Cybersecurity

American Justice: Five Years Prison for Changing a Headline

Apparently messing (even briefly) with a newspaper website is a federal matter.

|

Matthew Keys

Today members of the House Judiciary Committee are unveiling some of its bipartisan federal criminal justice reforms, focusing on fixing overlong sentencing and mandatory minimums. (Read more about the Senate version of the legislation from Jacob Sullum here).

In the meantime, Matthew Keys could very well spend years in federal prison because of his role in giving members of Anonymous access to the website for the Los Angeles Times. The damage? They changed a single headline. For 40 minutes.

Keys, a former Tribune employee, was accused of handing over his username and password to somebody from Anonymous, who then changed the headline and subhead to some silly but harmless hacker nonsense. The alteration was found relatively quickly and fixed.

Then federal prosecutors stepped in and threw the book at Keys for his childish behavior. He was charged under federal anti-hacking laws with conspiring to make unauthorized changes to the Tribune-owned site, conspiring to damage its computers, and for transmitting or attempting to transmit "malicious code."

The last two of those charges are self-evidently nonsense, but nonetheless Keys was convicted yesterday. Technically all the charges combined could land Keys 25 years in federal prison, but prosecutors are magnanimously asking for less than five. Keys called the verdict "bullshit" in several different ways in a phone interview with the Washington Post.

Over at Vice's Motherboard, Sarah Jeong took note of another little detail that adds to the absurdity of the whole affair. In order for Keys' behavior to be considered a federal crime, the amount of damage caused by this "hacking" had to amount to more than $5,000. Remarkably, prosecutors claimed Keys caused nearly $1 million in damage. I'm not familiar with the Times' back end myself, but if it cost more than a cup of Starbucks coffee to fix the altered headlines, well, then no wonder Tribune went through bankruptcy. Here's how U.S. Attorney Benjamin B. Wagner describes the outcome of Keys' behavior:

"Although he did no lasting damage, Keys did interfere with the business of news organizations, and caused the Tribune Company to spend thousands of dollars protecting its servers. Those who use the Internet to carry out personal vendettas against former employers should know that there are consequences for such conduct."

If Keys prompted Tribune to better protect its servers and change its behavior, frankly, one could argue he did them a favor. Important reminder: Keys was fired in October 2010 from his job at a Tribune-owned television affiliate. He provided his account information to Anonymous in December 2010 and his password was still valid. If Tribune had better online security practices, like immediately suspending access privileges of the employees it had fired to the internal operations of the company, this wouldn't have even had happened. This doesn't absolve Keys of responsibility for his behavior, of course (which arguably could have been dealt with in a civil, not criminal, case). It's just important for people to grasp how easily Tribune could have prevented this problem (and the alleged thousands of dollars in costs) not with high-tech anti-hacking measures or encryption, but with very basic, common-sense security practices.

Advertisement

NEXT: Mark Zuckerberg Should Sponsor for Asylum the Family of Indian Muslim Lynched for Eating Beef

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. I guess this is where the constant and thorough blowjobbery the fourth estate bestows on the government results in a little reacharound in return.

    1. You have an… interesting grasp of human genitoanatomy, Hugh. The reacharound typically comes with the ass-pounding, not a mere b’jay.

      Now, if the gubmint deigns to offer a lil’ sixty nine action from time to time…

      1. Wait, are you saying that journalists don’t have balls on the back of their heads? What about Thomas Friedman?

        1. I said HUMAN genitoanatomy. Thomas Friedman, if i’m not mistaken, is a sort of fungus.

          1. What’s Krugman then?

            1. Chopped liver?

            2. Scientists aren’t sure – he appears to consist of an unusually large agglomeration of Archaean cellular bodies, but with virus-like attributes as well.

            3. Latest evidence says he is a space-alien / parasite hybrid of some sort… Maybe like the “alien parasite” that pops out of you chest and / or leeches onto your face and strangles your throat with its tail, if you try to mess with it!

            4. I read “fooled by randomness” this week and it was funny how high a regard the author had for George Soros and Paul Krugman, 2 people I would never have heard of without H&R.

            5. a lesser sub-species of the reptillians

        2. I’m not sure he has balls, period.

          1. He has Obama’s balls – on his chin

            1. Assuming Michelle will let Barry get them out of the jar on her nightstand, of course.

              1. Yes – I’m stipulating that

  2. He is being charged with the cost of updating their security practices to the basic minimum.

    If it weren’t for his shenanigans, they could have saved all that security money.

    1. i lolled

  3. “Never insult someone who rents pixels by the gigabyte.”

  4. The Fourth Estate is such a sacred thing, vandals might well not make a headline adequately sucking the cock of power.

  5. “If Keys prompted Tribune to better protect its servers and change its behavior, frankly, one could argue he did them a favor.”

    If the burglars prompted the homeowner to set up a better security system, frankly, one could argue they did the homeowner a favor.

    1. That analogy doesn’t fit the situation described in the article. It’s more like a neighbor’s kid playing a prank when you left your front door unlocked.

      1. Or being kicked out of the house by your ex after living together for some time, and while the homeowner neglects to change the locks on the doors, you give your copy of the house key to a burglar.

        1. FTFY
          *to a vandal who then decides to move your living room furniture around costing you a few minutes of otherwise useless time.

          1. “I stole all of your furniture and replaced it with identical furniture!”

            1. So cunning was my deception, I also emptied all of the contents of the old furniture out, and placed it all back in the same place in the new furniture.

              Except I kept one almost valueless item. Can you identify what I kept?

    2. Burglars steal things and/or damage property. What damage did Keys do?

      1. OK, then, trespassers, not burglars.

        1. If some confused hobo walked through my unlocked front door and then left. That’s the analogy.

          1. Their IT department probably had to go through the system thoroughly to make sure no unpleasant surprises were left anywhere. Just having been in there was a problem for IT to deal with.

            1. Just like a confused hobo. Analogy validated.

              1. Right on – what isn’t said is if the LAT fired any sysadmins or HR people over the horrendously lax security practices/termination procedures.

            2. Depending on what software the LAT use to drive their site, that task could be trivial, or very complex.

              I would expect that they use a content management system that will have every news item and heading timestamped and versioned; although we are talking about the LAT here, so it’s far from certain.

              It’s very unlikely that Keys would have had greater access than other contributors, so my money’s on “trivially simple” to check the whole site. How else would the LAT times be able to ensure that when they wanted to kill a news item, they could do so fully, and with confidence.

    3. This is more like the neighborhood kids ringing your doorbell and then running away, and then you claiming you had to spend thousands of dollars installing a camera system to watch your front door because of it.

      1. Good one. That’s about what happened.

      2. Maybe they left a bag of smouldering dogshit on the stoop too. But that’s about it.

        1. That’s a good analogy, but that hardly qualifies as a “favor”.

      3. No, it’s more like giving the neighborhood kids the keys to your house, then changing your mind but not changing the locks. You invited them in, they didn’t break in.

    4. If throwing a rock through your old window prompts you to install a better one then you could say I did you a favor.

      You can argue that the punishment outweighs the damage done by magnitudes but do not resort to fallacies that normally your organization would find laughable.

      1. Bastiat FTW.

        It’s quite a stretch to say the guy did the LAT a favor, but it’s difficult to see this as being a punishment proportional to the damage caused.

        1. Yes, it is Shackford just blithely going down that line of thought irks the hell out of me.

          1. Forget it Mickey, it’s Shackfordwood.

  6. Look man, we can’t expect these newspapers to have same kind of IT security as the government.

  7. If only they’d had that website on a private server…

    1. They’d be running for the D nomination!

  8. This is a good test. My first instinct is something like “yeah, fuck this guy and all hackers,” but then when I think about it all of my reasons would be slippery slope type bullshit.

    So yeah, I have to come down on the side of this punishment being stupid and excessive.

  9. Appeal the conviction to the ussc. By the time it arrives, the media will be aflame with outrage over the fascist Trump administration’s sinister campaign to imprison all journalists…

    1. That just sounds like a “common sense law” to me….

  10. Seems legit.

    /Progovlover

  11. So.

    Do we have enough woodchippers for this one?

    1. *raises toast of Rusty Woodchipper in fraternity mug – chugs – throws up on Rufus’ shoes*

      WOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!!!!!

    2. I think it’s time we upgrade to an ultra-high capacity woodchipper.

      1. Can I install a camera like the ones on amusement park rides that captures their face right at the moment their feet get ground into manpaste?
        “okay heres the part with the camera make sure your hands are up, dont want anyone thinkin you were a pussy, do you?”

  12. “If Keys prompted Tribune to better protect its servers and change its behavior, frankly, one could argue he did them a favor.”

    Come on. That’s the plot of every home-grown terrorist movie and TV show — “I’m just blowing all this up to show how vulnerable we are.”

    This article was teetering on weak — he was not charged for the headline, but for the access he granted — but that sentence tips the balance.

    Reason can do better.

    1. Reason isn’t the magazine you want, but is the magazine you deserve.

      1. “Deserve’s got nothing to do with it….”

        *shoots Little Bill in the face*

      2. Frankly, Shackford is doing you a favour.

  13. 25 years for letting a hacker write on a commercial website.

    Nada for letting hackers steal 5 million fingerprints from fed-gov employees and their families.

    And justice for all.

    1. Who gives a shit about identity theft of those fucking leeches.

      How about the identity theft from the IRS – every poor bastard who had their details stolen can pretty much wave goodbye to inexpensive, software-completed tax reporting and filing for the next few years.

      And yes, I was one of them.

    2. Kinda proves that the major media are nothing more than the mouthpieces of the state.

  14. Did this guy know the password was still valid when he told it to the hacker?

    If it were me my whole defense would be, “Yeah I told the guy my old password at a company I was fired from a couple months ago. It was a clever word play on a Korean swear word and I thought it was cool. How was I supposed to know that those asshats hadn’t changed it or shut it down?”

  15. Password was probably “sriracha” or “kombucha”

    1. “Password123”

  16. What was the headline in question? I’m not getting any info from the links.

    I just want to know if it was something funny, like going from “Sanders calls Hillary ‘a cordial, challenging opponent'” to “Sanders calls Hillary a ‘nagging cunt'”.

  17. Just to be clear, based on this account the sentence seems excessive. Maybe a few months cooling his heels at Club Fed, just to show that he wasn’t supposed to do what he did.

    1. But then he’d become part of the narrative of “soft on white-collar crime while being punitive toward crimes by people of color,” blah blah.

    2. fuck that, this was clearly a civil suit, its like you and your girl brake up and you dont get the key back from her, dont change the locks , then she gives the key and address to her new BF and he goes in and moves your couch from one side of the house to another. would the police even give a shit about your petty problem? not likely prole

  18. I don’t have too much sympathy for Mr. Keys…He didn’t just change a newspaper headline. What he did was the equivalent of an employee giving the keys to his employers’ store to a group of folks known to shoot-up the town occasionally.

  19. Will the media be referring to this prosecution as an “Obama administration action” or just some federal prosecutor, working on his (or her) own?

  20. Funny how Reason can ignore the private property issues here. It’s not his property, he had no right to do what he did and risked doing actual harm to the LA Times when he did so. Who knows what else Anomymous might have done while accessing the site? This is no small thing and I hope this jerk gets locked up for a couple of years at least. Good message to the anarchic dickwads of the world – just because you dingbats want to pretend we live in a post-nation state order doesn’t mean we have.

Please to post comments

Comments are closed.