LA Times Hack: Security Breach or Harmless Prank?

Federal prosecutors say Reuters’ deputy social media editor conspired with a notorious hacker network to cause an online security breach that should be punished by decades in federal prison.

Fervent online supporters of Matthew Keys say the journalist was just taking part in an online prank that briefly altered the Los Angeles Times’ website, and he shouldn’t ever have been suspended from his job.

In an age when the line between tech superstardom and outright hacking grows increasingly blurry, the case against Keys, 26, lays bare sharp divisions about what constitutes internet crime and how far the government should go to stop it.

“Congress wants harsh penalties doled out for these crimes because they don’t want people defacing websites, but there has to be a way that we can bring the law into harmony with the realities of how people use technology today,” said Hanni Fakhoury, an attorney at the San Francisco-based nonprofit Electronic Frontier Foundation.

Keys, was charged Thursday with conspiring with the hacking group Anonymous to alter a Times news story in late 2010.

The federal indictment accuses Keys of giving hackers the information they needed to access the computer system of Times’ parent company, Tribune Co.

An attorney for Keys said he is not guilty, and that the government is overreaching in its zeal to prosecute internet pranks.

“No one was hurt, there were no lasting injuries, no one’s identity was stolen, lives weren’t ruined,” his Ventura-based attorney, Jay Leiderman, said Friday. “Mr. Keys was no different than any other embedded journalist.”

Keys was hired in 2012 as deputy social media editor for the Reuters news service. He didn’t return a phone call seeking comment.

“I’m okay,” he posted online Friday in response to a journalism colleague wondering how he was doing.

He was suspended with pay late Thursday, said Reuters spokesman David Girardin, who did not elaborate. A spokesman for the Chicago-based Tribune Co. declined to comment.

According to the indictment, a hacker identified only as “Sharpie” used information Keys supplied in an internet chat room and altered a headline on a December 2010 Times story to read “Pressure builds in House to elect CHIPPY 1337.” The reference was to another hacking group credited with defacing the website of a video game publisher in 2011.

Keys is charged with one count each of conspiracy to transmit information to damage a protected computer, as well as transmitting and attempting to transmit that information. If convicted, prosecutors say the Secaucus, N.J., resident faces a combined 25 years in prison and a $500,000 fine if sentenced to the maximum for each count.

However, first-time offenders with no criminal history will typically spend much less time in prison than the maximum sentence, said Mary Fan, a former federal prosecutor who specializes in criminal law and procedure at the University of Washington School of Law.

Keys’ arraignment is scheduled for April 12 in Sacramento.

His indictment comes after recent hacks into the computer systems of two other U.S. media companies that own The New York Times and The Wall Street Journal. Both newspapers reported in February that their computer systems had been infiltrated by China-based hackers, likely to monitor media coverage the Chinese government deems important.

Anonymous and its offshoot, Lulz Security, have been linked to a number of high-profile computer attacks and crimes, including many that were meant to embarrass governments, federal agencies and corporate giants. They have been connected to attacks that took data from FBI partner organization InfraGard, and they’ve jammed websites of the CIA and the Public Broadcasting Service.