Sophos Cloud Optix
Matthew Keys, who on Monday was fired from his job as Reuters editor while under indictment for allegedly conspiring with Anonymous to attack websites of a former employer, pleaded not guilty in federal court on Tuesday.
According to The Huffington Post, the 26-year-old journalist “didn’t utter a single word inside the courtroom” and refused to speak to the media outside.
US federal prosecutors claim that Keys handed over login credentials for his former employer, Los Angeles Times’ parent company, Tribune Company – and told Anonymous to “go f**k some s**t up.”
The indictment [PDF], filed in March, portrays Keys as a disgruntled former employee who acted as a double agent with Anonymous hackers.
According to the indictment, he provided hackers with usernames and passwords in late 2010, after he was fired from his job at Tribune-owned KTXL Fox 40 in Sacramento, California.
Keys allegedly provided login credentials for a computer server belonging to KTXL FOX 40’s corporate parent, the Tribune Company.
A hacker who branded himself as Anonymous-affiliated ultimately defaced a Los Angles Times news story, changing its headline, byline and sub-headline to include the name “CHIPPY 1337” and tweaking an article to read:
"House Democratic leader Steny Hoyer sees 'very good things' in the deal cut which will see uber skid Chippy 1337 take his rightful place, as head of the Senate, reluctant House Democrats told to SUCK IT UP."
Keys’ attorney, Jay Leiderman, on Tuesday told The Huffington Post that Keys was acting as an embedded journalist while he was in the chat rooms:
"He met these people in chat rooms, they knew he was a journalist and knew where he used to work."
Leiderman said that an imposter went on to pose as Keys in the chatrooms and provided usernames and passwords to which Keys didn’t have access:
"This wasn't his work login... This was an all-access pass of sorts. His work login got him access to Fox 40, not all of Trib Co... There's an incongruity to all of this that we're hoping to get to the bottom of in the next couple months."
Keys, who has rejected a plea bargain, is battling three criminal counts: conspiracy to transmit information to damage a protected computer, transmitting information to damage a protected computer, and attempted transmission of information to damage a protected computer.
According to The Huffington Post, maximum penalties for the charges add up to 25 years in prison and a fine of up to $750,000.
Reuters.com, which had employed Keys as a deputy social media editor, suspended him with pay following his indictment last month.
Keys announced on Monday that Reuters had full-out canned him, citing these reasons:
- Persistent social media indiscretion, such as setting up a fake Twitter feed to parody Google’s Larry Page, in spite of having been warned about this type of thing in October;
- Violation of the company’s Trust Principles;
- Identifying himself as a Reuters employee in his Twitter bio while on suspension; and
- Keys’ continued tweeting of scanner traffic during the Boston bombing investigation last week, in spite of the Boston Police Department having asked media to stop.
Keys’ union will file a grievance on his behalf, he says.
He has defended himself against all of Reuters’ complaints, including a Facebook posting saying that he stopped tweeting police scanner traffic after he learned of the BPD’s request.
What a mess.
It’s easy to be influenced against Keys after reading criticism of the journalist, like this.
But it’s also intriguing to think that Keys might never have handed over login credentials to Anonymous, if his lawyer’s “imposter” premise is true, though I would guess that it will take quite a bit of fancy footwork to prove that one.
I say let the court figure out what he’s guilty of.
As far as a security takeaway goes, even if Keys didn’t hand over usernames and passwords, shutting down accounts for fired employees should still be a high priority, though it often isn’t.
Disgruntled workers with keys to the kingdom are capable of far worse trickery than posting tags on news articles from Chippy whats-his-face.
Think opening the door to spammers, planting malware, or replacing a CEO’s presentation with porn.
Keys maintains that Reuters fired him for “political” reasons, the Tribune Company being a major client.
Whatever the company’s real rationale for firing him, one imagines that this time around, Keys’ account has likely been not only shut down but bolted and tossed into the harbor.
Image of Anonymous faces courtesy of Shutterstock.
While it’s comforting to think that your firing is caused by someone else you don’t usually get an “immediate improvement” letter as your first notice.