Man Temporarily Nukes Five News Websites, Walks Away With Less Prison Time Than Matthew Keys, Who Attacked ZERO Websites
from the [shrug-emoji] dept
So, if someone can be sentenced to two years in prison for 40 minutes of newspaper website defacement performed by a party other than himself, it stands to reason someone who took down five websites would be looking at a minimum of ten years in jail.
Welcome to the hilarious and tragic world of CFAA-related sentencing. Matthew Keys was hit with a two-year sentence for supposedly sharing his login password (something Keys has steadfastly denied doing), an act that resulted in someone else subjecting the L.A. Times website to a 40-minute inconvenience. The momentary vandalism of the site's landing page suggested Congressional representatives were being pressured to elect CHIPPY 1337. No. Seriously. That was the extent of the "damage."
Once the DOJ decided this was worth pursuing under the CFAA, internal L.A. Times' emails regarding the "hack" suddenly cost $225/each to create. The feds wanted five years but settled for two. And while Matthew Keys served his sentence, no one in the federal government made any effort to locate the person who actually performed the website defacement.
A more serious hacking -- one that resulted in five news websites being completely unreachable for a short period of time -- has netted the "hacker" involved with a very lenient sentence.
The 36-year-old man who hacked and temporarily shut down Palo Alto Online and other Embarcadero Media websites nearly four years ago was sentenced Wednesday in San Jose federal court to time already served, one-year of home incarceration with electronic monitoring, three years of supervised release and $27,130 in restitution to the company.
Ross Colby was indicted on April 6, 2017, following an investigation by the Federal Bureau of Investigation of the Sept. 17, 2015, crime, which took down five news sites owned and operated by Palo Alto-based Embarcadero Media: Palo Alto Online, Mountain View Online, Almanac Online, PleasantonWeekly.com and DanvilleSanRamon.com.
Colby was convicted of all charges, but will only be serving zero years. The six months he spent in jail prior to his trial will be all the time he's required. Colby claimed -- during an interview with the FBI -- to have performed the hack at the request of a Menlo Park resident (Hiruy Amanuel) who wished to have stories about him removed from the websites. Amanuel, currently located in Ethiopia, denies he asked Colby to hack the sites.
Like in the Keys' case, the end result was a temporary defacement. But this hack also made the sites' content unreachable by readers. The temporary damage Colby caused was far more significant than the minor prank pulled by someone (not Matthew Keys!) with Keys' login info.
Colby deleted the content of all of Embarcadero's websites and replaced it with an image of Guy Fawkes, the icon of the activist group Anonymous, and posted a message stating: "Greetings, this site has been hacked. Embarcadero Media Group (Alamanac) (sic) has failed to remove content that has been harmful to the wellbeing and safety of others. Failure to honor all requests to remove content will lead to the permanent shutdown of all Embarcadero Media websites." Each website's URL was replaced with the text "Unbalanced journalism for profit at the cost of human right, Brought to you by the Almanac."
So, why the disparity in sentencing? Well, it boils down to several things, starting with the law itself. The law is broad and vague and can be beaten to fit/painted to match almost any "unauthorized access."
Furthermore, CFAA charges are confounding for juries, judges… even the DOJ itself. It's tough to assess the actual damages of a website defacement, so the DOJ relies on the aggrieved party, which has every motivation to portray momentary inconveniences as internet apocalypses. Meanwhile, judges and juries get swamped in techno-jargon, with no one to lead them in the promised land of "laymen's terms" but the prosecution.
In Colby's case, a couple of attempts to get him perceived as incapable of standing trial tried the court's patience, as did Colby's hiding of a recording of his interview with the FBI. And yet, he got less time than Keys did for a more serious attack on multiple websites -- one Colby actually performed, rather than farmed out to a willing miscreant.
Because the law makes so little sense, the outcomes will be nonsensical. The only hope is a complete rewriting of the law -- one that takes charging security researchers and internet jokesters out of the equation. The government may claim harsh sentences are needed to act as a deterrent, but this assertion makes no sense when it showed zero interest in finding the person who actually defaced a Tribune website with borrowed credentials.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cfaa, hacking, hiruy amanuel, matthew keys, news websites, ross colby
Companies: palo alto online
Reader Comments
Subscribe: RSS
View by: Time | Thread
The Supreme Court is wrong! Cabbage law is HIGHER than the supreme court and the corps exist ONLY BECAUSE the public says they exit AND PUB......
...who the hell am I kidding, I can't even Poe this stuff with out holding back a little bit of vomit while I am simultaneously laughing.
[ link to this | view in chronology ]
Re: Lood Gord! "AC" with off-topic drivel, I suppose aimed at me
THIS is what Techdirt has loads of. Ankle-biters snarling and snapping, encouraged by Delta Dog Masnick, who at same time tries to suppress all reasonable argument.
By the way, take a couple of those links and note the decline in quantity and quality of comments since 2016.
[ link to this | view in chronology ]
You say that as if you don’t insult everyone who isn’t your ideological mirror. Now shut the hell up while the grown folks are talking.
[ link to this | view in chronology ]
Six months in jail is NOT "ZERO" years, it's HALF A YEAR.
And with that, it's close enough to proportional.
Why do you clowns always find it necessary to slant your notions so much as to LIE about a fact immediately evident?
The obvious answer is that you hate CFAA so much that you pretty literally go insane soon as see.
My advice is to stay far away from "hacking" because all the sympathy you're likely to get is Techdirt minions using it for ineffectual whining against "The Law".
[ link to this | view in chronology ]
Yes-or-no question: Do you believe Ross Colby should have received a harsher sentence than Matthew Keys?
[ link to this | view in chronology ]
Re: Six months in jail is NOT "ZERO" years, it's HALF A YEAR.
No. I state that it's about proportional. If I recall correctly, Keys made trouble after the fact, with threats to FBI (was that the one), and Colby may have caved, shown "remorse", and so on.
Now, you: are YOU more qualified to judge the case than the judge in the case even without knowing all details? If yes, exhibit your bona fides.
[ link to this | view in chronology ]
So what? Keys committed a lesser offense than Colby — hell, Keys didn’t even commit the actual defacement he was charged with. For what reason should Colby’s much greater offense have received a lighter sentence?
From a legal system standpoint? No. But I’m allowed my opinions all the same, just like you. If’n you don’t like that, userscripts exist to take care of that issue for you.
[ link to this | view in chronology ]
Re: SO, I stated what matters in a court, and you just ignore:
Stymied with reason, you go off on aggressive irrelevance.
Plainly I don't, because you're a major hoot here.
Now, I'm not going to indulge you more here. Answered twice and you've no substance.
[ link to this | view in chronology ]
What reason? Keys committed a far lesser offense than Colby. For what reason, based only on the extent of the offenses committed, should Colby have received a lighter sentence?
You’re not Rowlet, boy.
Spoken like a true coward.
[ link to this | view in chronology ]
Re: Re: Six months in jail is NOT "ZERO" years, it's HALF A YEAR
You recall incorrectly. You’re thinking of Barrett Brown.
[ link to this | view in chronology ]
And we wonder why respect for the 'system' is racing to new lows.
Shoot an unarmed man while a cop - 3 days desk duty.
Shoot an unarmed man while a citizen - murder most foul!
The law is a weapon wielded against those without the power to fight back, because while the law says they get a defense... well a whole 5 minutes glancing at a file is enough.
[ link to this | view in chronology ]
Re:
It's the breaking into a computer system that's the crime, btw.
[ link to this | view in chronology ]
Re: Re:
Really? Cause thats been used as a fig leaf by all sorts of unsavory people.
Prenda claimed their computers were hacked stealing account information for a service that didn't exist. (Which was a rehash of the earlier scam run for an actual client who was never hacked despite the lawsuits predicated on those facts.)
The FBI is breaking into computers all over the world with their NIT as they ran a HUGE Child Porn website.
Dude gave some credentials to other people, some website got defaced by OTHER PEOPLE for a hot minute... JAIL FOREVER!!!!!!!!
Dude took out 4 websites for a longer period of time, oh here have a cookie.
DoJ lawyer told a jury reasonable doubt wasn't a big deal in closing in a case where they tried to hold innocent people responsible for the actions of others.
Well no one had ever raped a handcuffed suspect while wearing a pink condom you get the QI.
We railroaded you to jail for a crime you didn't commit but because you had a felony beforehand we no longer owe you anything for all of those years we stole from you.
You had a single rock of crack cocaine, jail for life.
You had 12x the amount of powder cocaine, enjoy your weekend in club fed.
[ link to this | view in chronology ]
Wow, sympathy for hackers...so surprising.
[ link to this | view in chronology ]
Wow, criticising others for their display of humanity. So surprising.
[ link to this | view in chronology ]
the difference being the DoJ can target whomsoever they like and encourage the most ridiculous punishments for the most simple of 'crimes', simply because they can! in any other country, one that is not of the 'free world' order, that would be condemned by the likes of the USA, but as it is us that's doing it, it's all good and fine!
[ link to this | view in chronology ]
Breaking into a computer system should not be a crime.
Letting you computer system get broken into should be the real crime.
How about giving someone a reward for pointing out a security flaw?
[ link to this | view in chronology ]
Re:
Rewarded with years of free room & board
[ link to this | view in chronology ]
'Look, if you're not rich we just don't really care...'
The difference is that Keys (indirectly) made the L.A. Times, a major newspaper, look bad, whereas Colby 'only' made a handful of smaller newspapers look bad. The crime wasn't the hack, it was making a powerful company look bad, and as such of course Keys got the hammer while Colby got the silk glove, one target was large and rich, the other batch of targets wasn't.
[ link to this | view in chronology ]
of course you did ross why wouldn't you have got a lesser sentence!
25N - 31E Lower D!!!
[ link to this | view in chronology ]
AM coast to coast
This guy comes in and N he builds a WWII radio out of a razerblade and pencil led n commissary items. It was unreal.
SRJ 4 - A thru F
[ link to this | view in chronology ]