NEWS IN DEPTH BLOGS OPINION VIDEOS PHOTO STORIES PREMIUM CONTENT LOGIN REGISTER COOKIES RSS

IT Industry Technology Management Sectors Topics Search the TechTarget Network

ALPHASPIRIT - FOTOLIA

Activist Lauri Love faces order to disclose encryption 2 keys

The UK’s National Crime Agency takes an unusual legal step Bill Goodwin to force a former university student accused of hacking to Computer Weekly

11 Apr 2016 12:04 disclose encryption keys

The UK’s National Crime Agency (NCA) is attempting to force a

THIS ARTICLE COVERS political activist accused of hacking to disclose encryption keys in a Cybercrime case that could have ramifications for others who want to protect RELATED TOPICS confidential information. Antivirus Secure Coding and Application Programming Lauri Love, age 31, is facing extradition to the US and a possible Continuity 99-year prison sentence after being accused of breaking into computer systems Cloud security belonging to US government agencies, including the FBI, the Federal Reserve Data Breach Incident Management and Recovery Bank and the Missile Defence Agency. Endpoint and NAC Protection

Download our in-depth report on IT spending in the UK. In this Article Benchmark your IT spending plans with our in-depth study of spending priorities across the UK.

NCA uses contempt of court to force key disclosure E-mail Address:

Police moves threaten work of legitimate campaigners Download Now

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget US accuses Love of hacking and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA. conspiracy You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy. Parallels with Gary McKinnon case

Guilty until proved innocent In an unusual legal move, the NCA is using civil court proceedings to force Love forced to seek prosecution in UK courts Love, who has Asperger syndrome, to hand over encryption keys and Hacking conspiracy revealed in internet chat rooms passwords at a hearing at Westminster Magistrates Court on 12 Read More April 2016.

Related Content The agency, the UK’s equivalent of

UK man arrested for hacking into the FBI, arrested Love and seized US government ... – ComputerWeekly computer equipment from his parents’ home in Stradishall, , in 2013, British man arrested over hacking Latest News into US military ... for alleged offences under the – ComputerWeekly

Computer Misuse Act. NCA attempts 'back door' access to Hacker McKinnon gets 14-day obtain activist Lauri Love’s reprieve from extradition passwords – ComputerWeekly The NCA has not pressed any Public sector IT leaders gamble on charges against Love, despite his digital projects, says survey earlier refusal to disclose passwords UK would need its own Privacy and encryption keys under Section Shield deal with EU if it votes for Brexit 49 of the Regulation of Investigatory Powers Act (Ripa) and has released him from bail. View All News

NCA uses contempt of court to force key Download Computer Weekly disclosure

The latest attempt to force Love to hand over password and encryption keys

came after Love launched legal action against the NCA to force it to return his IN THE CURRENT ISSUE: How an IT department in a computer equipment. portacabin supports UK’s biggest critical infrastructure project The NCA asked the court to order Love to disclose passwords and encryption UK and European firms invest in data protection ahead of GDPR keys as a precondition to returning Love’s property, documents filed in PCIe SSD roundup 2016: Some Westminster Magistrates court revealed. stall while others progress

Download Current Issue The case is believed to be the first time police have used the threat of contempt of court under civil proceedings, rather than Section 49 of Ripa, to require disclosure of encryption keys. It could have wider ramifications for journalists and activists, said Richard Tynan, technology specialist at the human rights group Privacy International.

Lauri Love is facing extradition to the US and a possible 99-year prison sentence after being accused of breaking into US government computer systems

“The mere attempt by the government to secure court directions which include forced decryption is extremely worrying,” he said. “As a basic principle, individuals should not be compelled to potentially provide evidence against themselves. This is a long-standing principle with a sound legal basis.”

The NCA asked the court to order Love to provide witness statements stating whether two TrueCrypt files on his computer equipment contain data from the US Senate and the Department of Energy.

Police are also seeking a statement from Love on whether his Fujitsu laptop contains information to download the “Police Oracle” website and whether a Compaq computer contains pirated films.

Police moves threaten work of legitimate campaigners

Tynan said any technical and legal means used to undermine encryption – including forced key disclosure – threaten the public’s safety and jeopardise the ability for journalists and campaigners to hold powerful organisations to account.

CW+ E-Handbook Features Secure Voting

E-Zine Building datacentres under the sea

E-Handbook Enjoy the benefits of CW+ membership, learn more and The Value of Threat Modelling join.

“One only has to look at the attempt to compel to turn over its source material in relation to the Snowden files, and the subsequent destruction of the hardware in the Guardian basement, to see how extreme the UK government is willing to act,” he said.

Love told Computer Weekly the police had “concocted a bunch of excuses” to avoid returning computer equipment they had no legal right to retain.

“In one of the cases, they said they found a bunch of films on the computer, so now they are very concerned about movie piracy,” he said. “They are not returning property which they would normally have to return.”

The NCA is understood to have passed images of Love’s computer disks to the FBI and is believed to be co-operating with the extradition request.

US accuses Love of hacking conspiracy

US prosecutors claim that Love was part of a sophisticated network of criminals involved in computer intrusions, and have filed separate criminal charges in New York, New Jersey and East Virginia.

He is alleged to have taken part in OpLastRestort, a protest by the hacktivist group Anonymous over the treatment of Aaron Swartz at the hands of the US legal system, after Swartz downloaded thousands of academic articles.

Swartz committed suicide following what his family described as “intimidation and prosecutorial over-reach” over a crime that had no victims.

Court documents claim that Love worked with accomplices to infiltrate a wide range of US government computers and steal personal information and credit card details of government employees.

The group is alleged to have exploited a known vulnerability in Adobe’s Cold Fusion software to access US government servers between 2012 and 2013.

Love is accused of uploading “shells” or “backdoors” into vulnerable servers and using them to gain administrator rights, which allowed the group to download “massive amounts” of sensitive information.

There is no suggestion in the indictments that Love profited from his activities, or that any personal or financial data was made public.

However, the case is potentially embarrassing for the US authorities as it highlights the government’s failure to protect its IT systems by patching a known security flaw.

“The US wants blood,” said Tor Ekeland, Love’s US attorney. “I really think they see Anonymous as a big threat to their control of information.”

Parallels with Gary McKinnon case

Love’s supporters draw parallels with hacker Gary McKinnon, who had his extradition blocked by home secretary for humanitarian reasons following a 10-year legal battle.

“I think the same reasoning that stopped Gary McKinnon being extradited applies in Lauri’s case. They are very similar cases. I think on humanitarian grounds alone, this extradition should be blocked,” said Ekeland.

Naomi Colvin, campaigner for the advocacy group Courage Foundation, which is supporting Love, said he was in no condition to cope with the harsh conditions of the US prison system.

Other hackers and activists represented by the Courage Foundation have frequently faced hash treatment in US prisons, including loss of email and communication privileges, and solitary confinement, she said.

“Stays in solitary confinement are very damaging anyway, but the effect would probably be more severe in Lauri’s case,” she said. “Lauri has particular health and welfare needs and the US courts and prison system are not set up to deal with those.”

Guilty until proved innocent

Wikileaks founder said the NCA’s attempts to use civil proceedings against Love could set a precedent that would require people using encryption to prove to the police they were not holding illegal material – reversing the normal legal burden of proof.

“In the case of Lauri Love, the National Crime Agency is making a grab for even more police powers. If it succeeds, anyone who uses encryption will be considered suspect under the law – a breathtaking reversal of the presumption of innocence,” he said.

Love forced to seek prosecution in UK courts

Love said he had been placed in the invidious position of trying to persuade the UK courts to prosecute him.

“Even if I won all three cases in the US, that is more expense in legal fees than I would ever be able to repay. I would not get bail, so I would spend 10 years in pre-trial detention, just getting through the trials,” he said.

Love, who is now working as a security consultant, and speaking at security conferences, told Computer Weekly that he had been in legal limbo for two-and- a-half years, and had suffered stress and depression.

“It is particularly stressful for my parents,” he said. “I have been involved in activism for years, so I was kind of ready for this. The stress my parents feel is the thing I regret the most.”

Hacking conspiracy revealed in internet chat rooms

US prosecutors claim that Love used a variety of nicknames, including “nsh”, “route”, “peace”, “shift” and “Smedley Buttler”, to discuss the attacks with accomplices on Internet Relay Chat (IRC) rooms.

One discussion refers to an attack on the US Sentencing Commission server, which was defaced with a video supporting Aaron Swartz, according to documents filed in the US courts: “Found a whole bunch more sh*t on the uscc.gov hoster’s network … we are aiming to go public for 5am ESA=11am tomorrow UK … the script is finalised and the video will be ready tonight.”

On another occasion, Love is alleged to have written: “You have no idea how much we can f*ck with the US government if we want to … this … stuff is really sensitive … it’s basically every piece of information you need to do full identity theft on any employee or contractor.”

Another conversation revealed the group was able to download large quantities of data from US government servers: “Man this govwin site is really useful ... they do breakdowns of spending for all gov agencies .. org charts … related docents … related articles ... We need like a team of lots of people pouring over this data.”

Read more on Hackers and cybercrime prevention

A L L NE WS IN DE P T H OP INION P HOT O S T ORIE S V IDE OS

Windows PowerShell tied to BAE Systems warns about more than a third of cyber shape-shifting strain of attacks Qbot malware

UK cyber crime growing QA launches cyber attack exponentially defence training facility in

Load More

2 comments Oldest

Share your comment

Send me notifications when other members comment.

Register or Login

E-Mail

[email protected]

Username / Password

Username

Password

By submitting you agree to receive email from TechTarget and its Comment partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

ncberns — 12 Apr 2016 11:48 AM

Like most everyone else I really hate storm trooper tactics to extract keys and code. That aside, it's well past time we got serious about hacking and the secrets unearthed. Perhaps we need something for better than an ad hoc approach to security.

ToddN2000 — 12 Apr 2016 4:30 PM

Couldn't agree with you more, ncberns. People still aren't taking hacking seriously enough. They won't until it affects them.

-ADS BY GOOGLE

Malware Entfernen sparktrust.com Entfernen Malware in 2 Minuten. Kostenlos herunterladen (Empfohlen)

SearchCIO Latest TechTarget resources Hip to be square: Instagram The on-demand CIO Microsoft gets in roundup: economy and the early on Disruptive future of work: SECURITY blockchain business models, Buckle up NETWORKING technology digital investments DATA CENTER

DATA MANAGEMENT The tech giant announces a 2016 Fusion CEO-CIO Symposium When companies get serious about partnership with big banks to develop caught on Instagram: Follow along as understanding what it costs to get work blockchain technology. Also in senior news writer Nicole Laskowski done, employment will change Searchlight: IT spending expected... chronicles sessions on ... dramatically. Who's ready ...

About Us Guides Reprints All Rights Reserved, Copyright 2000 - 2016, TechTarget Contact Us Advertisers Archive

Privacy Policy Business Partners Site Map

Our Use of Cookies Media Kit Events

Videos Corporate Site E-Products

Photo Stories Experts