Feeds

Hacker who helped find Steubenville rapists threatened with decade in prison

While the rapists get minimum sentence and rehab

3 Big data security analytics techniques

A security consultant who helped uncover evidence of the repeated rape of an Ohio teenager has been raided by the FBI and charged with offenses that could see him spend 10 years in prison.

Last year, a 16 year-old girl from Steubenville, Ohio was repeatedly assaulted by members of the local football team, dubbed Big Red, after she passed out drunk at a party. Despite photos on Twitter of the unconscious girl being carried from house, to house the local police decided there was not enough evidence to investigate the popular sports team's members.

After crime blogger and one-time Steubenville resident Alexandria Goddard started writing about the case, a group of hackers operating under the Anonymous brand decided to get busy and soon found plenty of evidence, including a sickening 12-minute video of one team member joking about having witnessed the attack. The hackers gained control of the Big Red fan site and posted the information there.

The case and subsequent hacking caught the national news media's attention and the local police decided that they did have enough evidence to investigate after all. In March, two teenagers, Trent Mays and Ma’lik Richmond, were convicted of sexual assault and distributing naked images of a minor and sentenced to a minimum of a year in juvenile detention, or a maximum of four years.

Barely a month later, a dozen armed FBI agents raided the home of one of those suspected of the hacking that uncovered evidence of the rape, Kentucky IT security consultant Deric Lostutter – also known as KYAnonymous. Lostutter, his brother, and his sibling's girlfriend were all arrested, computers in the house were confiscated, and the trio was warned not to discuss the case or face charges of "tampering with evidence."

Ohio rape

Doing this gets you a year, uncovering it gets you 10 years

"They want to make an example of me, saying, 'You don't fucking come after us. Don't question us,'" he told Mother Jones.

Lostutter does admit that he helped organize a protest meeting in the town about the lack of police action and appeared on CNN wearing a Guy Fawkes mask to talk about the case. But he denies any hacking charges, saying that someone else has already admitted hijacking the football team's fan site.

That hacker, who operates under the name Batcat, told the local Ohio Herald-Star newspaper in February that he had got into the account by the simplest of means, namely guessing that the answer to the password reset question of the person who owned the fan site would be "Big Red."

Batcat remains at large, but Lostutter now faces computer crime charges that could see him spending ten years in a federal prison, as well as suffering ongoing disruption to his day-to-day consultancy business and facing potentially huge legal fees. A donation site has already raised over $30,000 for his defense.

"I was always raised to stick up for people who are getting bullied," Lostutter said. "I'd do it again."

While El Reg doesn’t condone criminal hacking or cracking, it does seem somewhat ridiculous that a person can face such a light sentence for sexual assault (the victim's attackers are due to be moved to a no-bars rehabilitation center next week) while someone who may have helped expose the crime faces ten years hard time. ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.