Former Tribune staffer denies giving hackers log-in credentials

Matthew Keys took to Facebook to deny charges against him

Former Tribune Company employee Matthew Keys has denied giving a username and password to anyone, or conspiring to cause damage to a protected computer.

Keys was charged with one count each of conspiracy to cause damage to a protected computer, transmission of malicious code and attempting to transmit malicious code, according to a federal indictment filed last week in the U.S. District Court for the Eastern District of California.

He was previously employed as a Web producer for television station KTXL Fox 40 in Sacramento, which is owned by Tribune, but was terminated in October 2010.

In December that year, Keys is alleged to have given log-in credentials to the content management system (CMS) of the Tribune Group to members of hacker group Anonymous, and encouraged them to disrupt the website, the Department of Justice said. He is alleged to have used the nickname "AESCracked" for his IRC (Internet Relay Chat) communications with members of Anonymous.

At least one of the computer hackers used the credentials provided by Keys to log into the Tribune Company server, and made changes to the Web version of a Los Angeles Times news feature, according to DOJ.

In a Facebook post on Wednesday, Keys denies the charges.

He wrote: I did not give a username and a password to anyone. I did not "conspire" to "cause damage to a protected computer." I did not cause "transmission of malicious code," and I did not "attempt" to cause "transmission of malicious code."

Keys, who faces up to 25 years in jail, said his attorneys have said much the same in the past few days, but he felt it might mean more if it came from him directly.

The indictment against Keys has been criticized by online rights groups. It comes after the suicide in January of Internet pioneer and activist Aaron Swartz, who faced charges before his death for allegedly accessing and downloading over 4 million articles from the JSTOR online database through the network of the Massachusetts Institute of Technology. If convicted, Swartz could have faced up to 35 years in prison and a fine of US$1 million, which was seen as too disproportionate a sentence.

The case "underscores how computer crimes are prosecuted much more harshly than analogous crimes in the physical world," said the Electronic Frontier Foundation about Keys' indictment.

The EFF said physical vandalism like spray painting graffiti on a freeway sign can be punished under California state law either as a misdemeanor--which comes with a maximum of a one year sentence--or a felony which carries a sentence of 16 months, 2 years or 3 years. However, one of the counts on which Keys has been charged, which related to altering content of a news article, is a felony with a maximum punishment of five years in prison under the Computer Fraud and Abuse Act, EFF said last week.

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John's e-mail address is john_ribeiro@idg.com

Tags securityTribune Companylegalinternet

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

ZENworks® Endpoint Security Management

Protect against bugs in USB Storage devices

Latest Jobs
Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.