You don't mess with rogue hackers 4chan
- — 02 October, 2010 05:54
First, let's get one thing straight. You can consider tugging on Superman's cape. You can probably spit into the wind without severe repurcussions. You can suggest that Michael Arrington likes to dress up in women's clothing and go clubbing in his size 14 stilettos. You can do and say all kinds of things on the Net that would be otherwise considered vulgar or even dangerous in civilized company.
But you don't mess around with 4chan, the most diabolical, fiendish, loosely disorganized body of digital miscreants on the InterWebs. Anybody with any sense knows that.
[ Want to cash in on your IT experiences? InfoWorld is looking for stories of an amazing or amusing IT adventure, lesson learned, or war tale from the trenches. Send your story to email@example.com. If we publish it, we'll keep you anonymous and send you a $50 American Express gift cheque. ]
Well, make that anybody but London firm ACS:Law, which decided to mess around with 4chan and is now paying the price (along with a lot of otherwise innocent people).
As regular readers of this blog know, 4chan is the group loosely associated with "Anonymous," which caused the Church of Scientology fits in 2008 and posted fake news reports of the death (from cocaine overdose) of AT&T CEO Randall Stephenson in July 2009. The 4chan message board is responsible for such Internet memes as Rickrolling and Lol Catz, and its members managed to get their nominal leader, Christopher Pool (aka Moot), elected Time Magazine's "Most Influential Person of 2009" by gaming the Time.com website.
The collective ingenuity and sheer adolescent bravado of the 4channers is something to behold. Like I said, you don't want to mess with them.
Recently, 4chan began venting its ire upon the RIAA, the MPAA, and agents engaged by said parties to take down BitTorrent sites like Pirate Bay in what it called "Operation: Payback is a bitch." The 4channers began by launching DDoS attacks against these sites on earlier this month, taking them offline for a few hours, grabbing a few headlines, but otherwise having little more than a symbolic impact on their operations.
One of the sites attacked was ACS:Law, a U.K.-based law firm engaged by copyright holders to pursue file swappers. U.K. tech news site The Register contacted ACS:Law chief Andrew Crossley by phone to ask him about the attacks. The Reg quoted him thusly:
"It was only down for a few hours. I have far more concern over the fact of my train turning up 10 minutes late or having to queue for a coffee than them wasting my time with this sort of rubbish," he said.
Yes, that's right. He messed with 4chan, in public. As Scooby Doo might say, "rut-ro."
It turns out that, among other things, ACS:Law represents content providers in the adult entertainment industry and has been aggressively pursuing people accused of illegally swapping porn on file sharing networks, trying to extract money out of them. But while ACS may be tigers in pursuing copyright scofflaws, it was meek as a kitten when it came to keeping the names and addresses of those alleged porn fiends secure.
So 4chan hacked the ACS site, scooped up the completely unencrypted database of emails about the 5,300 British citizens that ACS has been dunning, and published it -- on Pirate Bay, naturally.
ACS may be found guilty of violating the U.K.'s Data Protection Act and be liable for fines of £500,000  (about $800K). BT, the telecom giant that sent ACS information on some of its users in an unencrypted Excel spreadsheet, may also face stiff fines under the Act. But the biggest victims of 4chan's hack may be the people whose names are permanently besmirched by allegations of downloading "Chubby Chasers" and "Bareback Britain."
The Torrent Freak blog summarizes some of the ACS emails that were posted on Pirate Bay:
On one letter a married man explains how he, his wife and his family have been affected by wrongful allegations that he downloaded gay porn movie 'Bareback Britain'. ...
A single mother of two explains how her husband who left her the previous year could have been responsible for the infringement and offers to pay the 'fine' of £495 in instalments for £20/£30 per month. ...
Another case where a woman wrongfully accused finds out her son carried out the infringement was forced into paying on his behalf, despite the fact that she was neither liable nor responsible.
So if you thought the RIAA and MPAA were a******s, it seems their friends across the pond are just as rotten. Yes, some of those 5,300 people were downloading porn, and yes some were trying to avoid having to pay for it. Still, having their lives ruined seems too steep a price for those deeds.
Unfortunately, the concept of collateral damage doesn't hold much weight with the 4channers. They clearly operate under a scorched-earth/take-no-prisoners policy. Had some adult supervision prevailed, they might have been able to make their point while still redacting the personal information of the porn-loving British public.
Still, as ACS has now probably learned, it shouldn't have messed with 4chan. I certainly wouldn't.
Have you ever done anything on the Net you wouldn't want your neighbors (or 1 billion netizens) to know about it? You can be honest -- we're all friends here. Post your misdeeds below or email them to me: firstname.lastname@example.org.