The latest alleged hacking mastermind, an 18-year-old arrested at home last week in Scotland’s Shetland Islands, was let out on bail Monday with conditions meant to keep him off the Internet and home at night.
Jake Davis is accused of keeping log-in information for 750,000 people, acting as spokesman for amorphous hacktivist groups and helping to mastermind audacious online attacks against such prominent figures as the UK’s Serious Organized Crime Agency and embattled media mogul Rupert Murdoch.
His high-profile case is one of several indicating a distinct change in the way the justice system and law-enforcement community view hackers and hacktivists. Previously, hackers thought themselves untouchable – capable of evading law-enforcers through their own skills. But arrests like Mr. Davis’s suggest the computer nerds who break into your database, steal your password or pummel your website in a denial-of-service attack are considered criminals, subject to the harshest prosecution the law can offer.
It could put a damper on all but the most dedicated hackers, says Rafal Rohozinski, head of the SecDev Group, an Ottawa-based centre that studies security. But it also challenges prosecutors to drastically improve the way they gather evidence on chimeric cyber-crime.
“One thing is for sure,” he said. “These groups, which previously felt they had a certain degree of invulnerability because of their technical skills and being able to hide, aren’t.”
Mr. Davis appeared briefly in London’s City of Westminster Magistrates’ Court, wearing dark shades, black T-shirt under blue denim and carrying Free Radicals, a book by Michael Brooks dedicated to the anarchic, libertarian leanings of scientists.
Mr. Davis said little in court – just confirmed his personal information and listened to the list of charges as they were read out.
British prosecutors have pointed to Mr. Davis as the man behind Topiary – the vocal alias acting as spokesman for hacker collective LulzSec. The group has become notorious over the past few months for its irreverent targeting of everyone from News International to PBS.
According a Forbes reporter, the teen winced as prosecutor Rav Chodha pronounced the name of the impish hacktivist organization he’s accused of leading as “Luke Sec.”
The group is an apparent offshoot of Anonymous, a hacktivist group that went after opponents of Julian Assange’s Wikileaks last year. While Anonymous was seen as explicitly politically driven, Lulzsec seemed more playful. The group claimed responsibility for replacing the U.S. public broadcaster’s website with an illustration of rainbows and cats and a fake story about Tupac Shakur; more recently, they posted a faux obituary of Rupert Murdoch on the Sun’s website.
Mr. Davis faces charges under the UK’s Computer Misuse Act, the Serious Crime Act and the Criminal Law Act. He’s accused of having a hand in distributed denial-of-service attacks – incapacitating a website with overwhelming traffic similar to an endlessly pushed “Refresh” button.
Ms. Chodha said Mr. Davis was found with a laptop running 16 virtual computers that were running dozens of applications, and in possession of the personal online log-in information for hundreds of thousands of members of the public.
(Internet access has been a priority for the Shetland Islands, an archipelago north of Scotland. The local council passed a digital strategy in June pledging to bring fast broadband access to 90 per cent of residents by 2016).
Judge Howard Riddle ordered Mr. Davis released on bail until his next court appearance Aug. 30. Mr. Davis is allowed to live with his mother in Lincolnshire as he awaits trial, provided he stays off the Internet and keeps a strict 10 p.m. to 7 a.m. curfew. An electronic tag will help ensure he does.
A Twitter account for Topiary had been wiped to leave only one message, from July 21: "You cannot arrest an idea." The account's bio reads in part, "Worked with Anonymous, LulzSec, and other such paragons of intense cyber victory."
