
Hacker Claims Feds Hit Him with 44 Felonies When He Refused to Be an FBI Spy - ghosh
http://www.wired.com/2015/02/hacker-claims-feds-hit-44-felonies-refused-fbi-spy/
======
will_brown
This reminds me of a The Florida case of Rachel Hoffman [1]. In short Rachel
was arrested for marijuana (and 4 ecstasy pills), and flipped as a CI in a
sting requiring here to buy ounces of cocaine, ecstasy and a gun. Rachel
disappeared during the sting under watch of LEO and found murdered. It is
similar to charging a "hacker" for scanning websites and cyberstalking (I
don't know all the charges) then asking that hacker to obtain information on
drug cartels and politicians, it is dangerous and unrelated to the underlying
crime. At least in Florida as a result of Hoffman we have enacted Rachel's law
to protect people in such a situation in the future (but it does not outlaw
CIs totally just gives them protection, such as training for officers and
right to a lawyer).

[1]
[http://en.m.wikipedia.org/wiki/Rachel_Hoffman](http://en.m.wikipedia.org/wiki/Rachel_Hoffman)

~~~
orclev
I remember reading about this case around the time the charges were originally
filed and those are pretty much the charges. The guy ran nmap (or equivalent)
on the website, and submitted some attempts at SQL injections in a few forms.
That was pretty much the entirety of his "hacking". Honestly what he got on
the plea bargain is at the far end of what I'd consider appropriate for what
he did. Something like a small fine, say $500 and a "don't do that again"
would probably be more appropriate honestly. Had he actually gotten somewhere
with the SQL injection, or actually gained access to something I'd say more
might be warrented.

FYI the 44 counts were arrived at by charging each form submission
individually, so it was really just 1 charge, just counted 44 times.

~~~
rayiner
I don't see any reason why attempting SQL injections on a few forms on the
County website should be treated any differently than trying a few ways to
pick the lock on a county building. Should the punishment for the latter
depend on the sophistication of the lock-picking techniques the intruder uses?

Web servers are other peoples' property, and there's no "right to tinker" with
them. All you have is an implied license to use the site in the way the owner
expects you to use it, the same as with a physical storefront.

~~~
orclev
Yes but there are degrees with these things. If you attempt to open a locked
door they don't charge you with armed robbery, even if that door has a sign
that says "employee's only". I'm not suggesting attempting a SQL injection
should just be ignored, but it should clearly be at worst a misdemeanor and
not a felony, about on par with trespassing in terms of severity. Now, if you
then use that SQL injection to steal protected data, gain further access, or
delete data, then yeah you're talking about moving into felony territory.

Web servers are other peoples property, but they're also a public space when
you open then up to the public by hosting public services on them. A private
server is different from a public server in the same way private property is
different from a public storefront. By making your server accessible to the
public you lose some of the expectations of privacy and implicitly allow a
certain degree of access.

~~~
rayiner
If you try to break into a building under the cover of darkness, you're going
to get hit with more than a trespass charge.

~~~
sillysaurus3
Would you mind explaining which charges you'd get hit with? As a non-laywer,
trespassing and entering (not breaking and entering, since you didn't break
anything) are the only charges that would make sense to me in that context.

~~~
mikeyouse
If the intent is there, then Attempted Burglary would be the charge in
California at least. Penal codes; 663, 459.

[http://law.onecle.com/california/penal/663.html](http://law.onecle.com/california/penal/663.html)

[http://law.onecle.com/california/penal/459.html](http://law.onecle.com/california/penal/459.html)

------
Htsthbjig
When I was a child I became a member of a cracking group of friends that
disassembled and broke protections just for fun(we did not share or sell our
cracks although we published info about how to do it).

The other day I met them again, now as an adults. It seems like one of the
members of the old group took the bait and now is working for secret services
or something shady. His life is miserable.

You start selling vulnerabilities for easy money and you could end badly.
Those entities have so much power and too few scruples.

~~~
driverdan
It doesn't always go bad. I worked for the Secret Service for two years as a
CI. At the end they screwed me out of a few hundred dollars but I also didn't
have to serve the eight years in prison I was facing. They never asked me to
rat on someone, I built up new online identities and trained them.

------
tantalor
The lead is buried in the _last_ paragraph,

> vindictive indictment after a refusal to cooperate... very troubling and
> very improper

How is this different than indicting first and then dropping charges after
obtaining cooperation? The threat is the same: work with us or go to jail.

~~~
benbou09
In this case, the charges were clearly bogus, and they were dropped in the end
(except for 1). It's not the same as facing a real conviction threat for
something you are clearly guilty of.

~~~
Fuxy
The treat of financial ruin is the same though. Regardless of how bogus the
charges may be lawyers are expensive and it's not like if 44 out of 45 charges
are bogus they need to pay 44/45 of the defendants attorneys fees.

This is just like throwing shit at the wall and seeing what sticks. It should
be illegal.

~~~
benbou09
I agree. The pro bono lawyer is the real good guy, here.

------
jmadsen
How stupid are the FBI?

Do they really want to bring someone "in the fold" in a coercive manner like
this? Someone who's entire ###existence### is about cracking systems and
spreading information on what they find? They want to invite him into their
own living room, knowing that he hates them and feels they screwed him?

The arrogance of these people to think they could actually manage and control
someone like him, and not get burned.

~~~
dhimes
Rumor has it that they have some experience turning people. The scary part is
that it may not be all that hard to manipulate people.

Now excuse me I have to go buy a Lenovo from Best Buy...

~~~
RemoteWorker
> Now excuse me I have to go buy a Lenovo from Best Buy...

What am I missing?

~~~
CapitalistCartr
Elsewhere on the HN front page is an article about Lenovo putting adware on
their computers, and Best Buy is notorious for their shady practices.

~~~
TeMPOraL
It's not just adware, it's a piece of crapware that defeats SSL on your
machine, allowing anyone to pretend that they're e.g. your bank.

------
therealunreal
All this and the six month sentence just for "repeatedly scanning the local
Hidalgo County website for vulnerabilities"? Scanning?

~~~
adventured
It's selective enforcement based on who he is and his associations. That is,
they were being opportunistic. Whether that was to send a message or
otherwise. It's also possible they were tracking his activity and they chose
to pursue it because from early on they wanted to convert him to do work for
them.

------
rjaco31
Wait, he ended up with 44 charges for just scanning a police website with a
vulnerability scanner?

------
SpaceInvader
It's kinda similar to the post I've submitted yesterday. Shows how us
government is playing. It's kinda disturbing:
[https://news.ycombinator.com/item?id=9071148](https://news.ycombinator.com/item?id=9071148)

------
task_queue
The transformation of the already morally culpable role of confidential
informant to morally abhorrent confidential provocateur is one that many
agencies are forcing upon the useful yet to be convicts.

------
driverdan
If this guy gets six months for scanning a website the WebSense execs should
be in prison for life. WebSense repeatedly scans websites for security
vulnerabilities without permission.

------
Qwertious
So, "do our dirty work or we'll hit you with all the legal loopholes we can
find". Lovely.

~~~
pixl97
Outside of computers this has been going on for decades in the FBI/ATF's drug
and gun business. This is and has been the modus operandi for at least 30 year
(that I know of) and probably far longer, and it works well. Get caught with a
joint and they'll try to stick distribution on you (with 10+ year sentences)
unless you narc someone out. Some with gun violations, they will think of 10s
or 100s of very questionable charges and place them against you, threaten jail
time in the centuries. Reminds me of the Aaron swartz case.

------
lectrick
Why is probing for weaknesses against the law? If I walk up to a house and
jiggle the door handle, and figure out whether it's unlocked or not, and do
not actually enter, what crime did I commit? What precedent caused this to be
the case? If I am a salesperson who probes for weaknesses in a customer to my
own gain, am I also violating the law? What if I am an employee who figured
out how to reduce my workload but didn't inform my boss, so I get to surf
Hacker News more?

I'm a website developer who patched 11 security holes after a security audit
in my last contract gig. I think there is nothing wrong with probing. Actually
breaking in and taking is another story.

------
eloisius
Is this legally distinct from blackmail, and if so, how?

~~~
peterwwillis
Blackmail involves not revealing something compromising or injurious. This is
legally distinct both because they are not "revealing" anything, and is legal
because they're supposedly just enforcing the laws you broke.

The government generally works like the mafia, but in reverse: instead of
using intimidation tactics to get you to break the law, they use intimidation
tactics to get you to put other law breakers in jail. The difference is that
the mafia would at least pay you for your efforts. The government just
threatens you more.

~~~
emidln
They are choosing whether or not to reveal evidence at a potential trial. With
cooperation, they do not reveal damaging evidence at trial. Without
cooperation, they reveal everything. This is exactly how blackmail works in a
lot of mafia movies.

~~~
peterwwillis
If you broke the law, you can, should and will be punished for it; this is not
usually negotiable, and they are doing you a favor by not prosecuting you.

The moral/ethical grey area here is that forcing someone to work for the
government in exchange for not seeking what the law would call 'justice' is
the equivalent of indentured servitude, a form of slavery.

With blackmail, you might normally have a reasonable expectation of privacy,
and a reasonable expectation that someone will not intentionally harm or
injure you. The government is not seeking to harm or injure you (well, not
theoretically) when it enforces the law.

We've all signed the social contract that says that if we break a law, we will
suffer the consequences, so it's not unfair for the government to prosecute
crimes you have actually committed. It is also fair for them to give you a way
out of them, as most cases are pleaded down, prosecutors change offenses to
lesser degrees for a good track record, etc.

It's also definitely a grey area how prosecutors will often tack on "trumped-
up" charges in the expectation that a judge will knock them down to a smaller
list but still apply some. Both these practices need to end, or be curtailed
greatly.

------
jnardiello
Oh, that happened to a friend in Russia as well.

Superpowers - they are all the same and never learn.

~~~
hga
My serious start in anti-Communism began with reading in 1971 +- a couple of
years a _Reader 's Digest_ condensed version of one such "spy's"
autobiography. He was entrapped and forced into becoming one, was caught
almost immediately upon entering the US.

One of the strong and unquestioned implications was this sort of entrapment
was _wrong_ , and one of the things that distinguished the US from the USSR.
Fast forward to Ruby Ridge, and Randy Weaver's refusal to try to become an
undercover agent against a group of white supremacists, which he was not, and
they knew that and hated him with a passion, i.e. it would have been suicide,
brought the full weight of "the law" on him, resulting in the Feds murdering
his wife and son.

------
pakled_engineer
Spying on politicians and cartel members, no thanks. You'd be chained to the
FBI forever since they would threaten to dump you in gen pop as a known CI or
leverage the safety of your family if you don't do everything they ask.

------
_pmf_
"And these are only the ones we did not frame you with!"

------
upofadown
It's entirely possible that these "cybercrime" divisions are really desperate
to justify their funding. Chances are those sorts of entities are not made up
of technical wizards. So coercing someone to do their job for them is pretty
much the only hope. If they just hired people then those people would end up
running the place.

------
PublicEnemy111
Since when is using nmap or its kin illegal?

------
finid
He's lucky they didn't plant n.u.d.e photos of young boys in his computer and
charge him for...

------
higherpurpose
The American system of _piling up charges_ sucks so hard because it's so
easily abused, especially when you live in a country where anyone commits _3
felonies a day_ [1] due to shitty and complex law.

When things have gotten so bad, Americans should take example from other
countries and only count the _biggest_ charge when sentencing someone to
prison. Minimum sentences + abusive plea bargains don't help the current
system either (they do help vengeful government tax-paid employees, though, in
destroying the life of anyone they wish).

[1] -
[http://www.threefeloniesaday.com/Youtoo/tabid/86/Default.asp...](http://www.threefeloniesaday.com/Youtoo/tabid/86/Default.aspx)

~~~
maxerickson
"3 felonies a day" is more of a marketing tagline for a book than it is any
sort of meaningful fact.

edit: [http://skeptics.stackexchange.com/questions/22530/does-
the-a...](http://skeptics.stackexchange.com/questions/22530/does-the-average-
american-unwittingly-commit-three-felonies-a-day)

~~~
Spooky23
That link is a "worst of" for Stack Exchange. Most of the answers there are
from people who admittedly didn't read the book, and are really bad.

If you read the book, the source of the "3 felonies a day" claim, is mostly
related to the "honest services" laws, which were narrowed in scope somewhat
by the Supreme Court after the book was published. If a prosecutor were to
very liberally apply the "honest services" law, typical white lies like
calling in sick to work when you're not sick or screwing around on the
internet can be elevated to felony status.

Another key area supporting the claim is that participating in a transaction
where a foreign law was broken is also a felony. I believe the
(absurd/bizarre) prototype for this was somebody charged with a felony for
possessing warm-water lobsters that were inappropriately packages according to
the law of some central american country. (I believe they were in wax paper
instead of plastic)

The point was that ordinary people in the ordinary course of business and life
can be subject to extraordinary punishments for vaguely defined crime. That
means that you're freedom is subject to the whims of an all-powerful
prosecutor, which is contrary to generally accepted notions of justice and
democracy.

~~~
maxerickson
They were convicted of conspiracy after 5 years of lobster smuggling, the
transport laws were tacked on (and not necessarily ridiculous), see my other
comment.

The book reaches super hard to make the argument that we have too many laws.
It would do better to simply make the argument that we have too many laws.

It's also the case that the injustice in the US system is not aimed primarily
at lobster smugglers and dumb lawyers (two of examples cited at the link).

The point of linking that worst of stack exchange is that you don't even have
to read the book to eviscerate the factertisement, so it's not really a great
"fact" to introduce into a discussion.

edit: corrected 10 years to 5 years.

~~~
Spooky23
The fluffy marketing distracts from the content if you don't read the book.
Putting "you can go to jail for not providing honest services" isn't very
catchy. The stack exchange link is a personification of "Don't judge a book by
it's cover".

The argument of the book is that we have too many vague laws, some of which
are nearly meaningless to a lay person. If you're familiar with how the
various computer crime statutes are enforced, I think it is difficult to
question that assertion.

The other aspect of the book to consider is that your typical middle class
working person doesn't see the overreach in things like drug laws as something
relevant to them. It's a wake-up call that the fundamental injustice that has
been a way of life for the poor and minority community is expanding.

~~~
maxerickson
You'll notice I started by objecting to someone claiming the fluffy marketing
as a fact.

That's true whether Stack overflow and I have misjudged the book or not.

