Last December, a group of hackers quietly orchestrated an attack on Stratfor Global Intelligence Service, a company based in Austin, Tex., that analyzes geopolitical risk and publishes a newsletter for various clients, among them the Departments of Homeland Security and Defense. The hackers breached the company's network and, once inside, confided in their fellow hacker, Hector Xavier Monsegur, and, as it turns out, the Federal Bureau of Investigation.
Six months earlier, in June, the F.B.I. had arrested Mr. Monsegur and turned him into an informant. With his help, four hackers in Britain and Ireland were charged last Tuesday with computer crimes; a fifth man was arrested Monday in Chicago. Using the information he passed along, F.B.I. officials said it was able to thwart attacks on roughly
300 private companies and government agencies.
But with Stratfor, they were not so lucky.
..
formatting link
***** Moderator's Note *****
Is Ms. Perlroth referring to the "Anonymous" hackers, or was the Stratfor attack conducted by a different group?
If the attacks were conducted by citizens of Ireland and England, who arrested them? Are those countries party to a treaty that makes their citizens subject to U.S. law?
The United States has extradition treaties with many other countries. The "hacking" took place on machines located within the United States, against a U.S. corporation, so no extraterritoriality is implied.
The legal issue is _where_ the crime occurred. The laws of *that* jurisdiction apply.
I believe that a violation of, say, 18 USC 1030 is deemed to occur _where_ the computer(s) in question is(are) located. Thus, U.S. law enforcement can file a criminal complaint/indictment in U.S. Courts, even if the perp is extra-territorial -- his acts in 'touching' the computer 'inside' the U.S. is sufficient -- according to U.S. law -- to give the U.S. courts "jurisdiction" over him. Then it is simply a matter of bringing the purported perpetrator before said court for trial.
There -are- extradition treaties in place between a _lot_ of countries that do apply in such situations. Thus 'local' law-enforcement could take the alleged perp(s) into custody pending extradition.
The alleged perps may *also* have violated 'domestic' laws concerning, say, 'receiving stolen property' -- with the evidence developed by "the F.B.I. and others" being sufficient to support local charges in _that_ jurisdiction as well.
This is all a matter of _long-established_ legal principles, and practice.
The NY Times article is lacking in 'technical details' of the arrests, so anything based on that is 'speculation".
Some subsequent digging shows that those arrested used the collective name of "LulzSec", which is described as "*an* operating arm of the hacking organization known as 'Anonymous''.
Of the six persons arrested, two are residents of the U.S., two resided in the United Kingdom, and two reside in Ireland.
All six face multiple charges in the U.S, prosecution being coordinated by the U.S. Atty for the Southern District of New York.
The two U.K. residents face separate charges in the U.K., and at least one of the Ireland residents appears to be facing local charges there.
Googling for 'lulzsec' and 'f.b.i.' brings up a bunch of more detailed coverage.
***** Moderator's Note *****
The NY Times article was a once-over-lightly fluff piece, with no background, no research, and lots of scare tactics. The EFFA_BEE_EYE is coming to get you if you embarrass the big boys! The EFFA_BEE_EYE will reach out to anyone who DARES to hack into a computer!
Yes, but extradition treaties invariably have limits. For example, many countries will not extradite murder suspects to the US unless they get a guarantee of no death penalty.
The UK has a fairly bad extradition treaty which makes it way too easy to extradite people to the US for stuff that's (arguably) legal in the UK. It's a political issue there.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.