Tuesday, August 2, 2011 – Globe and Mail
ANNA MEHLER PAPERNY
The latest alleged hacking mastermind, an 18-year-old arrested at home last week in Scotland’s Shetland Islands, was let out on bail Monday with conditions meant to keep him off the Internet and home at night.
Jake Davis is accused of keeping log-in information for 750,000 people, acting as spokesman for amorphous hacktivist groups and helping to mastermind audacious online attacks against such prominent figures as the UK’s Serious Organized Crime Agency and embattled media mogul Rupert Murdoch.
His high-profile case is one of several indicating a distinct change in the way the justice system and law-enforcement community view hackers and hacktivists. Previously, hackers thought themselves untouchable – capable of evading law-enforcers through their own skills. But arrests like Mr. Davis’s suggest the computer nerds who break into your database, steal your password or pummel your website in a denial-of-service attack are considered criminals, subject to the harshest prosecution the law can offer.
It could put a damper on all but the most dedicated hackers, says Rafal Rohozinski, head of the SecDev Group, an Ottawa-based centre that studies security. But it also challenges prosecutors to drastically improve the way they gather evidence on chimeric cyber-crime.
“One thing is for sure,” he said. “These groups, which previously felt they had a certain degree of invulnerability because of their technical skills and being able to hide, aren’t.”
Mr. Davis appeared briefly in London’s City of Westminster Magistrates’ Court, wearing dark shades, black T-shirt under blue denim and carrying Free Radicals, a book by Michael Brooks dedicated to the anarchic, libertarian leanings of scientists.
Mr. Davis said little in court – just confirmed his personal information and listened to the list of charges as they were read out.
British prosecutors have pointed to Mr. Davis as the man behind Topiary – the vocal alias acting as spokesman for hacker collective LulzSec. The group has become notorious over the past few months for its irreverent targeting of everyone from News International to PBS.
According a Forbes reporter, the teen winced as prosecutor Rav Chodha pronounced the name of the impish hacktivist organization he’s accused of leading as “Luke Sec.”
The group is an apparent offshoot of Anonymous, a hacktivist group that went after opponents of Julian Assange’s Wikileaks last year. While Anonymous was seen as explicitly politically driven, Lulzsec seemed more playful. The group claimed responsibility for replacing the U.S. public broadcaster’s website with an illustration of rainbows and cats and a fake story about Tupac Shakur; more recently, they posted a faux obituary of Rupert Murdoch on the Sun’s website.
Mr. Davis faces charges under the UK’s Computer Misuse Act, the Serious Crime Act and the Criminal Law Act. He’s accused of having a hand in distributed denial-of-service attacks – incapacitating a website with overwhelming traffic similar to an endlessly pushed “Refresh” button.
Ms. Chodha said Mr. Davis was found with a laptop running 16 virtual computers that were running dozens of applications, and in possession of the online log-in information for hundreds of thousands of people.
(Internet access has been a priority for the Shetland Islands, an archipelago north of Scotland. The local council passed a digital strategy in June pledging to bring fast broadband access to 90 per cent of residents by 2016).
Judge Howard Riddle ordered Mr. Davis released on bail until his next court appearance Aug. 30. Mr. Davis is allowed to live with his mother in Lincolnshire as he awaits trial, provided he stays off the Internet and keeps a strict 10 p.m. to 7 a.m. curfew. An electronic tag will help ensure he does.
What’s significant about this case, SecDev’s Mr. Rohozinski notes, is not so much the scale of the accusations as the prosecution itself.
“They’re the target of law-enforcement agencies. And law-enforcement agencies have made it clear they’re going to aggressively pursue these kinds of gangs.”
Mr. Davis’s charges come on the heels of a string of arrests last month, as the FBI, along with British and Dutch authorities, took 21 people into custody, many of them related to previous attacks on Paypal.
Last month another British teenager, 19-year-old Ryan Cleary, was charged with attacks on the Serious Organized Crime Agency and various British music sites. Ms. Chodha referred to Mr. Cleary as a “co-defendant” in Mr. Davis’s Monday hearing.
The push for enhanced cybersecurity also necessitates better collection of electronic evidence and dusting for digital fingerprints. And what police forces lack in hacking know-how, Mr. Rohozinski says, “they make up in determination, resources and the ability to channel resources over a long period of time.”
The apparent crackdown, even if ensuing prosecutions result in successful convictions, won’t eliminate hacking, Mr. Rohozinski said. But “the lines and the rules are starting to be drawn in a way they perhaps weren’t before. … Cyberspace will no longer be just a wild west for whatever behaviour is tolerated.”
With files from the Associated Press
750,000: members of individual accounts for which police allege Mr. Davis had online log-in and password information. Much of that information, prosecutor Rav Chodha said, belonged to random members of the public.
Sony, National Health Services, News International and the Serious Organized Crime Agency: Victims of hacking enterprises in which police allege Mr. Davis had a hand.
LulzSec: The amorphous group of hackers has claimed responsibility for posting a fake story of Rupert Murdoch’s death, and another on PBS’s website, claiming Tupac Shakur is alive.
Free Radicals: The secret anarchy of science: The book, by Michael Brooks, that Mr. Davis was carrying during his court appearance. It details the anarchic and libertarian side of some of history’s scientific minds.