SAN FRANCISCO, 22nd April 2014, (SPNW) - The U.S. Federal Bureau of Investigation has refused to comment on a recent incident in which the e-mail addresses of an estimated 6,200 Disqus users were matched to real people by a group of activists. The leaked data were subsequently used by the Swedish tabloid Expressen to hunt down and confront assumedly anonymous users about their online comments and political views- sometimes in front of cameras at their places of residence. One of the foremost experts on cybercrime in the United States defines the Swedish data exploit that targeted the U.S. company in a way that makes it very unlikely to be seen as "white hat".
Dr. William Tafoya a professor of national security at the University of New Haven and a retired FBI special agent famous for having been the first to accurately profile Unabomber Ted Kaczynski first learned of the incident in December 2013.
In a written statement to SPNW, Dr. Tafoya pointed out the distinction between "white hat" computer vulnerability testing and "black hat" exploitation of security faults- a crime in the United States- which he says actual victims could report to the Attorney General or to the FBI in San Francisco.
The skills needed by "white hat" information system hackers are the same as those used by malicious entities. The motives or reasons for the exploit or "crack" distinguish innocent testing of vulnerabilities and subsequent reporting of those security weaknesses from "black hat" malicious individuals or groups that use the vulnerability for their own purposes.
"Black hats' motivation is money, retribution for perceived umbrage, vigilantism. Anonymous and Lulzsec were both regarded as the latter. Most are in prison", Dr. Tafoya wrote.
He also referred to U.S. laws and explained, "Intrusion would be an unauthorized access in the U.S. which would be a criminal violation in the U.S. One must have legitimate, authorization to access any information system. Both access and authorization are required."
Joshua Eaton, spokesperson for the United States Attorney in San Francisco, told SPNW Newswire that he is unable to comment as to whether the case has been referred by the FBI to that office.
Laura DiDio a former CNN New York reporter and an investigative journalism veteran with over thirty years of experience suspects that the Swedish tabloid Expressen may have crossed the line for what can be considered ethical journalism by obtaining and using the leaked Disqus data. "That type of scenario is 'dicey'. And it's a very slippery slope once you start bending the rules", DiDio said in an interview with SPNW Newswire last week.
She explained, "The Internet has made it much easier to blur the lines of demarcation and it's very tempting for some to just ignore things like privacy and hack into someone's system or personal information. Reporters must also vet and validate their sources and the source material. Are the sources reliable and is the data reliable? There is a lot of misinformation and inaccurate, erroneous data on the Internet, so a reporter should never accept the first thing they see as fact."
The editor in chief of the Swedish tabloid Expressen Thomas Mattsson responded to potential criticism in an interview for his own newspaper on 13th December 2013.
In that interview he stated, "We're talking about 55,000 user accounts here, but Expressen has only exposed the identities of some 15 users, precisely as we and any other media house would try to take a closer look at the small central group of leaders, if some 55,000 masked demonstrators marched through the streets of Stockholm with the same kinds of comments on their banners."
In the same interview Mattsson denied that his newspaper is involved in assembling a registry of individuals with outlawed political views. An entry from his personal blog at Expressen explains however that the leaked data and comments would be used as "unique raw data for studying Internet hate speech", particularly those comments that criticize or threaten mainstream Swedish media personalities.
Mattsson also admits in several of his blog posts and news articles that Expressen cooperated with the activists who exploited the Disqus security weakness.
Sources | SPNW