In my capacity as First Assistant United States Attorney, I have been shown various harassing and potentially threatening email messages directed at United States Attorney Ortiz and the United States Attorney’s Office following Mr. Swartz’s suicide.

Attached at Tab E are copies of the following articles:

a. Swartz case protest at Boston US Attorney’s Home, The Boston Globe, March 12, 2013; and
b. Swartz protesters go to prosecutor’s home, The Boston Globe, March 17, 2013.

In my capacity as First Assistant, I have been shown various harassing and threatening messages directed at AUSA Heymann. One such email I have seen states, among other things:

ROFLMAO just saw you were totally dox’d over the weekend by Anonymous. How does it feel to become an enemy of the state? FYI, you might want to move out of the country and change your name . . .

That same email copies personal information of AUSA Heymann, including his home address and personal telephone number, among other things. AUSA Heymann has also reported to me that his personal information (including his home address, personal telephone number, and the names of family member and friends) were posted online, and that his Facebook page was hacked.

Attached at Tab F is a redacted copy of a postcard that AUSA Heymann has informed me he received at his home.

Attached at Tab G is a copy of a postcard that Professor Philip Heymann has informed me he received.

According to a federal indictment first obtained by the Huffington Post, Keys used a chat site to pass information to Anonymous. Using the name AESCracked, Keys handed over the login credentials and told hackers to "go fuck some shit up", the indictment says.

The hacker accessed at least one Los Angeles Times story and altered it, the charges say.

On the one hand, when compared what happened with Aaron Swartz, this is a step in the right direction. We're not talking about someone with positive intentions who walked the line between hacking and innovation, but someone who acted with obvious malice. But on the other hand, this highlights the big problem with federal hacking laws. The damage amounted to little more than inconvenience for a system administrator, making this essentially a case of small-scale vandalism—but because it involves computers, it's elevated to a federal crime. This really makes no sense. Computers and the internet are present in every part of life today, and computer crime can happen at every scale. In this case, it was the sort of reckless but small act of spite that would result in a much less serious punishment if it didn't happen online, and if it didn't allow the government to place Anonymous in the villain role of another story.

The case against Keys looks strong, and I'm guessing it will end with some sort of deal for a lesser punishment—possibly in exchange for information about other hackers. The real penalty will be the damage done to his career by this breach of trust (which further highlights the pointlessness of trying to put him in jail), but the biggest takeaway is that federal computer crime laws are in serious need of reform. Elevating the severity of simple crimes because they involve what is now one of the most common tools in the world is a senseless imbalance of justice, and makes it much harder to identify and combat serious crime online.

It's the fact that the point behind the mask was solidarity against oppression that made Dubai's move to outlaw the masks so misguided. But they are no longer the only nation to do so. Bahrain has now banned the import of the masks, trying desperately to stave off a 2-years running protest movement. The ban came from the country's commerce department, because apparently they don't think that masks can be made by their citizens. As The Independent noted:

Sadly, though, it is but a mask. And the thing about a masks is, you can print them, paint them or draw them yourself. Unless the minister plans to ban all such activity it seems an action as futile as the real Guy Fawkes's.

Citizens of the world,

Anonymous has observed for some time now the trajectory of justice in the United States with growing concern. We have marked the departure of this system from the noble ideals in which it was born and enshrined. We have seen the erosion of due process, the dilution of constitutional rights, the usurpation of the rightful authority of courts by the "discretion" of prosecutors. We have seen how the law is wielded less and less to uphold justice, and more and more to exercise control, authority and power in the interests of oppression or personal gain.

We have been watching, and waiting.

Two weeks ago today, a line was crossed. Two weeks ago today, Aaron Swartz was killed. Killed because he faced an impossible choice. Killed because he was forced into playing a game he could not win -- a twisted and distorted perversion of justice -- a game where the only winning move was not to play.

However, in order for there to be a peaceful resolution to this crisis, certain things need to happen. There must be reform of outdated and poorly-envisioned legislation, written to be so broadly applied as to make a felony crime out of violation of terms of service, creating in effect vast swathes of crimes, and allowing for selective punishment. There must be reform of mandatory minimum sentencing. There must be a return to proportionality of punishment with respect to actual harm caused, and consideration of motive and mens rea. The inalienable right to a presumption of innocence and the recourse to trial and possibility of exoneration must be returned to its sacred status, and not gambled away by pre-trial bargaining in the face of overwhelming sentences, unaffordable justice and disfavourable odds. Laws must be upheld unselectively, and not used as a weapon of government to make examples of those it deems threatening to its power.

The U.S. Sentencing Commission website has been hacked again and a code distributed by Anonymous "Operation Last Resort" turns ussc.gov into a playable video game.

Visitors enter the code, and then the website that sets guidelines for sentencing in United States Federal courts becomes "Asteroids."

Shooting away at the ussc.gov webpage reveals an image of Anonymous. The trademark Anonymous "Guy Fawkes" face is comprised of white text saying, "We do not forgive. We do not forget."

The exploit is probably counterproductive too. Apart from turning those who want reform of computer crime law into the allies of lawbreakers, Anonymous has substantively hurt the case for amending the CFAA. Heavy criminal penalties are entirely appropriate for people who hack a Supreme Court Justice’s account and disclose personal secrets. But it’s not easy to redraft the CFAA so it reflects the difference between Swartz and the Anonymous hackers, at least not without relying on precisely the prosecutorial discretion that the Swartz prosecutors misused.

Finally, I wonder if this incident won’t affect the Supreme Court’s approach to cybercrime issues. As Frank Rizzo once said, a conservative is a liberal who’s been mugged. If that’s true, every time Anonymous mugs one of the Justices in cyberspace, it could be making the Court just a little less enthusiastic about limiting the tools the government uses to deter computer crime

Not that any of the justices have shown much enthusiasm up to now, but the alternative to bad isn't necessarily good. Things can always get worse.

The first indication that Anonymous made a left turn when it should have made a right was when it picked the United States Sentencing Commission website to show its might. Nobody noticed, because, well, nobody cares about the USSC anymore.

Had this happened a generation ago, it might have meant something. Yesterday, it likely evoked a chuckle and a face palm. Post Booker and some actual crack reforms, it was a big nothing.

So you guys can hack an outlier agency that has drifted into relative irrelevance. Got it. Have a nice day. The USSC is symbolic of nothing other than government bloat. The guidelines don't enable prosecutors to cheat citizens of their constitutionally guaranteed rights. Citizens do that to each other. We do it each time we elect a legislator who calls for tougher laws. We do it each time we demand the creation of a new crime because of the tragic death of a child. We do it whenever we elevate safety over freedom. And that's what Americans do...

By taking out the USSC website, you disturbed nothing while annoying the government. When the head of the FBI cybersecurity squad gets done laughing, he's going to find someone else to prosecute. It may not be one of you, but it will be someone, or more likely, a whole gang of people with computers. And they have guns. Pissing them off over nothing isn't effective. It's just begging for retaliation, and the government has no sense of humor (or irony).

With the advance in internet techonology, comes new grounds for protesting. Distributed denial-of-service (DDoS), is not any form of hacking in any way. It is the equivalent of repeatedly hitting the refresh button on a webpage. It is, in that way, no different than any "occupy" protest. Instead of a group of people standing outside a building to occupy the area, they are having their computer occupy a website to slow (or deny) service of that particular website for a short time.

"That's 100 percent confidence level, it's our data," [Blue Toad CEO Paul] DeHart said. "As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this.”

“It does raise questions,” he said. “I think people need to question what they see online, whether it comes from Anonymous or from a news organization or from a politician or from a corporation. You need to not take things at face value right away and jump straight to what you think it says. Somebody says, ‘Oh, this came from the FBI, everybody believes it. Well, let’s think about (it).”

"Anonymous had threatened earlier this week to release the data but was reportedly working to minimise potential harm to individual customers.The compromised data is suspected to be a 40 GB backup of an Adobe Cold Fusion database, accessed through a well-known vulnerability.

The threatened release of data appears to be in protest against Australia's proposed data retention regime, which would mandate ISPs to collect and hold transmission data from its users for up to two years.

One hacker told iTnews' sister publication SC Magazine that the data was stolen "to prove a lack of security at ISPs and telcos to properly protect the information" that would be stored under the Federal Government's data retention draft policies."

Apart from the fact that the fear of something is pretty meaningless (except to those who sell security, and those who want to pass bad laws), the details of the survey make it clear that this is entirely a matter of the hype around Anonymous:

61% believe that their organizations could suffer an attack by Anonymous, or other hacktivist groups.

Despite the utter sense of fear that Anonymous has created over the years, 62% were more worried about the actual method of attack, with malware accounting for the most cause for concern at 48%.

Only 11% of the respondents were concerned about one of Anonymous’ actual methods of attack – DDoS, while fears over SQL injections dipped to a measly 4%. Phishing was a concern for 17% of the respondents.

So, despite the fact that Anonymous apparently has them shaking in their boots, they know that their real vulnerability is malware—and that's not really Anonymous' game. The fear is manufactured.

What this survey calls attention to, though, is a fact that deserves more attention: under CISPA or a similar law, Anonymous would make a juicy target. Security companies and the government could collude and share data not only to strengthen their networks against attack, which would itself be perfectly reasonable, but also to identify and investigate Anonymous members, notwithstanding any other privacy laws. Regardless of how you feel about Anonymous' tactics, this should concern you: privacy rights and the 4th Amendment exist for a reason, and CISPA would wash them away online. The authors of the bill insist that it targets foreign entities, but it is arguably an even stronger weapon against domestic hacktivism that will inevitably be used and abused.

Seeing Anonymous primarily as a cybersecurity threat is like analyzing the breadth of the antiwar movement and 1960s counterculture by focusing only on the Weathermen. Anonymous is not an organization. It is an idea, a zeitgeist, coupled with a set of social and technical practices. Diffuse and leaderless, its driving force is “lulz” -- irreverence, playfulness, and spectacle. It is also a protest movement, inspiring action both on and off the Internet, that seeks to contest the abuse of power by governments and corporations and promote transparency in politics and business. Just as the antiwar movement had its bomb-throwing radicals, online hacktivists organizing under the banner of Anonymous sometimes cross the boundaries of legitimate protest. But a fearful overreaction to Anonymous poses a greater threat to freedom of expression, creativity, and innovation than any threat posed by the disruptions themselves.

The political nature of these targets demonstrates why it is patently wrong to see Anonymous purely as a cyberthreat. Opinions about the justifiability of any given attack may differ, either because of the target or because of its form. The main challenge becomes one of deciding who gets to set the boundaries of legitimate protest. If one unquestioningly accepts the validity of all U.S. government decisions, as well as the current distribution of power in the private sector, the pattern of Anonymous’ attacks seems unambiguously dangerous. But surely there must be a place for civil disobedience and protest that is sufficiently disruptive to rouse people from complacence. Viewing Anonymous purely as a matter of crime reduction or national security will lead governments to suppress it and ignore any countervailing considerations. A more appropriate, balanced response to Anonymous’ attacks would err on the side of absorbing damage and making the hacks’ targets resilient, rather than aggressively surveilling and prosecuting the network and its participants.

The Committee's proposals would make it a criminal offence to conduct cyber attacks on computer systems. Individuals would face at least two years in jail if served with the maximum penalty for the offence.

A maximum penalty of at least five years in jail could apply if "aggravating circumstances" or "considerable damage ... financial costs or loss of financial data" occurred, the Parliament said in a statement.

One aggravating circumstance in which the heavier penalty could be levied is if an individual uses 'botnet' tools "specifically designed for large-scale attacks". Considerable damage may be said to have occurred through the disruption of system services, according to plans disclosed by the Parliament.

Why would Anons shut off a power grid? There are ppl on life support / other vital services that rely on it. Try again NSA. #FearMongering

A stateless group like Anonymous doesn’t yet have that capability, officials say. But if the group’s members around the world developed or acquired it, an attack on the power grid would become far more likely, according to cybersecurity experts.

Shorter version: Anonymous doesn’t have the power to attack the grid, but if they were able to get it someday, then they would have it. Got it.

• That baseball player doesn't yet have the capability to hit a baseball thrown by a pitcher, officials say. But, if he somehow developed or acquired it, his likelihood of being able to play baseball effectively would become far more likely, according to sports experts.
• An infant doesn't yet have the capability to drive, officials say. But, if toddlers around the world develop or acquire it, automobile accidents would become far more likely, according to automotive experts.
• Prisoners don't yet have the capability to shoot each other, officials say. But, if inmates around the world developed or acquired it, gunfights in prison would become far more likely, according to anger management experts.
• Techdirt readers don't yet have the capability to make clueless government officials get transferred to jobs washing toilets, officials say. But, if the community there develops or acquires it, dumb politicians being out of work would become far more likely, according to political pundits.

Unfortunately, some groups believe that speech or ideas that they disagree with should be silenced. This could not be more wrong. No matter the point of view, everyone has a right to be heard.

The motion picture and television industry has always been a strong supporter of free speech. We strongly condemn any attempts to silence any groups or individuals.

The Internet is home to creativity, innovation and free speech. We want to keep it that way. Protecting copyrights and protecting free speech go hand in hand."

The birthplace of Anonymous is a website called 4chan founded in 2003, that developed an “anything goes” random section known as the /b/ board. 4chan itself comes from a Japanese-language predecessor called 2chan, founded in 2001. Before that, the lulz and hacker pranking was alive and well in old-school IRC chat rooms, EFnet, and the 1990s hacker scene.

But if you’re going back that far, add as influences Mondo 2000, and publications like RE/Search, and a billion shitty zines that were dead by 1996. But those all came from something, too.

Hacker culture, and almost all of computer culture back in the day is shot through with the Discordian edge of 1960/1970s counter-culture and Robert Anton Wilson and Robert Shea’s Illuminatus. So from there it’s the yippies, Andy Kaufmann, and the Situationists we need to first comprehend. Or do we head back to early 20th century absurdists of Dada? Or maybe we venture all the way to that olde booke of epic trolling lulze, Tristram Shandy?

We’re all the way to 1759 now.

Perhaps this means the 1960s Discordians are right, and there’s a Ha Ha Only Serious giggle that is cosmic in nature. That there is a part of reality, a force of physics, that is actually a Fundamental Sense of Humor. But the gravity we deal with can only be explained to an even larger amount of Dark Humor, woven into the fabric of the universe.

The revered French Resistance in action 70 years ago. Today, certainly, these heroes might need to comment and blog anonymously. However, lawyers, shoe store managers, Tulane grad students, accountants, and other country club Charlies haven't earned that privilege.

Absent compelling reasons, nameless blogosphere participants, in our view, are rarely worth anyone's time, thought, or respect--even when they think and say brilliant things... They are second-class citizens. They say third-rate things. Certainly, they have no incentive to exceed below-average...

It doesn't take much thought or courage to lob one in there when you don't sign your name. Our new digital culture permits a certain accepted wimpiness to masquerade as needed "privacy" and personal "style". But it's a ruse. Most of us can do better than that. Don't buy into nameless blogging and commenting (or participation through pseudonyms) unless it's deserved.

As Walter Lippmann once reminded us, "cowardice" is a strong word, and you don't throw it around. We dislike using it. It implies a certain moral superiority of the user (which the writers of this blog would never claim, and do not wish to achieve). It generally furthers no discussions, and justifiably puts people on the defensive. But that word, unfortunately, may fit here.

Check out the anonymous haters, nameless "experts" and scores of prissy pundits and lemmings who won't sign their real name to their rants and indictments. (We don't know how much David Lat is paying editor Elie Mystal these days, but it's not enough. Mystal is a mensch, soldier, hero and lightning rod who is often himself targeted for abuse.)

“There’s no such thing as a DDoS ‘attack’,” Leiderman said. “A DDoS is a protest, it’s a digital sit in. It is no different than physically occupying a space. It’s not a crime, it’s speech.”

Leiderman said the crimes shouldn’t be prosecuted at all. “Nothing was malicious, there was no malware, no Trojans. This was merely a digital sit in. It is no different from occupying the Woolworth’s lunch counter in the civil rights era.”

"I think this is a political persecution, end of story," Cohen said. "This administration wants to send a message to those who would register their opposition: 'you come after us, we're going to come after you.' That's what has happened in the Eric Holder Department of Justice."

"When Obama orders supporters to inundate the switchboards of Congress, that's good politics, when a bunch of kids decide to send a political message with roots going back to the civil rights movement and the revolution, it's something else," Cohen told TPM, stipulating that he was not indicating that his client was even involved. "Barack Obama urged people to shutdown the switchboard, he's not indicted."

Peter David-Gibson, aged 20 from Hartlepool, who went by the online nickname “Peter”