Late last week Barrett Brown, a former Anonymous spokesman, was indicted over an Anonymous hack of Stratfor, a global intelligence firm. Along with thousands of internal emails that Wikileaks has been publishing, Anonymous released credit card information of both Stratfor employees and its clients.
Brown is facing multiple charges but the very first is very odd: Brown posted a hyperlink to the stolen credit card information that was, by then, publicly available online.
In a press release, the FBI writes:
According to the indictment, Brown transferred a hyperlink from an Internet Relay Chat (IRC) channel to an IRC channel under his control. That hyperlink provided access to data stolen from the company Stratfor Global Intelligence (Stratfor), which included more than 5,000 credit card account numbers, the card holders’ identification information and the authentication features for the credit cards, known as the Card Verification Values (CVV). By transferring and posting the hyperlink, Brown caused the data to be made available to other persons online, without the knowledge and authorization of Stratfor and the card holders.
Here’s the rub for reporters. From Gawker’s Adrian Chen:
As a journalist who covers hackers and has “transferred and posted” many links to data stolen by hackers—in order to put them in stories about the hacks—this indictment is frightening because it seems to criminalize linking. Does this mean if a hacker posts a list of stolen passwords and usernames to Pastebin, the popular document-sharing site, and I link to them in a story or tweet I could be charged with “trafficking in stolen authentication features,” as Brown has been? (I wouldn’t typically do this, but I’ve seen plenty of other bloggers and journalists who have.) Links to the credit card number list were widely shared on Twitter in the wake of the Stratfor hack—are all the people who tweeted links going to be rounded up and arrested, too?
The question here isn’t whether its ethical to link to such information but whether it’s legal. The indictment against Brown claims no, no it’s not.
Remember, over five million emails were stolen, are now on Wikileaks and are being used by news organizations to report on global intelligence operations. By the indictment’s logic, linking directly to them is a crime.