A bizarre crime story with interesting computer security implications was revealed today when Aaron Swartz, a co-founder of the online news site Reddit and a Fellow at the Harvard University Ethics Center, was indicted for a massive data theft.
As reported in The Register, Swartz allegedly broke into a MIT wiring closet and installed a hidden laptop with multiple external hard drives. He used this to download over 4.8 million articles from JSTOR, an online archive of academic journals.
MIT’s network administrators detected the intrusion but were unable to locate the physical access point. When they tried to halt the data theft by blocking first Swartz’s IP address, then his MAC address, he easily evaded these measures by changing them.
The indictment suggests that Swartz intended to sell the articles or perhaps upload them to some Wikileaks-style website. However Swartz’s personal website suggests another motive.
Apparently his published research has involved downloading and and analyzing large numbers of academic articles to determine the source of their funding, hoping to establish a pervasive pattern of evil corporate influence on academic research. This escapade may have part of a project to do the same thing on a much larger scale.
UPDATE: A more sympathetic account in Wired (which has ties to Swartz and is owned by the same company as Reddit) makes his actions seem a bit less outrageous. According to Wired the illicit laptop was hidden in a Harvard wiring closet, still without the permission of the network administrators, but it doesn’t sound like it involved actual breaking and entering.
Also the Wired article claims that JSTOR would have given him access to the articles if he had asked, that he returned the articles and that JSTOR was satisfied and didn’t want to prosecute him. The author clearly feels that the federal indictment is overkill.
Personally I am most interested in the network security implications of the story. The MIT admins detected that there was an unauthorized machine on their network stealing their data, but they couldn’t block it or even figure out where it was located–and apparently it turned out to be located at Harvard, using an external network link that they couldn’t monitor!
UPDATE 2: Aaron Swartz clearly has a lot of friends among tech journalists and many of the things being posted seem biased and misleading. Other sources are just quoting from the indictment which is also biased of course. It’s still not clear to me whether he broke into a building on the MIT campus or did his hacking in a Harvard building that he had legitimate access to–a significant point in my view.
Timothy B. Lee has posted what may be the best analysis both of Swartz’s motives and why his actions were wrong and harmful.