Justin faces up to five years in prison; sentencing scheduled for 12 May 2017
Computer science student Justin Liverman, who was arrested by the FBI in September on suspicion of involvement with Crackas with Attitude (CWA), has signed a plea agreement. CWA claimed to have accessed emails from the AOL account of CIA Director John Brennan in late 2015, which were later published by WikiLeaks as the Brennan emails.
Justin is one of five individuals arrested on suspicion of involvement with CWA, and one of two – both US nationals – to face likely charges under the notorious Computer Fraud and Abuse Act.
Justin was scheduled for indictment in the Eastern District of Virginia on 28 December 2016. Working with his legal team of Tor Ekeland, Jay Leiderman and Marina Medvin, he instead opted for an agreement in which he pleads guilty to one felony count of conspiracy in return for a reduced sentence. The agreement stipulates that CWA caused 1.5M USD of damage, with $95,000 of that due to Justin.
Justin still faces a maximum sentence of five years imprisonment and likely restitution payments. His sentencing hearing will be held on 12 May at 9AM.
Sarah Harrison, Acting Director of Courage, said
Without CWA, the public would not know that the Director of the CIA did not take adequate precautions around his own security clearance questionnaire. There’s barely any point talking about “cyber attacks” from sophisticated nation state actors when the highest level officials are leaving the front door wide open.
If John Brennan will not face any penalty for his negligence, there’s no good reason why anyone else should do. Justin Liverman’s potential sentence is outrageous given the relative triviality of the Department of Justice’s allegations. Courage’s emergency appeal for Justin will remain open until he no longer needs our assistance.
This is yet another instance where the CFAA’s potentially draconian penalties outweigh the actual harm alleged. That the head of the CIA, an agency that undoubtedly hacks the personnel emails of adversaries around the world to blackmail them, failed to use two step authentication is scandalous. The same can be said of the FBI’s Criminal Justice Information Service, a national law enforcement database that was allegedly accessed through the same simple social engineering technique. Nothing was really hacked in this case because important government officials and agencies left the door wide open. One hopes that hostile nation state actors didn’t walk through that open door before Justin did.
Justin has today admitted to taking part in the relatively newly-minted beneficent tradition of providing information the public must know to WikiLeaks. Crackas With Attitude have shown the world that the heads of the CIA, the National Cyber Command and US Homeland Security are themselves so cyber-insecure that it appears they were cut straight outta incompetence. It’s time for the US to stop snooping on citizens and to get its own house in order.
Crackers with Attitude, aptly named, cracked entry into our highest ranking government officials’ accounts; easily too. What they also did was “crack” our over-trusting, optimistic perception of the American government. They showed us the need to second-guess our government’s promise of security and trust. I personally believe that significant good will come of this; that our government will implement stronger and more secure data policies – hopefully strong enough to keep kids from reading it and redistributing it.