meantime, we can muse on the specs: 4.6" in diameter, it weighs 2 pounds and has a dual-core ARM Cortex CPU. It has 1GB of RAM and 16GB of flash storage. At the back, there are there are the following holes: Micro HDMI, TOSLink, Ethernet, Micro USB and banana jack speakers. It will be $300 when it ships, with optional $400 speakers (wow) and $50 speaker cables (lol). [Ars] Read the rest

Andrew "Weev" Auernheimer, hacker in AT&T iPad case, on Occupy Wall Street

[Video Link]

In the video above: Noted troll Andrew Escher Auernheimer, aka weev of Goatse Security, on his federal case and why Occupy Wall Street matters to him: "I've had a strong decade of infuriating rich people," he says, "I am the 99%."

Among other things, weev speaks about his friend Ari Douglas. He also shares why he believes federal prosecutors want to put him in jail for exposing sloppy data security at AT&T.

Reporting security vulnerabilities is in the public interest, weev and his supporters maintain. In going after him, their argument goes, US attorneys are attempting to set a precedent that will be legally hazardous for any security researchers who reveal information that could embarrass or harm the market value of large companies.

It's a wide-ranging rant. "We have no right to eat cheese anymore!," he intones. But this time, it would appear that weev is not in it solely for the lulz. Check it out.

Background on his case at CNET, Wired, Fast Company.

(via @OccupyWallStNYC) Read the rest

IMF: We wuz hacked

The New York Times reports that the International Monetary Fund (IMF) has been hit with what is described as "a large and sophisticated cyberattack whose dimensions are still unknown." The breach happened before the IMF's managing director was accused of trying to rape a hotel worker.

The fund, which manages financial crises around the world and is the repository of highly confidential information about the fiscal condition of many nations, told its staff and its board of directors about the attack on Wednesday. But it did not make a public announcement.

Several senior officials with knowledge of the attack said it was both sophisticated and serious. "This was a very major breach," said one official, who said that it had occurred over the last several months, even before Dominique Strauss-Kahn, the French politician who ran the fund, was arrested on charges of sexually assaulting a chamber maid in a New York hotel.


IMF considered harmful - Boing Boing Amid global recession, new IMF strategy: raping commoners one at a ... Middleweight public intellectuals defend Dominique Strauss-Kahn ... List of economists involved in violent sex crimes, for Ben Stein ... Hacker and internet troll Weev befriends DSK: "We're all like one ... Read the rest

Hacker and internet troll Weev befriends DSK: "We're all like one big Breakfast Club in there"

Accused attempted rapist Dominique Strauss-Kahn has met the welcome wagon, and it is Weev. The hacker and internet troll who lives in the downtown New York City building where DSK is placed under house arrest told the New York Post he's met the ex-IMF chief, and that they are pals of a sort.

"He's an OK guy," said Andrew Auernheimer, 26, (pictured) who claims that DSK lives on the fourth floor of the Empire Building at 71 Broadway, where "eight or nine other guys are all in the same situation."

"We're all like one big Breakfast Club in there," he said. "I saw the guy coming in . . . with guards. . . and roaming the hallway and I invited the guy in and introduced him to a few people. . ..

Auernheimer, aka Weev, is one of the guys who discovered a flaw at AT&T's website that compromised the privacy of thousands of iPad users.


Two dudes seeking "maximum lols" charged in AT&T iPad hack case ... AT&T iPad hack discoverer arrested Read the rest

AT&T iPad hack discoverer arrested

Last week, hacker Andrew Auernheimer uncovered a flaw at AT&T's website which may have compromised the privacy of thousands of iPad users. This week, he was arrested on drugs charges. From CNET:

Andrew Auernheimer, 24, was being held in Washington County Detention Center in Fayetteville, Ark., according to Lt. Anthony Foster of the Washington County Sheriff's office in that state. The drugs were found during the execution of the warrant, said Lt. Mike Perryman, of the Fayetteville Police Department. However, Perryman could not say what prompted the warrant. ...

What indeed? We're far short of knowing much about the circumstances of his arrest, but if AT&T sent the Feds on a fishing trip out of spite rather than because it had evidence of a crime, it would be perfectly in keeping with its reputation. Also, the fact that Auernheimer's supposedly a racist and an 'unsavory dude' shouldn't make it OK to arrest him on unrelated charges just because.

If the charges are accurate, though, we might have a learning moment at hand: If one has just publicly exposed the gross incompetence of a major corporation and humiliated its respected partners, perhaps it is time for one to flush the coke.

Fascinatingly, it appears Auernheimer is Weev, a source for a 2008 New York Times feature about how horrid internets are. In it, Weev was quoted saying that that posting flashing images to an epileptics' online forum was over the line: "It's hacking peoples unpatched brains. we have to draw a moral line somewhere." Mattathias Schwartz wrote:

Weev, the troll who thought hacking the epilepsy site was immoral, is legendary among trolls.

Read the rest

Next page