‘Hacker Madness’ Strikes Idaho Judge

A federal judge in Idaho appears to have had a fit of hacker madness.

In a case involving a former employee and his bosses over software for protecting the nation’s critical infrastructure from cyberattacks, federal district court Judge B. Lynn Winmill found the employee’s privacy rights could be ignored because he was a self-proclaimed hacker.

The employee, Corey Thuen, formerly worked for Battelle Energy Alliance, which developed the cyberdefense software called “Sofia” for the U.S. Department of Energy’s Idaho National Laboratory.

After being terminated by Battelle, Thuen set up his own shop, Southfork Security, which began marketing a cybersecurity program that looked remarkably like Sophia. What’s more, Southfork’s software, called “Visdom,” was going to be open source, so anyone could look at it — including potential intruders.

Tipping Point

Battelle, which had already licensed Sophia to a company that intended to market a proprietary version of the software, moved against Southfork. It commenced proceedings that excluded Thuen — “ex parte,” in legal speak — to block the former employee from releasing his open source software and to copy the alleged pilfered code from the hard drive where it resided.

Battelle argued that the ex parte proceedings were necessary because if Thuen were tipped off, he’d destroy any evidence of his wrongdoing. Judge Winmill bought that argument, largely because on Southfork’s website, Thuen declares, “We like hacking things and we don’t want to stop.”

“A well-known characteristic of hackers is that they cover their tracks,” Winmill wrote. “This makes it likely that defendant Thuen will delete material on the hard drive of his computer that could be relevant to this case.”

Although allowing Battelle to copy Thuen’s hard drive was a serious invasion of privacy and not a standard remedy, Winmill said the action was warranted in this case.

“The tipping point for the Court comes from evidence that the defendants — in their own words — are hackers,” the judge wrote. “By labeling themselves this way, they have essentially announced that they have the necessary computer skills and intent to simultaneously release the code publicly and conceal their role in that act. And concealment likely involves the destruction of evidence on the hard drive.”

Hacker Madness

Winmill’s notion that anyone who calls himself a hacker has to be a bad actor is one that’s growing in popularity among folks who find the Bill of Rights an annoying barrier to advancing their agenda. It’s something the Electronic Frontier Foundation calls the “Hacker Madness” strategy.

“Using it, the prosecution portrays actions taken by someone using a computer as more dangerous or scary than they actually are by highlighting the digital tools used to a nontechnical or even technophobic judge,” EFF Legal Director Linda Cohn wrote at the organization’s website.

The Southfork case appears to fit into the Hacker Madness pattern.

“The court took a pretty extraordinary step by relying on stereotype and hyperbole rather than really digging into the facts,” EFF Staff Attorney Hanni Fakhoury told TechNewsWorld.

“We would hope that courts look beyond the scary word hacker and really assess whether the defendant is likely to cause the harm the plaintiff claims,” he added.

Part of the cause of Hacker Madness is semantic.

“The fundamental problem in this case is that the judge didn’t seem to understand that there are positive uses of the word hacker,” Chris Soghoian, principal technologist and a senior policy analyst with the ACLU’s Project on Speech, Privacy and Technology, told TechNewsWorld.

“It’s a term that some people use to describe themselves with pride,” he continued, “and it’s a term that other government agencies have recognized has positive connotations.”

Problems in the Southfork case were exacerbated by the one-sided aspect of the proceedings.

“There was no one to inform the court about the actual use of the word hacker in the technical community,” Soghoian said. “The judge only heard from one side, and that side had an incentive to make the individual sound scary.”

Payday Spam Tops 3Q

SMS spam was dominated by financially charged messages — including those for payday loans — during the quarter ending Sept. 30, according to a report released last week by Cloudmark.

Nearly two-thirds (65 percent) of all mobile spam during the period contained financially charged messages about everything from payday loans, loan insurance and bank accounts to debt relief and accident compensation.

“Spam and scam messages attempting to seduce (or scare) with the explicit mention of money seem to currently hold a great deal of traction with SMS spammers,” Cloudmark observed in its 3Q13 global Messaging Threat Report.

With 35 percent of SMS spam volumes during the period, payday scams were by far the most popular during the quarter, even though a crackdown on the industry in the UK weeded out 19 of the 50 top players in that market.

Payday loan scams are popular in the United States, too.

“It’s taken over from bank phishing as the biggest hack,” Cloudmark Threat Researcher Andrew Conway told TechNewsWorld.

“During the first four or five months of the year, bank phishing was the main thing we were seeing,” he continued. “That has died down, and payday loans have really taken off.”

Breach Diary

  • Oct. 21. The NSA made 70.3 million recordings of telephone data of French citizens from Dec. 10, 2012, to Jan. 13, 2013, says a report based on information leaked by Edward Snowden. The report is inaccurate, says NSA.
  • Oct. 21. Protected health information for approximately 729,000 patients was compromised following the theft of two laptops from a secure office, reports AHMC Healthcare, of Alhambra, Calif. There is no evidence yet that the information has been accessed or used in any manner, according to AHMC.
  • Oct. 23. German government announces U.S. intelligence agencies may have monitored mobile phone calls of its chancellor, Angela Merkel. United States claims monitoring is not taking place.
  • Oct. 23. Fifty-five percent of consumers would change their bank if it suffered a data breach; 46 percent, their insurance companies; 42 percent, their drug store or pharmacy; and 40 percent, their doctor or dentist, reveals Harris Interactive study sponsored by Cintas.
  • Oct. 23. Adobe announces its Flash Player software supports sandbox feature in Apple’s Safari browser running OS X Mavericks, released Oct. 22.
  • Oct. 24. The United States monitored phone conversations of 35 world leaders in 2006, says report based on information leaked by Edward Snowden. The snooping produced “little reportable intelligence” because the personal phones were not used to discuss sensitive matters, according to the report published in The Guardian.
  • Oct. 24. U.S. Attorney in Los Angeles charges 12 members of criminal group who allegedly raked in hundreds of thousands of dollars in ATM skimming scam.
  • Oct. 24. Schnuck Markets, of St. Louis, settles class action lawsuit resulting from data breach in which 2.4 million payment card numbers were compromised. Under the terms of the settlement, which is capped at US$1.6 million, the company pays customers up to $10 for each card that was compromised and had fraudulent charges posted to it. Injured parties are also being reimbursed, up to $175, for incidental expenses connected to the breach, such as bank overdraft charges and time spent dealing with the breach.

Upcoming Security Events

  • Oct. 28. SCADA and Me: Security Basics for Children and Managers. Noon ET. Live Web event, Free.
  • Oct. 29-31. RSA Conference Europe. Amsterdam RAI. Registration: Early Bird to July 26, 895 euros + VAT delegate/495 euros + VAT one-day pass; Discount from July 27-Sept. 27, 995 euros + VAT delgate/595 euros + VAT one-day pass; Standard from Sept. 27-Oct.27, 1,095 euros + VAT delegate/695 euros + VAT one-day pass; On site from Oct. 28-31, 1,295 euros + VAT.
  • Oct. 29. Digital Attack Map. Noon ET. Webinar sponsored by Google and Arbor Networks. Free with registration.
  • Oct. 29. The Economics of Cyber Crime. 11 a.m. ET. Webinar sponsored by Dark Reading. Free with registration.
  • Nov. 6. FedCyber.com Government-Industry Security Summit. Crystal Gateway Marriott, 1700 Jefferson Davis Highway, Arlington, Va. Registration: government, free; academic, $100; industry, $599.
  • Nov. 18-20. Gartner Identity & Access Management Summit. JW Marriott at L.A. Live, 900 West Olympic Boulevard, Los Angeles, Calif. Registration: Early Bird to Sept. 27, $2,075; Standard, $2,375; Public Sector, $1,975.
  • Dec. 4-5. MENA Business Infrastructure Protection 2013 Summit (Risk Management and Security Intelligence for companies in the Middle East and North Africa). Dubai.
  • Dec. 9-12. Black Hat Training Sessions. Washington State Convention Center, Seattle, Wash. “The Art of Exploiting Injection Flaws,” $1,800 by Oct. 24; $2,000 by Dec. 6; $2,300 thereafter. “The Black Art of Malware Analysis,” $3,800 by Oct. 24; $4,000 by Dec. 5; $4,300 thereafter. “CNSS-4016-I Risk Analysis Course,” $3,800 by Oct. 24; $4,000 by Dec. 5; $4,300 thereafter.
  • Dec. 9-13. Annual Computer Security Applications Conference (ACSAC). Hyatt French Quarter, New Orleans.
  • Jan. 20-21, 2014. Suits and Spooks. Waterview Conference Center, Washington, D.C. Registration: Sept. 20-Oct. 20, $415; Oct. 21-Dec. 1, $575; after Dec. 1, $725.
  • Feb. 17-20, 2014. 30th General Meeting of Messaging, Malware and Mobile Anti-Abuse Working Group. Westin Market Street, San Francisco. Members only.

John Mello is a freelance technology writer and former special correspondent for Government Security News.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Hacking

Technewsworld Channels