home

Deciphering the Matthew Keys Indictment

The indictment against Matthew Keys, the former Sacramento KTXL FOX 40 web producer and Reuters journalist charged in the Eastern District of California yesterday for providing members of Anonymous with network login credentials to hack into the server of the station and the LA times (both are owned by the Tribune company), is a bit of a head-scratcher. It seems he started out as double agent of sorts, infiltrating the group for journalistic purposes. Did he change from role-playing in internet chat room sessions to joining in the group's illegal activity? Clearly, the Government believes he did.

The Indictment is here. One person who turned on him seems to be Anonymous Sabu, aka Hector Monsegur. But others may have as well. [More....]

Yesterday's DOJ press release:

The three-count indictment alleges that in December 2010 Keys provided members of the hacker group Anonymous with log-in credentials for a computer server belonging to KTXL FOX 40’s corporate parent, the Tribune Company. According to the indictment, Keys identified himself on an Internet chat forum as a former Tribune Company employee and provided members of Anonymous with a login and password to the Tribune Company server. After providing log-in credentials, Keys allegedly encouraged the Anonymous members to disrupt the website.

According to the indictment, at least one of the computer hackers used the credentials provided by Keys to log into the Tribune Company server, and ultimately that hacker made changes to the web version of a Los Angeles Times news feature.

The indictment further alleges that Keys had a conversation with the hacker who claimed credit for the defacement of the Los Angeles Times website. The hacker allegedly told Keys that Tribune Company system administrators had thwarted his efforts and locked him out. Keys allegedly attempted to regain access for that hacker, and when he learned that the hacker had made changes to a Los Angeles Times page, Keys responded, “nice.”

Keys' case is related to Sabu's case in Sacramento pertaining to the HB Gary hack. (Notice of Related Case here.)

Both cases related to computer hacking attacks by the group that called itself “Anonymous.” The Keys case alleges that Keys gave login credentials to members of Anonymous and encouraged them to vandalize the web site of his former employer, a news organization. Defendant Monsegur, who used the nickname “Sabu,” appeared in the Internet chat log at the core of the Keys case, and, in that chat log, offered advise on how to conduct the network intrusion. Monsegur later became a cooperating defendant in the Southern District of New York.

On March 6, 2012, Sabu was charged, along with five other alleged Anonymous, Internet Feds and LulzSec members. See this Wall St. Journal article which includes a link to the charges against Sabu and:

  • Ryan Ackroyd / Kayla
  • Jake Davis / Topiary
  • Darren Martyn / pwnsauce
  • Donncha O'Cearrbhail / palladium
  • Jeremy Hammond / Anarchaos/sup_g

The charges in the March, 2012 cases include a reference to the defacing of the LA Times website.

Of course, Sabu had been cooperating with the feds long before that, since his "secret arrest" in June, 2011. Here's an unsourced timeline.

From a press release by the U.S. Attorney for the Eastern District of California in March, 2012:

United States Attorney Benjamin B. Wagner announced today the unsealing of the guilty plea of Hector Xavier Monsegur, aka "Sabu," aka "Xavier DeLeon," aka "Leon," of New York City. Monsegur pleaded guilty to a twelve-count information, which included the allegation that Monsegur conspired to carry out a hacking attack on HBGary Inc. and HBGary Federal LLC. Monsegur entered his guilty plea in the Southern District of New York on August 15, 2011, but the plea was maintained under seal until today.

....The attack on HBGary was carefully investigated by the FBI in Sacramento and the case was transferred to New York for Monsegur’s plea. Importantly, the Sacramento investigation greatly benefitted from the assistance of HBGary itself.

Keys is now charged with conspiracy to transmit information to damage a protected computer, transmitting information to damage a protected computer and attempted transmission of information to damage a protected computer.

Reuters has suspended Keys with pay. His work station has been dismantled, and Reuters says:

Any legal violations, or failures to comply with the company's own strict set of principles and standards, can result in disciplinary action. We would also observe the indictment alleges the conduct occurred in December 2010; Mr. Keys joined Reuters in 2012."

Gawker reported a long time ago that Keys maintained he had infiltrated Anonymous, as a journalist. Here's Keys, in his own words, describing how he infiltrated Anonymous, got Sabu to trust him, and then later, was kicked out of the chat room and became a persona non gratis. He even discusses the defacing of the LA Times website. As to Sabu, he writes:

He said he would try to destroy the reputation of anyone who might expose him or ruin his reputation or that of Anonymous. He’d release personal information about any individual whom he considered his enemy or Anonymous’ enemy. He’d steal their credit card information and charge hundreds of dollars in charitable donations. He’d invent stories so as to discredit any whistleblower or hacker-turned-informant.

Here's a March, 2011 Sabu tweet doing just that:

Keys has known he was under investigation since at least October, 2012 when his home in New Jersey was searched. The search warrant affidavit, with many more details and connections, is here, courtesy of Dennis Romero at LA Weekly. The pages laying out the probable cause for the warrant and Keye's alleged actions and interactions are here.

Kevin Gosztola at Firedoglake's Dissenter provides a detailed history linking the various cases. He also concludes Sabu is not the only one cooperating against Keys.

According to Keys' Sacramento docket, Keys has been issued a summons to appear -- no arrest warrant. That suggests to me he is represented by counsel who has been negotiating with the Government for a while, and the Government is not concerned he is a flight risk.

Frequently, when a deal has been reached before Indictment, the feds will file an Information with the agreed upon charges, rather than go to the grand jury for an Indictment. Does the return of the Indictment against Keys and the issuance of a summons, rather than an arrest warrant, suggest negotiations, while conducted in good faith, ultimately broke down and no deal was reached, and the feds are keeping all options open by bringing all possible charges?

It seems from Keys' twitter feed yesterday and today, he was aware of everything but the timing of the charges.

DOJ has to go through extra hoops when targeting a journalist for criminal prosecution. But if Sabu began providing information on Keys in June, 2011 when he began cooperating, it sure seems like they could have gotten authorization for a search warrant before October, 2012. Were they waiting to see if the other defendants in the March 2012 case, or other cases, would cooperate and corroborate Sabu's information before proceeding against Keys? Or did they delay, hoping to wear Keys down over time and convince him to take a pre-indictment plea offer? Could be a little of both.

< Why President Obama's Chained CPI Pre-concession Was A Mistake | Maryland Bans the Death Penalty, Colorado Could be Next >
  • The Online Magazine with Liberal coverage of crime-related political and injustice news

  • Contribute To TalkLeft


  • Display: Sort:
    There isn't a chance in hell... (none / 0) (#1)
    by Dadler on Fri Mar 15, 2013 at 04:34:21 PM EST
    ...that the government is ahead of any technological curve in this area. If anything, these cases seem to represent the government's attempt to co-opt certain things (mostly savvy and smarts) as much as prosecuting provable wrongs.

    My guess is... (none / 0) (#2)
    by bmaz on Sat Mar 16, 2013 at 01:24:41 AM EST
    According to Keys' Sacramento docket, Keys has been issued a summons to appear -- no arrest warrant. That suggests to me he is represented by counsel who has been negotiating with the Government for a while, and the Government is not concerned he is a flight risk.

    Frequently, when a deal has been reached before Indictment, the feds will file an Information with the agreed upon charges, rather than go to the grand jury for an Indictment. Does the return of the Indictment against Keys and the issuance of a summons, rather than an arrest warrant, suggest negotiations, while conducted in good faith, ultimately broke down and no deal was reached, and the feds are keeping all options open by bringing all possible charges?

    This is, including your speculative questions, about right. If the allegations are borne out, I am not sure the "infiltrating as a journalist" bit is going to provide much, if any, defense value.

    I would additionally be trying very hard to knock back the allegation that the damage was really worth more than $5,000. The government seems to be piling on and going after Keys, but that is nothing new in the system, and you have to expect they will do just that any time they can where Anonymous is involved.

    I wonder what the parameters of the deal discussion that had to have happened were and why they fell through?

    No Plea Bargain yet (none / 0) (#4)
    by Catfitz on Sat Mar 16, 2013 at 06:15:56 AM EST
    There doesn't seem to be any plea offer yet.

    Parent
    Catfitz also wrote: (none / 0) (#5)
    by Jeralyn on Sat Mar 16, 2013 at 01:31:19 PM EST
    If you take a close look at the search warrant, you see that there is more than $5000 in damages listed because they include not just the LA times article hack but the stealing of the Fox affiliate email list.

    Also, you have to conclude that the feds must have decided that they could make their case and prove that AESCracked was Matthew Keys in every chat log, where he incriminates himself. His lawyer is denying that he had control of the account all the time. Parmy Olson has now come forward and says that Keys denied to her that he had done the hack when she asked him, while writing her book. Yet she didn't include that in her book and is only putting it on her column at Forbes now. I'm not persuaded.

    I had to delete the comment due to the overly long url. Please put urls in html format. There's a link on top of the comment box to do so. Long ones skew the site and I cannot edit comments, only delete them. See our comment rules. Thanks.

    Parent

    Yes, I saw the SW (none / 0) (#6)
    by bmaz on Sat Mar 16, 2013 at 07:29:46 PM EST
    But still would try to attack the dollar value. Maybe it will hold up, maybe not; but it is worth the attack.

    Parent