On Oct. 3, a federal grand jury indicted 13 alleged members of the hacker collective Anonymous for conspiring to intentionally cause damage to protected computers. Each of them is charged with committing cybercrimes while taking part in Anonymous’ Operation Payback.
Operation Payback originated on 4chan, and involved Anonymous targeting organizations that had lobbied for stricter enforcement of copyright laws online, such as the Motion Picture Association of America (MPAA). Some of these same institutions, most of which represent America’s entertainment industry, have previously hired the Indian firm Aiplex Software to privately enforce these laws. This included forcibly shutting down websites that wouldn’t comply by using a denial of service attack. In 2010, the managing director of Aiplex confirmed that Hollywood studios, including 20th Century Fox, had hired the company.
After popular file sharing site the Pirate Bay was attacked, Anonymous retaliated by taking down various entertainment industry websites, including that of the MPAA. In order to accomplish the takedown, Anonymous also used a distributed denial-of-service attack, which is the cause of the recent criminal indictment.
At least one of the defendants, Dennis Collins, is also a member of the PayPal 14, a separate Anonymous group that was previously charged with similar crimes. The 14 allegedly carried out DDoS attacks against eBay-owned online payments site PayPal in 2010, after PayPal blocked donations to whistleblower site WikiLeaks.
The PayPal 14 case remains in limbo. The defendants reportedly tried to negotiate a settlement earlier this year, but no resolution has been reached and no trial date has been set.
Both the PayPal 14 and the Operation Payback defendants were charged under the Computer Fraud and Abuse Act, called “the worst law in technology” by some activists. It was famously used against Aaron Swartz, a young Internet activist who committed suicide in January 2013 while facing 35 years in prison for downloading academic journals without permission.
DDoS attacks, charged as hacking under the CFAA, are often used as a form of political protest. Earlier this year, Anonymous unsuccessfully petitioned the White House to consider them protected speech acts under the First Amendment. They argue that the law should make a distinction between “hacking” and simple push-button DDoS attacks like the ones in the PayPal and Operation Payback cases, which don’t involve unauthorized access to any data.
In June, two U.S. senators introduced a bill called “Aaron’s Law” in honor of Swartz, with the intention of reforming the CFAA.