UNLV student arrested by FBI for hacking in support of Wikileaks
This article has been read 1862 times.
Journalism student faces 15 years in prison and $500,000 in fines if convicted
The Federal Bureau of Investigation (FBI) arrested UNLV student Mercedes Renee Haefer on hacking charges on Tuesday.
Haefer was one of 14 individuals arrested nationwide for their involvement with internet hacking group Anonymous, which synchronized an attack on PayPal’s website from Dec. 6-10 of 2010, according to an indictment filed by United States Attorney Melinda Haag in San Jose, Calif. on July 13.
The first charge in the indictment against Haefer was conspiracy and consent with hackers to “commit Intentional Damage to a Protected Computer,” citing PayPal’s protected computers as those attacked.
Haefer was also indicted for damage caused in the hacking attempt, without authorization to PayPal’s computers.
“Caused loss to 1 or more person’s during a one-year period from the defendants course of conduct affecting protected computers aggregating at least $5,000 in value,” the indictment said.
If convicted, Haefer faces a maximum penalty of five years in prison and $250,000 in fines for the first count and 10 years and $250,000 for the second charge.
Haefer was a journalism and media studies pre-major at the UNLV Hank Greenspun School of Journalism and Media Studies.
The indictment also stated that Anonymous’ attack on PayPal was meant to avenge PayPal’s cancellation of its WikiLeaks account because of an alleged breach of PayPal’s terms of service.
WikiLeaks, founded by Julian Assange on Oct. 4, 2006, had an online-transfer account, which was suspended after WikiLeaks released classified diplomatic cables on late Nov. 2010.
WikiLeaks declared that the suspension of its PayPal account rendered it economically strangled, as its main source of revenue were private donations through the website, according to the release.
The FBI release stated that, as of now, the defendants who have been indicted remain innocent until proven guilty “beyond reasonable doubt” as the indictment contains allegations only.
UNLV journalism and media studies professor and director of the journalism school said Haefer had only taken three introductory journalism classes, but didn’t proceed through the program.
“This student was at the doorway of a journalism program but chose not to pursue,” Stout said. “Had she done so, she would have been exposed to classes that would have enhanced her decision making abilities.”
In a comment relating to Haefer’s participation at the journalism school, Stout said that the ultimate goal of the school was to prepare excellent journalists with a strong sense of ethics by stressing the subject of ethics in all the journalism courses offered at the school.
He added that the journalism school does not encourage unethical behavior in any way stating that journalism students should be prepared to make intelligent ethical decisions.
“We don’t condone unethical behavior that results in the harm of the audience,” Stout said regarding Haefer’s actions.
Haefer, who used the online alias “No” and “MMMM,” was part of a group that coordinated distributed denials of service (DDoS) attacks against PayPal, according to the release, which also stated that Anonymous referred to the attack as “Operation Avenge Assange.”
“Anonymous, also known as AnonOps, was an online collective of individuals that was associated with collective hacking attacks motivated by political and social goals, often referred to as ‘hactivism,’” the indictment said.
The indictment made the allegation that Anonymous attempted to “saturate” PayPal’s computer network with “external communication requests.” This overwhelmed and crashed PayPal’s website, making it inaccessible, according to the indictment.
According to the FBI release, over 75 searches have taken place up to date as “part of the ongoing investigations” into the attacks.
Contact Maria Ágreda at news@unlvrebelyell.com.
Imposing a 15 year sentence and a fine of 500k is too much I thinks! No equipment was damaged and no data stolen so it’s not actually hacking per se unless there is more info that we are not privy to. Govt is cracking down on civil disobediences and liberties at an alarming rate! Free Mercedes!
Alan I agree completely.
Dont do the Crime if you cant do the time. If you’re too foolish to research which crimes you’re committing and whats possibly at stake then you definitely deserve what ever time you get. Good riddance to ignorant, unskilled, hacker rubbish.
She did an illegal thing. That’s it. The law is the law. You do not get to choose your laws AFTER THE FACT. Got a problem with it? File a complaint to the relevant people? How many of you did and have done since?
Didn’t think so.
I wonder how much money the FBI spent on busting these teenagers who only sought to annoy and inconvenience PayPal. I also wish Professor Stout had not backhandedly criticized Ms. Haefer’s choice of college courses. She was a pre-journalism major and had perhaps not completed the prerequisites needed to formally apply to the program. It’s like saying that had my coworker, who recently foreclosed on his house, had continued with math studies, he’d have learned enough math to budget and not lose his house. Let’s not accuse her until she has her day in court. I wish statements from her professors had been neutral, simply saying that they hope our justice system does right and that this case progresses quickly.
tl;dr = we’re screwed and no one cares. We have many problems but no one is pointing fingers in the right direction. With enough money you can do whatever you want.
Why are we imprisoning people for hacking websites? Shouldn’t the proprietor of the business in question be responsible for it’s own protection? Pay Pal and company can’t spare a portion of their gdamn ridiculous profits to hire these young students to help protect their assets? Why are we doing business with them?
Any company that does not have adequate security measures should be forced out of business by those that do… Pretty simple you would think. Unfortunately, these days every business is too big and is not allowed to fail. Why are we propping up the bankers and corporations like pay pal if they won’t do it themselves?
Companies like these are insulated from competition due to the enormous amounts of capital it would take to compete with them. These companies know that and don’t care about you/your money/personal information. They will not be held accountable because they don’t have to. They create their own barriers to entry into “their” business environment.
PayPal … great job and damaged computer. It’s so cute, dozen of well payed IT stuff is so dumb and can’t stop a DoS attack.
PayPal currently trying to stop the sale of goods from Kuba in Europe, maybe they should rethink thier priorities.
Whoops, *she* and *her* should be replaced there as appropriate.
No more commenting before coffee. But srs tho, I mean it about helping.
I wonder if he has counsel (I certainly hope so). Likewise, I wonder if there’s anything the law school can do to help. We ought to look out for our own, especially when his “crime” is benign for the reasons folks mention above.
Good to see that prof. Stout stressed out the ethics, not the law. Mercedes did not do anything unethical. Illegal? Maybe. But “Legal” was never equal to “ethical”.
Hey render64, you make too many allegations over there. If you don’t know then say so. I’ll tell you rat what I know, you fancy yourself as the soldier on the front lines. You friendly fire, bra! You are so cherry the rot is upon you.
How can pinging a company’s website cause damage to its computers? It is typical method for a person to sell information. A sit in? The person will be charged with trespassing and other crimes. People who have done sit ins in the past knew that they would get arrested, but felt that the issue was important enough to fight for.
It is hard to determine when the overt activities of Anonymous will end, but they will end. In the mean while I think some people should take the time to read about cyber crimes and computer intrusion.
I’m glad the resources that could be directed towards stopping neo-nazi terrorists before they plant bombs on Martin Luther King day parade routes is being so wisely redistributed. Naturally, the cost/threat analysis of these different actions makes sense– a bomb blast or shooting by racist extremists only removes a paltry hundred potential consumers from the economy– but making a website unavailable for several hours without any physical damage to the servers denies that company the profits from millions of people!
After all, that’s why the FBI devoted so much energy to infiltrating the Yippies. Smelly, pie-throwing hippies never actually killed anyone, but the fact that they posed a direct threat to capitalism itself was enough to raise the ire of the self-appointed culture police. I suppose as long as you are nominally acting in the interests of mainstream, moderately conservative, patriotic christian ideology, you get a free pass from people in charge.
The FBI will crush Haefer into a fine powder, but they will do absolutely nothing when the Chamber of Commerce or Bank of America hire “hackers” like HBGary to do their dirty work.
Trying to dismantle Anonymous by arresting random teenagers is about as effective as arresting the Santa Claus in the shopping mall in order to prevent XMas from happening.
In China, they give these kind of kids a job and all the protection a state can offer, as long as they hack targets in the West – the West tries to lock them away. Who, you think, will win the cyber war?
How can pinging a company’s website cause damage to its computers? All that will happen – all that did happen in fact – is the website will crash for a few hours. It’s the digital equivalent of a sit-in – how is protest an unethical and criminal act? Sounds more like a corporate giant using the FBI as henchmen to deter and discourage future protest about its behaviour. Btw, how ethical was it of Paypal to cut off an organisation, Wikileaks, that has not broken any laws in any country? Oh, and is the FBI also going after the people who did an DDoS attack on Wikileaks’ servers two days before the release of the State Dept cables? No, thought not.