Feeds

Computing student jailed after failing to hand over crypto keys

Sledgehammer once again used to crack a nut

Protecting against web application threats using SSL

+Comment A computer science student accused of hacking offences has been jailed for six months for failing to hand over his encryption passwords, which he had been urged to do in "the interests of national security".

Christopher Wilson, 22, of Mitford Close, Washington, Tyne and Wear, was jailed for refusing to hand over his computer passwords, a move that frustrated an investigation into claims he launched an attack on a police website.

Wilson, who has Asperger's Syndrome, was suspected of "trolling" the Northumbria Police as well as attempting to break into the Serious Organised Crime Agency's website.

In particular, he was accused of phoning in a fake warning of an impending cyber attack against Northumbria Police that was convincing enough for the force to temporarily suspend its site as a precaution once a small attack started. Wilson also allegedly used a voice changing device in order to fool the authorities.

He was also accused of advocating the posting of deliberately inflammatory messages on a Facebook condolence page set up for two female police officers shot dead in Manchester.

Wilson only came to the attention of police in October 2012 after he allegedly emailed warnings about an online threat against one of the staff at Newcastle University. Two threatening messages sent to the vice chancellor of Newcastle University were traced to systems at Northumbria University, where Wilson was studying for a master's degree in computers at the time. The messages stated someone - who supposedly had access to a handgun and ammunition - was making threats online to kill a member of Newcastle University staff.

The threatening emails came from computer servers linked to Wilson. Police obtained a warrant on this basis and raided his home in Washington, where they seized various items of computer equipment.

Wilson denied making the threats and the prosecution for those offences was eventually dropped. However, over this time, Wilson became a suspect in the threats against Northumbria Police. Investigators wanted to examine his encrypted computer but the passwords supplied by Wilson turned out to be incorrect.

None of the 50 passwords he provided worked. Frustration with his lack of co-operation prompted police to obtained an order from a judge compelling him to turn over the correct passphrase last year. A judge ordered him to turn over these passwords on the grounds of national security but Wilson still failed to comply, earning him six months behind bars.

Refusal to hand over crypto keys is a violation of section 49 of RIPA, the UK's sometimes controversial wiretapping law.

Judge Simon Hickey said during a hearing at Newcastle Crown Court:

What you were doing was for your own satisfaction, showing what you could do with your undoubted skill with computers.

But this is a serious offence and I can’t avoid an immediate custodial sentence. ®

Comment

The “refusal to hand over crypto keys” provisions were put into RIPA by legislators on the basis that the measure was needed for the investigation of terrorism and serious crimes. However, the latest case, like others before it, has involved the investigation of far less serious offences.

"Minor DDoS attacks on Police & University websites do not justify use of 'national security' in ‪#RIPA‬ s49 forced crypto key handover notice," said SpyBlog in an update on Twitter.

More on the case can be found in a story by the Daily Mail here and a local report by the Newcastle Chronicle (here) and the Sunderland Echo (here).

A more technical perspective - and a comparison with comparable US laws - is given in a post on Sophos' Naked Security blog here.

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.