Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:11 PM
Sharon Gaudin
Sharon Gaudin

Vigilante Hacker -- Hero Or Menace? Your Call…

The jury's out on a controversial hack job. Oh, one man is already going to jail in this tale. The question is whether the hacker who helped put the bad guy away was the hero of the story or just another bad guy. What's your take on this one?

The jury's out on a controversial hack job. Oh, one man is already going to jail in this tale. The question is whether the hacker who helped put the bad guy away was the hero of the story or just another bad guy. What's your take on this one?Last Friday, I wrote about a former California judge being sentenced for possession of child pornography. A 27-month sentence wrapped up the case about six years after a vigilante hacker infiltrated the judge's computer with a Trojan horse designed to weed out pedophiles.

The man going to jail is Former Orange County Superior Court Judge Ronald C. Kline, 65, of Irvine, Calif. He had pleaded guilty to four counts of possession of child pornography, admitting that the images of child porn were on his home computer, two floppy disks, and one portable disk drive.

Federal prosecutors had to traverse a bumpy road with this case, though. It was a question of how the government got the evidence on Kline, and whether it was admissible in court.

Brad Willman, a Canadian known in hacker circles as Citizen Tipster, wrote the Trojan and embedded it in images of child pornography. He then planted the images on newsgroup sites frequented by pedophiles. Once users downloaded the images, their computers would be infected by the Trojan and Willman would have access to their machines so he could root around in them, looking for other child pornography or even molestation evidence, according to Assistant U.S. Attorney Greg Staples.

Willman has not been charged for the computer break-ins, or for writing and distributing the malware.

Do you think he should have been?

According to U.S. laws (I admit I'm not all that familiar with Canadian law), what Willman did could have sunk him in a lot of legal trouble. He wrote and distributed malware. People's computers were infected. And he broke into the infected computers, invading the users' privacy.

The fact that law enforcement got the goods on Kline because of an illegal search and seizure tripped up the prosecution. One judge threw the case out, saying Willman (who actually calls himself a "hacktivist") was working as an agent of the government so the government could not benefit from his break-in. The prosecutors convinced an appeals court that the vigilante hacker was working on his own so the trial was back on. Then Kline gave up the ghost and pled guilty.

The government wouldn't have had a case without Willman and his Trojan. Rarely do we hear about a Trojan out there on the side of the angels, but because of the hacker and his Trojan, this one man will behind bars and not downloading anything.

Still, what Willman did was illegal. Government types and even one forensics investigator say if would-be do-gooder hackers begin taking up their own causes, we're going to be dealing with a heck of a mess. It's hard for forensic detectives to prove that someone, for example, downloaded child porn when there's a Trojan on the machine, opening back doors and muckin' up the works. And if hackers start attacking systems in the name of one cause or another, that is just going to litter cyberspace with more malware than we've already got now.

But I struggle to say what Willman did was wrong. On the other hand, I can see the mess that we will face if others follow in his footsteps.

So what do all of you think? Hactivists? Vigilante hackers? Are they heroes or a menace?

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS Build 20210202 and later Q...
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...