"Rotterdam, December 9th. The police has arrested in the night of Wednesday to Thursday a 16 year old boy who apparently was involved in the cyber attacks by WikiLeaks sympathizers on amongst others Mastercard and PayPal. This has been announced by the office of the public prosecutor.
WikiLeaks sympathisers have started these attacks after the arrest of WikiLeaks founder Julian Assange in Great Brittain. With these so-called DDoS attacks hackers want to take revenge on companies that no longer process funds transfers to WikiLeaks. The High Tech Crime Team of the dutch national police had started an investigation after it became clear that these attacks originate in the Netherlands, according to the office of the public prosecutor.
Besides Mastercard and PayPal the websites of VISA, the Swedish public prosecutor, the swiss Post Bank have been subjected to attacks as well. The actions of the WikiLeaks sympathisers are carried out under the code name 'PayBack'.
The young suspect from The Hague has been interrogated on Thursday and has confessed that he committed attacks on MasterCard and VISA. Police have confiscated computers and data carriers. On Friday he will have to appear in front of a judge in Rotterdam. According to the justice department the boy is part of a group of hackers.
The investigation in to this group is still running, according to the public prosecutor. It is not clear whether other suspects are also in the Netherlands or abroad. The justice department does not rule out more arrests.
A spokesperson for the public prosecutors office has announced that the justice department will act against those that are actually performing these attacks. People that just make their computer available are committing a felony but are not taken in to account in the current investigation."
Good. This may not be a popular opinion, but I've been waiting for these kids to get punished. Just because they are script kiddies doesn't mean they aren't fully aware of their actions and the impact those actions can have.
I see them all over mainstream sites posting comments "as" Anonymous and I can't help but wonder how ignorant or just plain stupid these people are. They can and will find out who uses these tools and you can bet Visa and Mastercard will use their enormous resources to make sure there is reparation or payback.
While I understand your sentiment I think these crimes are silly in comparison to the crimes perpetrated in all our names in for instance Iraq and Afghanistan and I can't help but notice that when it comes to stuff like this the justice department is very eager to do something about it but war crimes in general go unpunished.
Tony Blair, George Bush and a whole slew of others have committed far worse crimes than to cost MC or PayPal a couple of hours of downtime and they're still walking around free and are nominated for all kinds of prizes. The sense of injustice the existence of something like Gitmo gives me is much stronger in comparison to the part of me that thinks that script kiddies should be brought to justice (or at a minimum stopped).
Besides this action having no net positive effect for WikiLeaks, the article cited above already pushes the notion that these attacks were in revenge for Assanges arrest and that is precisely the wrong signal to send.
Please don't turn this into a debate about Iraq, Bush, and our evil government. That's neither here nor there at the moment. Visa and Mastercard are not any of the forementioned and the people who DDoSed them commited a crime, plain and simple. The cost to PayPal etc is not known, but you can bet they (and their many customers) didn't deserve the "wrath" of these kids. I still think they should be brought to justice. What if you and your property suddenly came into the Internet mob's sites?
I think it is very appropriate to drag Bush and the evil government in to it because if it weren't for that we wouldn't be having this massive support for wikileaks. The two are far more connected than you might think.
Without the evil empire to play underdog to Julian Assange and WikiLeaks would be seen as a bunch of two bit hackers, now they are at the forefront of a movement that claims to want to improve society by enforcing greater transparency.
I haven't decided how I feel about this, but emailing your senator is likely to accomplish absolutely nothing, so perhaps more severe behaviour is somewhat understandable.
But remember who the action is towards. Private organizations. Not the government. Just private organizations who chose to disassociate themselves with another private organization. When you step outside of this media frenzy/bubble we're all in that's what it boils down to. Then some people didn't like that and they committed a crime against PayPal, Visa, and Mastercard.
Not just private organizations, but multi-national mega-corporations at the center of our financial system, with coffers that rival most nations GDP's, and, as Wikileaks has shown, a direct line to the most powerful governments in the world.
So I think equating the targets of these virtual sit-ins with any private organization, like a small start-up with 5 employees, isn't really telling the whole story.
How many packets are a crime? I understand if you want to arrest the RBNs of the world, but unfortunately it's more frequently some random person who are made an example of. I don't think the question is if what these people did was wrong, but if it's reasonable to punish them for it.
Your comment would have been more valuable if you had left the toxic political barbs out of it; I say that as a liberal opposed to the war in Iraq. This comment made me groan out loud.
The inevitable meta-argument that is going to result from me pointing this out will also be annoying and it will also prompt groans, but at least we'll be arguing about something relevant to Hacker News: whether "off-topic: most politics" actually means anything.
Strange that as "a liberal opposed to the war in Iraq", you and the other binary thinkers here want to advance the argument that the actions of people like Assange and these anonymous "hackers" are taking place in a vacuum unfilled by the miasma of absolutely unconscionable actions taken over the last decade by U.S. neo-conservatives.
The American conservative element, endlessly on the wrong side of history, whose own policies have a great hand in fostering terrorism, whose own policies have brought the economy to its knees, absolutely needs its filthy little secrets.
Exactly how long do you want people to remain in milque-toast-mode before taking more direct action?
In the past, civil disobedience was "we're accepting punishgment for {x} to demonstrate that doing {x} should not be punished."
The two modern defintions are:
(1) "they should get off because they meant well/are good people"
and
(2) "they should get off because {x} is acceptable"
Which definition are we using here? If (3), what is {x} such that it is acceptable? Is it any DDoS? Any DDoS against a large organization? Please be precise so we can know what kind of DDoS are acceptable and which kind aren't going forward.
I'm going to take a little bite at this, because I think it's an important question, though I don't think it only applies in the case of your imagined modern definitions. Civil disobedience has never been limited to "we're accepting punishment for {x} to demonstrate that doing {x} should not be punished." In many cases, it has been "we're accepting punishment for {x} to demonstrate that doing {y} should not be punished, or to demonstrate that doing [z] should be punished or stopped or whatever." The scope has always been wide, and activists rarely staged illegal sit-ins, for example, just to demonstrate that sit-ins shouldn't be illegal. So the question you pose has wide relevance. You can start to come at the answer in a variety of ways, but perhaps the first if sometimes insufficient criterion of justifiable civil disobedience might be that the illegal protest action should aim at preventing greater harm than it causes, and it should be action against organizations that are significantly responsible for the harm you want to prevent. I think that criterion is satisfied in this case; that is, I think much greater harm is caused longterm by the permanent restriction of funding for Wikileaks than is caused by temporary DDoS'ing MC, Visa, and Paypal.
Wow, what world do you live in? I am going to be blunt. In this instance there is NO justification for the DDoS period. Those other companies are doing business the way they do business and it is totally legal and totally above board. Using your logic, as long as I can justify in my mind that a "greater good" is coming out of it I am "in the clear". I will say it again, it is never right to wrong for a chance to do right. You can try to justify six ways to Sunday but in the end it is still wrong.
Very well said, and I hope you get upvotes for it.
I think a lot of the issue stems with many people here having a conception of political change as being possible with very little conflict, and I don't think that's true.
There is no easy, polite way to pressure those with extraordinary power to act differently. And sometimes you have to do things that are illegal (like sit-ins, digital or virtual).
And when you do, you can recognize they are illegal, but partake in them anyways, and even fight your charges on moral grounds, and that makes your disobedience no less civil.
> I think much greater harm is caused longterm by the permanent restriction of funding for Wikileaks than is caused by temporary DDoS'ing MC, Visa, and Paypal.
That makes sense only if MC, Visa, and Paypal have an obligation to help Wikileaks receive funding.
Do they? Why? Who else has that obligation? (Does discover have that obligation? How about Google Checkout?) How do we know?
1) Part of civil disobedience is pleading guilty to all charges in court. If you don't do this you're just a lazy 'poser' of a protester.
or
2) People that commit crimes as part of a protest shouldn't be allowed to defend themselves
Personally, I think there is nothing wrong with defending yourself in court and using the courthouse as a pulpit to further your civil goals (i.e. why the law is unjust, why you shouldn't be punished, etc).
Indeed; it's important that those steps be honest and in good faith, however. (Unless the court system happens to be what they're protesting against, of course.)
Civil disobedience is breaking laws, or government directives, that you don't think are just. It is definitely breaking the law, but many people and thinkers see it as a valid form of resistance to unjust laws and governments.
I'm not sure how well it applies to this case, but civil disobedience in general is more than just "boys being boys".
I no longer have a dutch passport. This is because the dutch government has decided that all applicants need to present their fingerprints on application and these will be stored in some database.
This is against my feelings on how a state ought to be run and because of that I have decided to break the law. This affects me and nobody else. If there is a price to pay (fine, jail time) I will be the one paying it, nobody else. I think the big difference between civil disobedience and vandalism is that in the case of civil disobedience you are prepared to pay that price. In this case the moniker 'Anon' indicates to me that the people who are doing this at a minimum hope that they will get away with it without paying the price.
The dutch police are showing that that is not the case, it remains to be seen how eager and open the remainder of this group is to continue. If they sign each packet with their name then more power to them.
Illegal sit-ins are often used as a form of protest. Would you claim that the protesters are protesting the fact that sit-ins are illegal (with a straight face)?
Sorry - if the guy was controlling a botnet, he can do his time just based on the massive numbers of computers he was illegal controlling.
Sure we might feel some underdog sympathy for wikileaks right now, but the people doing these ddos attacks are the exact same people who ddos other sites and cost a ton of money every year. No free pass - civil disobedience is not free of consequences, and nobody should seriously suggest that launching a DDOS against a major corporation is "fair"
Remember that half of civil disobedience is gracefully accepting the punishment. You can't break the law and then argue you shouldn't be punished because it was 'only civil disobedience'- that's not civil disobedience. If they really believe in their cause, they shouldn't need other people to save them from it.
The boy has confessed. He's still entitled to put on a defense, I take it. And he's still entitled to seek support for that defense. In any case, you can break the law, and then argue, in certain places and circumstances, and without self-contradiction (which I suppose would be the possibility you find problematic) that you shouldn't be punished because a) the law is unjust or unconstitutional, or b) breaking the law was necessary to prevent greater harm (though if I recall correctly the latter defense by necessity is not permitted in most cases of civil disobedience in the US).
I agree, but to go off topic a bit: judging by some of the responses to your comment, people seem to think that one of the criteria that an act has to meet in order to be legitimate civil disobedience is that it is followed by a passive acceptance of government punishment. Of course this is tautologically true depending on one's personal definition of civil disobedience, no true Scotsman and such, but would exclude a lot of history, such as the Underground Railroad.
The article did have a nice quote directed at that point of view, though:
"There may be many times when protestors choose to go to jail, as a way of continuing their protest, as a way of reminding their countrymen of injustice. But that is different than the notion that they must go to jail as part of a rule connected with civil disobedience. The key point is that the spirit of protest should be maintained all the way, whether it is done by remaining in jail, or by evading it. To accept jail penitently as an accession to 'the rules' is to switch suddenly to a spirit of subservience, to demean the seriousness of the protest...In particular, the neo-conservative insistence on a guilty plea should be eliminated." --Paul Flowers
I think you are wrong about one key point in your first paragraph. In fact, these kids are not fully aware of the consequences of their actions. By this I'm not saying they're necessarily immature (some might be, some are certainly not), but some are jumping on the bandwagon because the bandwagon is both fun and packs just enough social justice to make the wrong-doing seem fair-game.
That being said, I am certainly against what's happening to Wikileaks and Assange. As I heard someone say earlier in the week: if this thing was happening in China and he was exposing that regime, he'd be called a hero.
Anon as an organism (no typo) is interesting. The fact that it is guided by the hive mind and not one in particular means it transfigures to good or bad depending on the general mood of the group. That is socially fascinating.
If you had a botnet at your disposal, you did clear premedidated and pure WRONG regardless of whether or not we agree with who he used those stolen resources to attack.
Yes, getting a botnet is "premedidated and pure WRONG". But, believe it or not, it is also today's equivalent of what would have been an elaborate phone prank in the 80s.
The majority of these botnets are not run by organized criminals. They are run by adolescent nerds. I'd argue the same is true for the large majority of anyone involved with "Anonymous" in any shape and form. It's primarily a youth movement.
So, like with any other prank, I'm all for giving those kids a slap on the wrist (note how I didn't say "prison sentence").
However, to me the more interesting question in all this is a completely different one: Why do some of the largest organizations on the internet fail to protect themselves against a moderate attack like this?
It seems humiliating, to say the least, that a bunch of teenagers can take out Visa, Mastercard and Paypal at a whim. This could have been trivially prevented with technology and money. Thus, considering the impact it had, the first lawyer-word that crosses my mind is not "sue the kids". It's: Criminal neglience.
On the other hand, one could argue that neither Visa or Mastercard makes their money off of their websites. Not their marketing (which comes in the form of ads or mail to your house), or the amount they cut per transaction, or the fees you get when you've delayed payment. As far as I can see, this is true. I might be completely wrong though.
From what I saw, part of the war cry text was that "we're only anonymous by number". I think it was fully understood what was happening. But yes, this is one way to realise the ramifications of your actions.
One thing they always forget to address: was this guy a botnet owner using his zombie computer swarm or did he just download the LOIC and filled the fields as the guide instructed?
It might be a crime anyway, but calling him a "hacker" instead of saying that he downloaded a program and clicked a button make people think in very different ways.
I'm calling shenanigans, and at any rate if it's true it's certainly a corner case. an interrogation and confession? just like that? something hinky is going on with this story.
Yes, sure. Because if you haul 16 year olds in to a real life sized police station and start asking pointed questions after doing what they probably figured was a nice prank they're going to clam up and ask for their lawyer, instead of becoming blubbering children.
Please, you can bet that (a) it's true, (b) that it's not a corner case (c) that he really confessed and (d) that there is nothing hinky at all.
Grown ups tend to fall apart after an hour or two in a cell if they've never been there before, imagine the effect on a 16 year old kid.
I've been in jail for several hours on a charge of tax evasion (long story short: I drove a car with foreign plates in to the Netherlands which was not yet fit for road approval, it was insured and otherwise ok), it did not make me suicidal (though they did take my shoelaces out of my shoes) but I was ready to do murder by the time I got out.
It had the exact opposite effect on me than what it does on most people apparently, I was ready to be reasonable at the time of being arrested but by the time they let me out of the holding cell they had lost each and every bit of credibility and respect with me that they ever had.
It was clearly a load of bull, they knew, I knew it, so I wanted to file charges and before you could say 'wow' I was escorted back out on to the street with a 'don't do that again' warning.
They would not even let me back in to file those charges.
Now, what a longer time in a prison cell would do to me I could not tell you but anger at this injustice is the only thing that still stands out after all these years (2 decades).
This reminds me of the last time i was in Athens. I took a picture of the US embassy and spent 5 hours in a cell. The fact that I am a Greek American with American citizenship meant nothing. The government has a way of making reasonable people unreasonable...
When I was in New York, the police stopped me from taking a picture of the Federal Reserve Building. They than gave me an info brochure with on the front a picture from the same angle. Only in America my friend.
I will certainly take you up on that, when I eventually find myself over there.
I initially swore that I'd stop traveling due to the TSA, but then I realized that going through an opt-out would be a better statement than just staying home. But if I wasn't already here, I wouldn't come here either.
16-year old kid who rarely ventures outside his parent's basement gets lifted off his seat by cops who threaten him with a lifetime in prison and he confesses? Preposterous.
Are you sure you aren't reading between the lines a little bit? I think that given the context it's smart to be a little skeptical of stories like this.
This is not Fox News or Bild we're talking about here, and given the context it is smart to know how to separate facts from fiction regardless of whether or not those facts fit in to your preferred worldview.
The dry facts:
(1) some 16 year old kid was arrested
(2) he was arrested in relation to his role in the attacks o MasterCard and PayPal
(3) He's been interrogated
(4) he confessed to at least being involved
(5) he's part of a group (most likely Anon, but that's interpretation on my side)
(6) they seem to have other suspects
(7) they are aware of two classes of suspects, 'organizers' and 'mules' and are (for now I would assume) focusing the investigative effort on the organizers, which suggests the kid was part of those that organized the attack and not just someone that downloaded a script or bot tool.
(8) On Friday (tomorrow) he will be arraigned, presumably we'll learn more then as well as whether or not he will be held longer
My point is that the arrest was not exactly due to LOIC usage, because the kid apparently got tagged by virtue of being one of the IRC ops for a/the payback channel. IRC is much easier to investigate than LOIC packets. This is what I meant by it being a corner case.
So, the story as I've been able to understand it is that the law tagged him via his association with the IRC channel, then under questioning revealed that he used LOIC as well. This isn't the same thing as your average payback participant having their identity revealed merely by their participation. I simply don't believe (yet, I haven't closed the door on this) that this arrest signals any risk to Anonymous.
That might be the case in general, but in this case they are just copying from the 'the wire' who themselves are copying from the official press statement. Which, I might add, is quite void of any real information such as the exact level of involvement of this guy and his pc. So I guess one should just wait for any real information to surface from him or his lawyer.
Is there no Dutch equivalent to the Fifth Amendment? In the US at least, it doesn't take guts. Just remember the word "lawyer" and any interrogation stops right then and there.
Fact check: the Fifth Amendment only means you don't have to answer. It doesn't mean they can't keep asking. Continuing to plead the Fifth when you're a scrawny 16yo in the face of a police officer in an interrogation room is probably harder than you suspect.
It's easy to get that idea from watching cop shows, so I don't blame you for thinking so, but it's not actually true.
Once you invoke your Fifth Amendment rights, as simply as saying "I want to talk to a lawyer", interrogation must stop until your attorney is present. That means stop asking questions, period. Cops are typically pretty mindful of this— since after that, any questions they ask, and anything you say in response, is inadmissible, and in fact could go to poison whatever legitimate case they have outside your testimony.
You do still have to watch out; this doesn't apply to "offered statements" which aren't in response to direct interrogation ("You know, Jim, there's a lot of kids around here. It'd be a shame if one of them found that shotgun...") At that point they may be able to claim you voluntarily waived your right to remain silent and resume questioning.
(It's also worth noting that the Fifth Amendment only applies once you're under arrest. It's a protection from self-incrimination, after all.
What kid knows to, or even can afford to, lawyer up? It may seem obvious to older, more experienced people that you should get a lawyer, but this piece of knowledge typically has to be programmed in.
It's not unusual for suspects to confess to crimes. It's just you're much more likely to hear about cases where the suspect denies the charges so it seems much more common than it actually is.
"Rotterdam, December 9th. The police has arrested in the night of Wednesday to Thursday a 16 year old boy who apparently was involved in the cyber attacks by WikiLeaks sympathizers on amongst others Mastercard and PayPal. This has been announced by the office of the public prosecutor.
WikiLeaks sympathisers have started these attacks after the arrest of WikiLeaks founder Julian Assange in Great Brittain. With these so-called DDoS attacks hackers want to take revenge on companies that no longer process funds transfers to WikiLeaks. The High Tech Crime Team of the dutch national police had started an investigation after it became clear that these attacks originate in the Netherlands, according to the office of the public prosecutor.
Besides Mastercard and PayPal the websites of VISA, the Swedish public prosecutor, the swiss Post Bank have been subjected to attacks as well. The actions of the WikiLeaks sympathisers are carried out under the code name 'PayBack'.
The young suspect from The Hague has been interrogated on Thursday and has confessed that he committed attacks on MasterCard and VISA. Police have confiscated computers and data carriers. On Friday he will have to appear in front of a judge in Rotterdam. According to the justice department the boy is part of a group of hackers.
The investigation in to this group is still running, according to the public prosecutor. It is not clear whether other suspects are also in the Netherlands or abroad. The justice department does not rule out more arrests.
A spokesperson for the public prosecutors office has announced that the justice department will act against those that are actually performing these attacks. People that just make their computer available are committing a felony but are not taken in to account in the current investigation."