US officials face tough task tracing hacktivists
Legal hurdles could make it tough for US prosecutors to go after Wikileaks supporters who waged cyber attacks on Visa, MasterCard, PayPal and other companies.
US Attorney General Eric Holder said at the time of the attacks he was “looking into” it, but there are enormous challenges finding, moving, investigating and finally convicting anyone the US authorities might accuse.
Typically, the US Government prosecutes hacking under the Computer Fraud and Abuse Act, which prohibits the “transmission of a program, information, code, or command” that “intentionally causes damage without authorisation, to a protected computer.”
It’s a broad, powerful statute that applies even to computer crime committed abroad, and can carry prison sentences and heavy fines. But to use it, authorities will first have to locate the elusive hackers and take them to the US.
In this case, a group of internet activists working under the name Operation Payback claimed responsibility for the denial of service attacks, which briefly shut down the websites of several companies that had cut off services to Wikileaks after the whistle blower organisation last month made public a massive trove of secret US diplomatic cables.
Dutch police arrested two Dutch teenagers last week, and other hackers around the globe are believed to be involved, but if the US wants to prosecute and hacktivists apprehended overseas, it relies on foreign governments to extradite them, which can be a political minefield.
However, since 2004, dozens of countries have ratified the Council of Europe’s Convention on Cybercrime, which was designed to harmonise computer crime policy and foster international cooperation.
But a handful of countries, including Russia, have not ratified the treaty.
Prosecuting hackers in those countries could prove difficult, especially if local authorities refuse to pass on details of suspects.
US investigators would have to trace the source of the attacks themselves. First, the infected computers must be located. For investigators in the US, a technical challenge that also presents a legal hurdle in obtaining subpoenas for multiple internet service providers.
Once the infected computers are tracked down, and if the owners don’t voluntarily turn them over, investigators face another legal obstacle: getting a search warrant to examine the hard drives.
Only then can they begin the complex forensic analysis aimed at tracing the program back to its source.