Don't look now, but there's a crime wave surging across the Webbernets. Everywhere around you, people are recklessly sharing dangerous and illegal hyperlinks. Lock up your children, barricade the doors and windows, throttle your broadband connection, and pray that the FBI gets to these scofflaws in time.
Am I being too sarcastic? Maybe. But not if you ask Barrett Lancaster Brown, former self-anointed spokesperson for the Anonymous movement. Last week a federal grand jury in Dallas indicted Brown on 10 counts of aggravated identity theft, one count of "access device fraud," and one count of trafficking in stolen "authentication features" related to Anonymous's hack of Stratfor Global Intelligence last December.
[ Cringely rats out the latest treacherous tech: Your snitching cellphone, your tattling texts | For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]
Broken down into its essentials, the indictment says Brown had 15 or so credit card numbers and card verification values (CVVs) in his possession, which were taken from Stratfor during the Anonymous hack. It doesn't say he broke into Stratfor's computers and stole them. It doesn't say he attempted to use them to purchase something. It doesn't say he tried to sell them for a profit. It merely says he had possession of them. That, according to federal law, is enough to put him away for 15 years or more.
It's the last count that's got everyone's attention because the court is accusing Brown of violating the law by copying a URL from one IRC chat session and pasting it into another. That Web address was a link to a data dump consisting of 5,000+ credit card numbers for subscribers to Stratfor's newsletters. Per the grand jury indictment:
...by transferring and posting the hyperlink, Brown caused the data to be made available to other persons' online without the knowledge and authorization of Stratfor Global Intelligence and the card holders.
Brown is no great gift to humanity, as you can learn by watching the YouTube video he posted last September in which he threatens FBI agent Robert Smith (leading to his initial arrest). But the notion that you are guilty of a crime merely by linking to evidence of it is more than a bit troubling.
Taking that to its logical extreme, anyone who posts a link to information obtained through less-than-legal means could be subject to prosecution. That touches a great many journalists, including yours truly.
Personally, I try to be careful about what I link to. For example, if I write about some hacker who posts stolen credit card numbers or other personally identifiable information to Pastebin, I make it a point to not include links to that cache, to avoid doing further damage to the victims. I can't swear I've done a perfect job of that, though, and I know other journos who are less scrupulous about that sort of thing.
Most of the time the lines are pretty fuzzy. For example: The Anons posted 5 million illegally obtained Stratfor emails to WikiLeaks last March. It's extremely likely there was personally identifiable information -- possibly even credit card numbers -- in those emails. Am I now suddenly liable for damage caused by the spilling of those emails because there's a hyperlink to them in this post? That's nuts.