Feeds

HideMyAss defends role in LulzSec hack arrest

Anons vow to give ass-hiders a hiding

The Essential Guide to IT Transformation

HideMyAss has defended its role in handing over evidence that resulted in the arrest of a suspected LulzSec member last week.

UK-based HideMyAss, which offers freebie web proxy and paid-for VPN services, said it handed over potentially incriminating data to the feds only in response to a court order. It had been aware that its service was being used by Anonymous/LulzSec members for some time before this without taking any action, as a blog post headed LulzSec fiasco by the firm explains.

Cody Andrew Kretsinger, 23, of Phoenix, Arizona allegedly used HideMyAss.com's web proxy service to hack into the systems of Sony Picture Entertainment as part of a hack that exposed the personal details of thousands of gamers. According to the court order, Kretsinger used SQL injection techniques that were run via HideMyAss's anonymising web proxy service to launch the high-profile attack.

HideMyAss explains:

It first came to our attention when leaked IRC chat logs were released, in these logs participants discussed about various VPN services they use, and it became apparent that some members were using our service. No action was taken, after all there was no evidence to suggest wrongdoing and nothing to identify which accounts with us they were using.

At a later date it came as no surprise to have received a court order asking for information relating to an account associated with some or all of the above cases. As stated in our terms of service and privacy policy our service is not to be used for illegal activity, and as a legitimate company we will cooperate with law enforcement if we receive a court order (equivalent of a subpoena in the US).

HideMyAss, which bills itself as a leading online privacy website, adds that it does not condone illegal activity, saying that similar services that do not co-operate with law enforcement are "more likely to have their entire VPN network monitored and tapped by law enforcement, thus affecting all legitimate customers". The service said it carries out session-logging, recording the time a customers logs onto and disconnects from the service as well as the IP addresses he or she connects to. It said it does not record the actual content of web traffic.

Twitter accounts affiliated with Anonymous were unsurprisingly vociferous in their criticism of HideMyAss's business practices and assistance of a federal investigation, dubbing the service SellMyAss, and arguing that HideMyAss users are less likely to trust it and more likely to look for alternatives.

"Question @HideMyAssCom: Was it worth to rat out one guy who allegedly hacked #PSN in exchange for all your business? You will find out soon," AnonymousIRC said.

HideMyAss, which was established in 1995, was set up as a way to bypass censorship on the web before moving on to offer commercial VPN services. It boasts of its recent role in allowing Arab Spring protesters to gain access to websites such as Twitter, which were blocked by the former Egyptian government of Hosni Mubarak. Privacy activists have accused HideMyAss of double standards over its handling of the Kretsinger case.

"The Hide My Ass VPN service is run by a bunch of hypocrites," said Jacob Appelbaum, a core member of the Tor project, in a Twitter update. "They support revolution and circumvention when it suits their business image."

In updates to its original blog posts, HideMyAss defended its stance on this point, arguing that it simply complies with UK law. It denied acting as a pawn at the behest of the Feds.

"We are not intimidated by the US government as some are claiming, we are simply complying with our countries legal system to avoid being potentially shut down and prosecuted ourselves.

"Regarding censorship bypassing, some have stated it is hypocritical for us to claim we do not allow illegal activity, and then claim our service is used in some countries to bypass censorship illegally. Again we follow UK law, there isn’t a law that prohibits the use of Egyptians gaining access to blocked websites such as Twitter, even if there is one in Egypt ... though there are certainly laws regarding the hacking of government and corporate systems," it concludes. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.