Pro-WikiLeaks hackers may be hard for U.S. to pursue

NEW YORK Fri Dec 17, 2010 8:06am EST

Credit card group MasterCard's website is not loading as of this screen grab at 9:10 ET on December 8, 2010. REUTERS/Staff Photographer

Credit card group MasterCard's website is not loading as of this screen grab at 9:10 ET on December 8, 2010.

Credit: Reuters/Staff Photographer

Related Topics

NEW YORK Dec 17 (Reuters Legal) - Legal hurdles could make it tough for U.S. prosecutors to go after pro-WikiLeaks hackers who waged cyber attacks last week on Visa, MasterCard, PayPal and other companies.

Attorney General Eric Holder said last week he was "looking into" it but there are enormous challenges finding, moving, investigating and finally convicting those the United States might accuse.

Typically the federal government prosecutes hacking under the Computer Fraud and Abuse Act, which prohibits the "transmission of a program, information, code, or command" that "intentionally causes damage without authorization, to a protected computer." It's a broad, powerful statute that applies even to computer crime committed abroad, and can carry prison sentences and heavy fines. But to use it, authorities will first have to locate the elusive hackers and bring them to the United States.

In this case, a group of Internet activists working under the name Operation Payback claimed responsibility for the attacks, which briefly shut down the websites of several companies that had cut off services to WikiLeaks after the whistleblower organization last month made public a massive trove of secret U.S. diplomatic cables. Dutch police arrested two Dutch teenagers last week, and other hackers around the globe are believed to be involved. If the U.S. seeks to prosecute these or any other hackers who may be apprehended overseas, it will have to rely on foreign counterparts to extradite them to the United States. Extraditions often get caught up in politics.

INTERNATIONAL COOPERATION

Over the last decade, international cooperation in computer crimes has increased; since 2004, dozens of countries have ratified the Council of Europe's Convention on Cybercrime, which was designed to harmonize computer crime policy and foster international cooperation. Still, a handful of countries, including Russia, have not ratified the treaty. Prosecuting hackers in those countries could prove difficult. The Wall Street Journal reported that the Federal Bureau of Investigation worked with Dutch authorities on the arrests; Justice Department spokeswoman Laura Sweeney declined to comment on the arrests in the Netherlands or the extent to which the two countries may be cooperating.

The targeted companies apparently suffered "distributed denial-of-service attacks," which overload websites with so much traffic that they slow down or stop functioning altogether. In such attacks, hackers infect many computers with a program designed to flood the target's Web server. To find the people responsible, the U.S. government might be able to use undercover agents and cooperators, or get help from international organizations that track the sources of viruses and cyber-weapons.

SUBPOENAS NEEDED

In the absence of such assistance, investigators would have to trace the source of the attacks themselves. First, the infected computers must be located. For investigators in the United States, this technological challenge also presents a legal hurdle: obtaining subpoenas for multiple Internet service providers. Then, once the infected computers are tracked down, and if the owners don't voluntarily turn them over, investigators face another legal obstacle: getting a search warrant to examine the hard drives. Only then can they begin the complex forensic analysis aimed at tracing the program back to its source.

The U.S. Computer Fraud and Abuse Act imposes another hurdle, albeit a minor one: The government must show that the alleged computer crime caused losses in excess of $5,000 over a one-year period. In this case, that would be easy to do. But so far, no evidence has emerged to suggest that any of the companies targeted by Operation Payback suffered serious losses. MasterCard, for example, said in a statement that while it had "seen limited interruption in some web-based services," its "core processing capabilities have not been compromised and cardholder account data has not been placed at risk." Prosecutors may feel less urgency to bring charges because the damages appear to be relatively small.

In contrast, the federal government last year won a conviction against Albert Gonzalez, an American who pleaded guilty in connection with the computer hacking of several major U.S. retailers. More than 40 million credit and debit card numbers were allegedly stolen in the process. Gonzalez was sentenced to 20 years in prison in March.

David Goldstone, a former attorney in the Justice Department's Computer Crime and Intellectual Property Section and now a partner at Goodwin Procter, said that a decision whether to prosecute the Operation Payback could come down to the allocation of resources and the perceived importance of the attacks. "The government may give it less of a priority," Goldstone said. "They may treat it as graffiti."

(Editing by Eric Effron and Amy Stevens of Reuters Legal)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (13)
AdamSmith wrote:
A pilot flying over Iraqi villages in an air-conditioned jet, drops bombs, whose shrapnel passes through the abdomens of young children. The risk to the pilot is zero, or about the same risk an airline stewardess takes every day. Rather than tagging him as a war-criminal, we instead routinely award him a medal for “bravery”. This is not an exaggeration. The medals are real.

But someone who lives in civilian life, who protests the “brave” pilot’s killing of the Iraqi children, by sending a relatively harmless ping over the internet, we now devise ways to prosecute.

Only in America, as the song says.

Dec 17, 2010 11:27am EST  --  Report as abuse
NashvilleDave wrote:
AdamSmith,

We wouldn’t be in Afghanistan in the first place if the government of that country had not sanctioned an attack against our country which killed 3,000 innocent civilians. The difference is that we do everything in our power to avoid harming civilians while our enemy does everything in their power to kill and maim as many as possible.

And BTW, that pilot who’s name and reputation you desecrate does his job for you. So that you can sleep peacefully at night without worrying about religious zealots dragging you from your bed in the night and killing you in a public execution as was the fate of many Afghans before we invaded. So that you can go to work each day and not have to worry about terrorists crashing planes into the building.

You’re welcome.

Dec 17, 2010 12:40pm EST  --  Report as abuse
jr1990 wrote:
NashvillDave,

You couldn’t be more wrong about, and I qoute “The difference is that we do everything in our power to avoid harming civilians while our enemy does everything in their power to kill and maim as many as possible.”

Do you know the body count? Hmm….. do you?
I didn’t think you did, well let me inform you, it is well over 60,000 civilians killed, and under 25,000 INSURGENTS killed. Have you even browsed wikileaks? seen the videos of OUR soldiers killing CLEARLY unarmed civilians, then bragging about it even after they find out there where kids.

How about the guy who was being followed by a attack helicopter while driving his car. The guy being afraid gets out of the car and throws his hands up into the air, the soldier holds for a couple seconds then opens fire killing a unharmed civilian.

or wait.. how about the countless acts of torture?

Think i’m making this up, look up yourself
http://wikileaks.ch/ ,
Want me to make it easy for you?
http://www.collateralmurder.com/
or how about a doc that covers the whole thing?
http://thenextweb.com/shareables/2010/12/12/wikirebels-the-documentary/.

And the plane crash happened ONE time, get over yourself… the people who live in Iraq deal with the US terrorists everyday.

Dec 17, 2010 7:49pm EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.