Reuters journalist who allegedly conspired with Anonymous hackers is suspended

Matthew KeysA Reuters journalist has been indicted by a US federal grand jury for allegedly handing over the login credentials of his former employer, Los Angeles Times parent company Tribune Co., to people claiming allegiance to the hacker movement Anonymous., which currently employs 26-year-old Matthew Keys as a deputy social media editor, suspended him with pay on Friday.

An employee at the company’s New York office said that Keys’s workstation was being dismantled and that his security pass had been deactivated, according to subsequent reporting from Reuters.

The US Department of Justice announced the indictment [PDF] on Thursday.

Keys was indicted on three criminal counts:

  • Conspiracy to transmit information to damage a protected computer,
  • Transmitting information to damage a protected computer, and
  • Attempted transmission of information to damage a protected computer.

Prosecutors claim that Keys promised to give hackers access to Tribune Co. websites, and that one went on to deface a story on the company’s Los Angeles Times website.

From a Department of Justice statement:

"Keys identified himself on an Internet chat forum as a former Tribune Company employee and provided members of Anonymous with a login and password to the Tribune Company server... After providing log-in credentials, Keys allegedly encouraged the Anonymous members to disrupt the website."

The exact wording of said encouragement, according to the indictment, being Keys telling the hackers to “go f**k some s**t up.”

Part of indictment against Matthew Keys

On Thursday, Keys tweeted that he had found out about the indictment the same way most of us did: via Twitter.

The story told by court filings is of a disgruntled former employee who acted as a double agent with Anonymous hackers, working both with them and against them.

The case began in December 2010, when Keys allegedly provided the login credentials for a computer server belonging to KTXL FOX 40’s corporate parent, the Tribune Company.

The indictment maintains that Keys identified himself on an Internet chat forum as a former Tribune Company employee and that he handed over a login and password for the server.

According to the indictment, the hacker ultimately defaced a Los Angles Time news story, changing its headline, byline and sub-headline to include the name “CHIPPY 1337”.

Also, a line in the article was changed to read:

"House Democratic leader Steny Hoyer sees 'very good things' in the deal cut which will see uber skid Chippy 1337 take his rightful place, as head of the Senate, reluctant House Democrats told to SUCK IT UP."

The indictment further claims that Keys chatted with the hacker who claimed credit for the defacement, offering to try to regain access for him after system administrators fended off the hacker and locked him out.

When he learned of the hacker’s ultimate success in defacing the Los Angeles Times page, Keys allegedly responded, “nice.”

It’s a long and twisty story, involving famed (and subsequently busted) former Anonymous top dog Sabu having outed Keys back in March 2011.

Buzzfeed has done a great job of pulling together all the intricacies of Keys’s story, including an image of the defaced Los Angeles Times new story, a blog post from Keys about losing his job at the local FOX Affiliate in Sacramento, California, and more, including this statement from Keys’s current employer, Thomson Reuters:

"We are aware of the charges brought by the Department of Justice against Matthew Keys, an employee of our news organization... Thomson Reuters is committed to obeying the rules and regulations in every jurisdiction in which it operates. Any legal violations, or failures to comply with the company's own strict set of principles and standards, can result in disciplinary action. We would also observe the indictment alleges the conduct occurred in December 2010; Mr. Keys joined Reuters in 2012, and while investigations continue we will have no further comment."

Will Keys get fired from Reuters? Should he?

Reuters logoBuzzfeed checked in with a Reuters employee who said that yes, if Keys is found guilty of divulging login credentials while at Reuters, he will have violated the company’s Trust Principles, which is grounds for immediate dismissal.

What if Keys is found guilty of working with Anonymous only before Reuters hired him?

It’s hard to imagine any reputable news venue countenancing the type of betrayal alleged in these charges.

If I were a Reuters editor or lawyer, I’d be finding ways to ensure Keys didn’t come back from his suspension in the eventuality of a guilty verdict.

This case may look a little muddy given that journalists working undercover can act as double agents, but the fact is, Keys wasn’t working for the news outlet at the time of the breach he allegedly helped to bring about.

As far as what non-journalists can take away from this, the lesson is this: priority No. 1 should be to shut down accounts for terminated employees.

Shuttering accounts should be a priority, but it often isn’t.

You can’t assume that a disgruntled former employee won’t open up your systems to spammers, plant malware, or replace the CEO’s presentation with porn.

If found guilty, Keys is looking at a maximum of 10 years in prison and a fine of up to $250,000.