Sophos Cloud Optix
A Norwegian hacking gang is said to have broken into two email accounts belonging to Anders Breivik Behring, the right-wing extremist who killed over 70 people in the country last month.
The gang, who call themselves Noria, is said to be led by a 17 year old youth and is reported to have handed all the information they acquired from Behring’s email accounts to freelance journalist.
The journalist, Kjetil Stormark, was asked by the hackers to pass the material to police investigating the mass-killings.
The same hacking gang is believed to have been responsible for a hack of Behring’s Twitter account a couple of weeks ago.
Although most people’s reaction would probably be to applaud the hackers’ actions for now breaking into the killer’s email accounts, I think it’s worth thinking a little deeper about the hack actually means from the perspective of the ongoing investigation into Behring and the atrocity to which he has confessed.
The police would, for understandable reasons, be very interested in getting their hands on the contents of Behrin’s email accounts and seeing who he has been communicating with, and what he has been discussing.
However, if hackers have broken into his email account then they have effectively compromised the evidence. A defence lawyer could easily argue that as soon as unauthorised parties, who were not following proper investigatory procedures, plundered his email account they could also have deleted or otherwise changed some of its contents.
Furthermore, it sounds as if the contents of Anders Breivik Behring’s email accounts were accessed illegally – meaning that even if there was information which would prove useful in a prosecution of Behring or others, it may not be admissible in court.
Usually, it’s best to leave criminal investigations to the professionals – the police. If you think you may be able to help the police with their inquiries, you should contact them directly and ask them how you might best assist.
Don’t take the law into your own hands by hacking – you might find that you’re actually not helping at all.
Hat-tip: ABC Nyheter
Surely the police could get a court order to access his e-mail accounts?
The worrying thing is that these are the same people that promoted the falsification of Anders Bhering Breiviks manifest so you can't trust that they haven't falsified the emails also.
I'm not 100% certain, but I thought stolen or questionably obtained evidence is only inadmissible if the police or lawyers involved in the case were directly involved in the theft/acquisition in question.
A GANG?
Really?
Hand-signs, Drive-by shootings and Hardened Thugs?
If it's illegally obtained evidence and can't be used in court. . . why is this a problem?
The problem is…
Why didn't the authorities already secure this info???
It sounds like the hackers, along with the shooting-suspect, have been competing with a justice system that came to class unprepared.
A gang.
That's hilarious.
Your point is quite weak I think. I doubt that lack of evidence of his crimes will be the reason Breivik is not convicted. Dozens of corpses on the bottom of Tyrifjorden lake should be enough to convice the judges, don't you think?
No harm done, here.
And what if police wanted to use information from his emails to charge other individuals?
Other individuals like who…? They have no reason to look in his emails and it would probably be far too much trouble to legally do so. now they may at least have an idea of who.
According to the media reports I've read, the authorities are interested in other people/groups that he may have been involved with.
Very unlikely that there will be sufficient evidence in these mails to actually charge other individuals. To get an idea of who to watch, though… and also, the media might want to use this information to check whether people speak the truth when they say they never talked to him.
Legal accountability is one thing. But social accountability is probably just as important in this case.
C'mon, if the police didn't manage to look into the account after – how many days? – chances are they never will. Now they can ask the journalist for a copy, and everybody is happy.
Play by Breivik's rules and reveal the e-mail content to the world!
Norway seems too nice with this terrorist! -så far!
This is not only a Norwegian affair!
Fair questions raised here.
The police has already received a copy, handed over to them by me on Saturday. The authenticity of the emails can easily be verified by the police by accessing the mail accounts directly, in stead of just evaluating the copies they have received. By cooperating with the ISP in question, there should be a fair chance to access logs that would indicate whether or not there has been attempts to alter anything (of the contents) in the email accounts after July 22.
The clue here is that the perpetrator has maintained a significant number of email accounts. The police does not necessarily know about all of them.
So helping them finding the accounts is the single most important part of the endavour undertaken by the hacker group Noria, which I first came into contact with during my work on an extensive story on hacktivism, done for the Norwegian magazine Plot. Noria is a group of bright young people who were shocked by the events on July 22, and wanted to help the police in building a case against the perpetrator.
The email evidence is not inadmissable, in accordance with Norwegian law, in certain situations the police can utilize information obtained even illegally, if the police was not the ones committing or initiating the unlawful access to the evidence.
I welcome any contributions or clues on the online activities by Anders Behring Breivik the last few years, if any of you have insight on the matter. I am working on a book on the matter.
I am easily reached on kjetil.stormark@gmail.com
"The authenticity of the emails can easily be verified by the police by accessing the mail accounts directly."
To verify the authenticity of an e-mail, first you need a copy of that individual's Public Key. Since most people don't bother using any e-mail security, the likelihood of Breivik using Digital Certificates for his e-mail would be very doubtable.
You could check the e-mail headers for basic things like, times, IP addresses, etc. Although these are easily faked before being sent and received to the recipients Inbox folder. But even if they weren't, these hackers – assuming I have read this article correctly – had root access to the mail servers. So EVERYTHING could have been removed/modified/added at the physical hard drive level. This means that ANYTHING that the hackers may have wanted to destroy/edit/create could have been done undetectably if the hackers were talented enough.
Without Breivik's – probably non-existent – Digital Signature, there is no e-mail evidence. But I'm sure that won't stop them using it as "evidence". Not in this type of case anyway.
How did they do it? As Breivik is currently in police custody, it’s impossible they gained access trough his computer. Doesn’t this mean everyone is at risk of being hacked by NORIA?
From what I've read, and the research I've done myself, Breivik appears to be pretty naïve when it comes to infosec. He uses cheap home-made codes in his "manifesto", does not appear to know about or use strong encryption, and his twitter account was hacked (99% chance the explanation for that is a weak password, or a password reused from a site with poor security).
The reason he managed to avoid attention was not any sort of brilliance, just that there are too many forum warriors like him, and the security services foolishly thought none of them would follow through with their bluster. If he had at any point attracted actual attention from an investigator, his attempts at concealing himself would not have lasted long (as NORIA's hacking proves).
Does this mean this group can hack anyone? How’d they do this? They obviously were unable to infect Breivik’s computer or anything like that.
ITT: Graham Cluley jumps to hasty conclusions about the Norwegian justice system based on the American system, in an effort to paint all hacking, forever, as an absolute wrong.
This doesn’t directly address the article, but I’m annoyed whenever I see that photoshoppped super-aryan idealized self-portrait of Behring that he used as his avatar. The other pictures of him in his manifesto, and the pictures of him when he was apprehended, show him to be soft-looking, slightly overweight, puffy-faced and somewhat-balding. I’d rather not see him glorified by use of his preferred avatar.
This all sound like something out of a Stieg Larsson novel! And no, I know he was Swedish, not Norwegian.
Mark at http://www.idgconnect.com/blog
Kjetil,
If their goal was to help police with discovering unknown accounts, all they had to do was provide e-mail address / provider info.
While there might be a 'fair' chance of correlating logs with providers, that is certainly not a given. A risky bet that could backfire badly.
And how did they come by these accounts to begin with?
Have they compromised other, innocent parties in their quest to get to ABB's stuff?
They are making a mess, no matter how good the intentions.