Call Yourself A Hacker, Lose Your 4th Amendment Rights…

The US District Court for the State of Idaho ruled that an ICS product developer’s computer could be seized without him/she being notified or even heard from in court primarily because he/she states on his/her web site “we like hacking things and don’t want to stop”.

A little background…

Battelle Energy Alliance LLC is the management and operating contractor for Idaho National Laboratory (INL), and they have brought suit against ex-INL employee Corey Thuen and his company Southfork Security.   It began with the US Department of Energy funding an effort for INL to develop “a computer program aimed at protecting the United States’ critical energy infrastructure (oil, gas, chemical and electrical companies) from cyber attacks.” Corey Thuen was one of the developers of this software program that was later called Sophia.  Sophia identifies new communication patterns on ICS networks.

Battelle wants to license this technology, NexDefense was selected to negotiate for a license, and the suit states that Corey was pushing for it to be open source. Eventually Corey left INL, created Southfork Security, and wrote a similar “situational awareness” program called Visdom.  In simple terms, the suit alleges that Corey stole the code and violated agreements with INL.

But all this is not the important part…

The disturbing part of the ruling is that Battelle asked for and got a restraining order without first notifying Corey/Southfork Security primarily because the Southfork web site said “We like hacking things and we don’t want to stop”. They requested and got an order to knock on his door and seize his computer because he claims to like hacking things on the Southfork web site. From the court decision:

“…The Court finds it significant that defendants are self-described hackers, who say, “We like hacking things and we don’t want to stop”…

“…The Court has struggled over the issue of allowing the copying of the hard drive. This is a serious invasion of privacy and is certainly not a standard remedy, as the discussion of the case law above demonstrates. The tipping point for the Court comes from evidence that the defendants – in their own words – are hackers. By labeling themselves this way, they have essentially announced that they have the necessary computer skills and intent to simultaneously release the code publicly and conceal their role in that act. (underline added) And concealment likely involves the destruction of evidence on the hard drive of Thuen’s computer. For these reasons, the Court finds this is one of the very rare cases that justifies seizure and copying of the hard drive…”

This is bull$hit.  All of a sudden capability = intent?  I guess its really true – “Stupid is as Stupid does…”

Another factor in issuing the restraining order without notice was:

“…Battelle must show that the defendants have “a history of disposing of evidence or violating court orders or that persons similar to the adverse party have such a history.” Id. (citing In the Matter of Vuitton et Fils S.A., 606 F.2d 1, 5 (2d Cir. 1979))…”

“…Battelle asserts generally that defendants who have the technical ability to wipe out a hard drive will do precisely that when faced with allegations of wrongdoing…”

I think the Judge, Battelle and their lawyers either have forgotten or never knew what the term “hacker’ means.  In other words, they have been afflicted with “Hacker Madness.”  They obviously have been watching too many movies.  From a hardware perspective a hacker is someone who innovates, customizes or combines electronic or computer equipment.  From the software side, a hacker may be thought of as one who combines excellence, cleverness or exploration in the job they do.  Basically a person who makes things “smaller, better, faster”.  Any idiot can wipe a hard drive.


Anonymous members Charged for DDoS attacks

anonymousThe U.S. has brought criminal charges against 13 persons, said to be members of the hacker group Anonymous, for their alleged participation in cyberattacks as part of a campaign called Operation Payback.  The defendants and other members of Anonymous allegedly launched or attempted to launch cyberattacks against government entities, trade associations, individuals, law firms and financial institutions, according to a federal grand jury indictment released Thursday in the U.S. District Court for the Eastern District of Virginia, Alexandria division.  The method of attack was DDoS (distributed denial of service) which floods web sites with spurious Internet traffic so that they become unavailable, and the weapon of choice was the freely-available and downloadable network stress testing program known as the Low Orbit Ion Cannon or LOIC, according to the indictment.  The 13 persons have been charged with one count of “conspiracy to intentionally cause damage to a protected computer” from about Sept. 16, 2010 to at least Jan. 2, 2011. All are from the U.S. and in their 20s with the exception of Geoffrey Kenneth Commander, a 65-year-old man from Hancock, New Hampshire, and Dennis Owen Collins, a man from Toledo, Ohio born in 1960.  Members of Anonymous launched Operation Payback on about September 2010 to retaliate against the discontinuation of The Pirate Bay, a controversial file-sharing website in Sweden, according to the indictment.

13 go down, 100’s rise up…


  • Ads