Published in News

US Department of Justice’s aggressive anti-hacking policy

by on27 November 2014



Scare the c*ap out of them

The US Department of Justice’s policy of scaring the beegeus out of hackers even when it does not have a hope in hell of getting a conviction has come under the spotlight again. For a while now the DoJ has tried to get hackers to plead guilty in return for a “lesser charge.” But it has done so by starting out to threaten the offending hacker with charges that literally tote up to hundreds of years.

In one high profile case, hacker Aaron Swartz killed himself because the DoJ were threatening to lock him up for 60 years for doing something which was arguably not even hacking. But last week the sham was shown for what it really was, prosecutors in the Southern District of Texas reached a plea agreement with 28-year-old Fidel Salinas, in which the young hacker with alleged ties to members of Anonymous consented to plead guilty to a misdemeanor count of computer fraud and abuse and pay $10,000 in restitution.

However the U.S. attorney’s office omitted the fact that months ago, Salinas had been charged with not one, but 44 felony counts of computer fraud and cyberstalking—crimes that each carry a 10-year maximum sentence, adding up to an absurd total of nearly a half a millennium of prison time.

All of those charges have now been dismissed entirely mostly because Salinas’s brief Tor Ekeland pointed out that they were piled on based on a faulty reading of computer crime laws, possibly intended to intimidate the young hacker into a unfavorable plea or to damage his reputation.

“The more I looked at this, the more it seemed like an archetypal example of the Department of Justice’s prosecutorial abuse when it comes to computer crime,” Ekeland said in an interview with WIRED. “It shows how aggressive they are, and how they seek to destroy your reputation in the press even when the charges are complete, fricking garbage.”

Eighteen of the 44 counts in Salinas’ indictment, for instance, were for cyberstalking an unnamed victim. But each of those charges was based on Salinas merely filling out a public contact form on the victim’s website with junk text. Every time he clicked “submit” had been counted as a separate case of cyberstalking.

Another 15 counts of violating the Computer Fraud and Abuse Act in Salinas’ indictment were tied to websites he had targeted in an alleged hacking spree; in some cases he was charged multiple times for different alleged hacking attempts of the same site over the course of just minutes. In each case, Salinas had merely scanned the sites with commercially available vulnerability scanning tools like Acunetix and Webcruiser.

The only remaining one of those 44 felonies to which Salinas actually pleaded guilty—downgraded to a misdemeanor—was a computer fraud and abuse charge for repeatedly scanning the Hidalgo County website for vulnerabilities. Prosecutors argued the scans slowed down the site’s performance.

Rate this item
(0 votes)