
Pirate Bay founder Gottfrid Warg faces lengthy jail term - pmalynin
http://bbc.com/news/technology-29832318
======
mixmax
The courtcase has been followed closely by the Danish media, especially the
tech-savvy version2.dk that has had a reporter in the courtroom every day of
the trial. It has caused quite a stir as all sorts of problems with CSC, the
prosecutor and police investigation came to light during the hearings. Some
highlights:

\- CSC, that handles a large part of Danish infrastructure including social
security numbers, police backend, etc. has dismal security. They don't even
update their software as security patches become available. Warg had access to
their mainframe for 9 months without them having a clue about it. The only
reason they found out was because the Swedish police called them and told
them.

\- username/password pairs for CSC's server were readily available on one of
their subsites(!)

\- Warg turned off the logs on the CSC mainframe, and they didn't notice. It
appears that logs were turned off for months. As a result CSC doesn't know
whether data has been altered. We're talking about all police systems, social
security systems, and more.

\- The police have not had their own investigative team at CSC, and haven't
looked at the technical evidence. This has been done by CSC, which is an
obvious problem.

\- The Danish police was contacted by Swedish police three times during 2012
because the evidence from a Swedish case turned up files from CSC, and the
Danish police didn't respond as they apparently didn't find the information
important. During the courtcase the Danish police's chief IT investigator was
caught lying about this.

\- The prosecutor and judge were clueless, bordering on the hilarious, about
technical issues. For instance the prosecutor refused to acknowledge that
other user accounts except Wargs existed on the computer (there were 5
accounts), tried to paint putty as a hacking tool that only criminals would
use, tried to establish Jacob Applebaum and Warg as friends because Applebaum
retweeted one of Wargs tweets (only friends do that!), etc. etc.

These are just the highlights...

~~~
lucb1e
> tried to establish Jacob Applebaum and Warg as friends because Applebaum
> retweeted one of Wargs tweets (only friends do that!)

I understand the ignorance displayed by the judge here, but did the judge also
see being Applebaum's friend as a bad thing?

~~~
mixmax
Applebaum was an expert witness called in to testify on how a computer could
be remote controlled, and the prosecutor tried to have him dismissed based on
the retweet. He ended up testifying, so I guess the attempt wasn't successful.

~~~
rayiner
I don't think that's a technically ignorant argument for a prosecutor to make.
There's certainly a factual inference that could (but does not necessarily
have to be drawn) between retweeting and being friends. Especially in the
context of getting someone disqualified based on conflict of interest.

~~~
lucb1e
There are many people I retweet whom I have no connection to whatsoever. I
like what they wrote and I think it's relevant to or interesting for my
followers.

~~~
netcan
There may also be people you had a drink with to whom I have no connection to
whatsoever. It's not disqualifying but it is a piece of information.

~~~
TheCraiggers
Generally, information that has absolutely no merit in a court case isn't
allowed in the courtroom because (I presume) it can subconsciously alter a
person's judgement of the proceedings.

Assuming a retweet is the full extent of their "friendship", this is the real-
world equivalent of dismissing an expert witness because the defendant quoted
them in a paper once.

~~~
netcan
This is actually kind of interesting.

Something like a tweet is context dependent. Some people tweet mostly to their
friends and a lot of retweets _are_ in fact indicative of a personal
relationship. It will often be easy to estimate for a twitter user, but very
hard to make objective enough to work as evidence in court.

Do they have just 12 or 12000 followers? Are they tweeting personal tidbits or
politics & jokes? etc. These things can add up to an very informed guess.

~~~
rayiner
In the U.S. The admissibility of evidence is based on relevance.[1] The modern
formulation asks: does consideration of a piece of evidence increase or
decrease the probability of some material fact being true?

A retweet is certainly relevant. The evidence makes it more likely that two
people are friends than the baseline where there is no retweet.

[1]
[http://en.m.wikipedia.org/wiki/Evidence_under_Bayes_theorem](http://en.m.wikipedia.org/wiki/Evidence_under_Bayes_theorem)

------
jlouis
Random guesses from a Dane about tomorrow where the length of the sentence is
to be determined. You can come back in 24 hours and vote based on the real
outcome of a couple of these points, hehe:

\- Anakata will get a sentence somewhere in the upper middle. My guess is 4-5
years of which he has already served some.

\- JT will get a somewhat mild sentence of nothing higher than 1 year. The
case against him is pretty weak, compared to Anakata.

\- The case will almost instantly be appealed by Anakata.

\- JT may not want to appeal if the sentence is somewhere in the middle of the
2 years window. The reason is the extra jail time he has served will be
compensated by the state and the state might be seeking a sentence in the
middle to "encourage" him not to appeal. Appealing might increase the sentence
and you would be paid less.

The case might go all the way to højestreret, which is the highest court in
Denmark. There is also a chance the case could end up in ECHR (European Court
of Human Rights), though I feel that chance is slighter. It would depend on
the sentence of JT. If it ends up being a conditional sentence, then the jail
time he has served is definitely going to have been unfair. As for Anakata, it
is a bit more bleak I feel, since the argument of flight from the country
applies, like it did in Sweden.

What is _really_ likely to push this to ECHR however, is the inhumane
isolation jail treatment and harsh conditions they've both received. It is not
at all clear in any way to me why they satisfied the criterion for that at
all.

~~~
olau
In case anyone's interested: You've got it mostly right. Warg was sentenced to
3.5 years. The sentence was appealed on the spot, but they're not going to
release him as they think it's likely he's going to flee the country.

JT was sentenced to 6 months, so he's entitled to compensation.

Source: [http://www.version2.dk/artikel/tre-et-halvt-aars-faengsel-
ti...](http://www.version2.dk/artikel/tre-et-halvt-aars-faengsel-til-
hackerdoemt-svensker-anker-paa-stedet-70386)

------
jMyles
Although the details of this story are interesting and compelling, my initial
read of this story left me thinking, "Six years is lengthy, eh? I don't think
that's considered 'lengthy' in the USA."

Our prison system terrifies me.

~~~
rtpg
I would not wish a prison sentence on my (personal) worst enemies. Locking
someone up for years should be an absolute last resort. I can't really imagine
a worse thing than essentially becoming a slave to some prison for years. No
freedom.

This is the main issue I have with "jail the bankers!" narratives: Just take
away their money, putting them in jail doesn't accomplish anything.

This seems to be a big issue with American mentality in particular though.
Such a big thirst for vengeance.

~~~
tmmm
If there was no jail time, then everyone would try to do that (What could be
the worst scenario - just losing all your stolen money). That wouldn't work.

~~~
newaccountfool
> If there was no jail time, then everyone would try to do that

Really? Have you any studies to back that up or did you just extract it from
your arse?

~~~
coldtea
Do you have studies to back up the fact that you just questioned what he said?

Seriously, this "do you have studies" BS is getting out of hand. He made an
argument (which btw includes more context than what you quoted), and stated
his opinion of what would happen in a hypothetical situation. And it's also
obvious to everyone who has ever casually conversed that "everyone" in this
context means "many people", not literally everyone.

You can disagree and say "That's not what's going to happen because ...", or
even "Study such and such shows that this not necessarily happens...".

Asking for studies to back up his thinking is BS. This is not some peer
reviewed journal, nor is he writing a thesis. This is a simple conversation.
And even if he gave 4-5 studies there would be absolutely no guarantees that
those studies aren't crap, aren't invalidated by subsequent studies, aren't
only describing what works in some specific cultural context, etc.

This is sociology and human behavior, not physics or math to have some be all
end all studies answering specific questions.

------
grecy
I find it hard to believe that a guy as smart as Gottfrid would "hack" a
government computer in 2012 when he's obviously extremely aware of the
magnifying glass that's on him from governments and companies all over the
world.

> _the pair downloaded police and social security files._

What exactly are those? and what would he even want them for?

> _In a separate trial in 2013, Mr Warg and accomplice were found guilty of
> breaking into the computer systems of computer services firm Logica, which
> was doing work for Sweden 's tax office and a bank._

Again, why would he hack into a bank knowing so many eyes are on him?

~~~
tptacek
That's a reasonable concern to have, but it's worth being aware that it's the
exact same concern people had about Hans Reiser. Intelligence and judgement
are orthogonal, and sometimes even in slight opposition.

If you want to consider a different perspective: I'm an example of someone who
does not have a hard time understand how someone who has enjoyed the rush of
getting over on the entire media industry from behind a computer screen might
find it harmless or at least personally safe to hack into some dumb server on
the Internet and read documents off it.

I've been a pentester for the last 10 years and in my experience, taking
advantage of the knowledge of how to break into an application is an urge that
takes some energy to suppress.

~~~
jacquesm
The local police force here has a test to see if you 'have what it takes' to
be a part of their cyber security squad or whatever they call it. On a lark I
took part in it (the test was pretty simple, at least, that's what I thought).
After taking the test (and knowing full well I had no intention to follow
through on applying for a job with them, I just can't look at puzzles without
getting this itch to solve them) I realized I may have just given out some
information that I had better keep to myself, which is to advertise a
capability.

Having a capability and advertising it is already stupid in my book, and more
the fool I am I slipped up there. But having such a capability, subsequently
approaching machines that you have no permission for, repeatedly attempting to
gain access, succeeding at that and then to actually retrieve data that you
have no right to when you're already in a position of extreme suspicion with
the authorities to me borders on the insane. I really can't understand even
for one second why someone as gifted as this would act in this way, it is
something I've been wondering about with a lot of these so called hackers.
What drives them to do this, obviously the downsides of successfully showing
off their skill end up in a head-on collision with forces they can't possibly
hope to defeat.

It's all fun and games until the SWAT team arrives.

Have there been any studies on the psychology of people that are
pathologically drawn to breaking in to other people's computer systems?

~~~
tptacek
Easy: breaking into computers is very, very fun, and when something feels like
a game, it's easy to treat it that way.

If you have a hard time believing anyone would do something like this, look at
the 1990s: we got a book practically every year about one hacking group or
another breaking into phone switches, credit reporting agencies, government
and military networks, and financial institutions. If you can do it, and
you're unlikely to get caught --- and _you are very unlikely to ever get
caught_ \--- why not? Plenty of smart people did stuff like this. Plenty of
them.

The most interesting stories from that era did not get written up. Kevin
Mitnick didn't write the TCP sequencer. Kevin Mitnick couldn't sequence an
ordered array of integers if it was #defined for him in advance.

~~~
jacquesm
> Plenty of smart people did stuff like this.

I know, I know a couple of them. I just don't understand them. Why cross that
line? Why risk jail, your career, a whole pile of hardship? The real life
consequences is what I'm wondering about, it's as if there is some kind of
disconnect there between action and subsequent consequences.

If it is only because it is 'unlikely that you're ever going to get caught'
then that's a gamblers argument. (I don't understand gamblers either, so that
might be an explanation right there.)

~~~
tripzilch
> Why cross that line? Why risk jail, your career, a whole pile of hardship?

I think part of it is age, maybe. Or rather life-experience, if you will.

I remember back in my early 20s what always stopped me was basic paranoia
about getting caught. But that's just how I'm wired personally (and I was
probably slightly irrational about the odds). I love breaking, bending and
toying with the rules, but too chicken to pull through if it involved anything
more serious than a silly prank on friends.

Nowadays (mid-30s), the first thing that stops me is a much more solid sense
of what's right and wrong. I prefer it that way, because unlike fear of
getting caught, it's a much more solid foundation to depend on.

------
hoozters
Wow.. so in Sweden he first got 2 years, reduced to one. Imagine that being in
the united states. What, 25 to life? Just saying, it's interesting how this
concept of "justice" is treated so subjectively depending on where on this
planet you are located. Nothing new under the sun, but still.

~~~
fleitz
Yeah, it's pretty scary to live in countries that have higher incarceration
rates than China, Russia, or North Korea.

They hand out 25 year sentences like candy.

~~~
pmalynin
"North Korea"

Citation please.

~~~
Sammi
31 sources on this article:
[http://en.wikipedia.org/wiki/Prisons_in_North_Korea](http://en.wikipedia.org/wiki/Prisons_in_North_Korea)

Though I don't see anything definite on prison rates. Hard to get precise info
out of N Korea. This absolute dismal circumstances the prisoners suffer is
clear though.

------
acd
I think the long isolation by the Danish and Swedish state of Svartholm has
been inhumane.

[http://www.wired.co.uk/news/archive/2013-04/18/social-
animal...](http://www.wired.co.uk/news/archive/2013-04/18/social-animals-life-
expectancy)

------
contingencies
This is the part where I make a long statement urging apolitical youth to give
a shit. Facts first.

CSC is a core part of the military industrial complex. They make mass
surveillance databases and military systems and are active globally.

Gottfrid pissed off the both the MPAA and the US military/government. Look
what they did to kimdotcom in total violation of law ... the NZ PM had to
apologise personally. Gottfrid was illegally extradited from Cambodia. We're
yet to see any evidence to the contrary, despite claims his visa was up
apparently it wasn't, and this sort of put-on-plane-back-home treatment is not
normal.. also, a fat Swedish aid package to Cambodia went through just after
his extradition.

Gottfrid's mother is an academic and has documented the strange behaviour of
her own (Swedish) government around his arrest and treatment.

Denmark is a place where it's almost impossible to use cash, where the ex-king
kept a harem (it's now a bakery/hotel: I stayed in it), and where the
authorities don't need a warrant to track your phone's location over the last
year.

The accusation is that, sitting in Cambodia, Gottfrid broke in to some
computers for no apparent reason causing zero harm. The reality is that he was
mistreated against any notion of personal rights, dragged halfway around the
world and locked up in solitary confinement which is generally considered
torture under UN definitions. He has been passed from state to state being
mistreated. There is still no proof he did anything wrong or harmed anyone.
However, there seems to be evidence he helped Assange decrypt the embarassing
US military video 'collateral damage'.

The only thing I conclude from this ruling is that the west in general is only
a downward spiral in to totalitarianism, and that there is now an inter-state,
overt attempt to suppress resistance (Assange, Dotcom, Anakata, etc.) with
extreme media coverage to try to influence the rest of us.

Where are we to go? How are we to resist? There is the west and its fall-in-
line economic treadmill, or the hinterlands and their available extra-judicial
means of extradition (ala Anakata) or oppression. Assange's warning about a
transnational dystopia seems ever-more pertinent. You know what I think after
having met him? Anakata was trying to understand what's going on in Europe and
the world at large, and his heart was in the right place. It fits with his
character. After all, his mother is an academic, he was raised to ask
questions.

Those who question are unjustly treated... the system is the problem. We can
use the internet to create change. Don't let cryptocurrency abort as a foetus:
it's being regulator-challenged to death. Don't let nominal democracy convince
you to be placid. Ask your own questions, force some coverage for your
discoveries, and change the world. Do it for Gottfrid.

~~~
erk_
>ex-king kept a harem (it's now a bakery/hotel: I stayed in it)

what ex-king are you talking about?

>and where the authorities don't need a warrant to track your phone's location
over the last year.

not anymore the EU court said in April that it was illegal[0]

[0][http://www.b.dk/tech/kaempe-overvaagning-af-danskerne-
kendt-...](http://www.b.dk/tech/kaempe-overvaagning-af-danskerne-kendt-
ugyldig#)! (in danish)

------
tonylemesmer
nitpick: headline slightly misleading as the crime isn't related to Pirate Bay
other than its the same guy.

------
jimrandomh
> Defence lawyers said although the hack attacks were carried out using a
> computer owned by Mr Warg, he was not the person that used it to steal the
> files. Instead, they said, an unnamed hacker took over this machine and used
> it to carry out the attacks.

Given the circumstances, this claim seems obviously true. People who break
into computers usually use broken-into computers as proxies.

~~~
tptacek
Are you familiar with the evidence the court considered? Is it instead the
case that you'd have a hard time convicting anyone of hacking-related crimes
under any circumstances because of the possibility that someone else might
have been pulling the strings?

Often when cases like this are reported, the evidentiary details don't make it
into the story. It's easy to understand why someone would have a problem with
a conviction when all the information they have is the BBC's 10,000ft summary.

What's worse is, that 10,000ft summary can bias you by framing the whole story
in your mind. You're skeptical right off the bat. That's probably always
healthy! But it's good to know how your mind is being primed to digest new
information, too.

Obviously, sometimes you get the details and the case doesn't get less murky.
The Aurenheimer case is an example; I don't have a clue what to think about
it, and would like to think that whatever my prejudices are, I'd have been a
not-guilty vote in a jury based on that doubt.

~~~
zz1
Is it enough to be skeptical about the trial to know that prosecutors
installed software on the piece of evidence without informing anyone?

~~~
tptacek
You don't need an excuse to be skeptical. Skepticism is healthy.

