HideMyAss defends hacker sell-out

Powered by SC Magazine
 

Says it was 'naive' to use paid VPN for cracking.

Web proxy service HideMyAss.com has come under fire after a federal indictment revealed the company handed over details of an alleged LulzSec hacker to US authorities.

The company which encrypts user web traffic was ordered by a British judge, at the request of FBI agents, to release log information about an Arizona man who was arrested Thursday for his role in a hack of SonyPictures.com

Cody Kretsinger, 23, an alleged member of the LulzSec group, was charged with conspiracy and unauthorised impairment of a protected computer.

He is accused of participating in a week-long SQL injection attack, ending in early June, on the Sony Pictures site. The compromise resulted in the theft of data belonging to roughly one million users, some of which was publicly posted.

HideMyAss.com was criticised by privacy advocates and threatened by members associated with the Anonymous hacking collective who believe the service reneged its promise of anonymity.

"Their entire website is covered with references to complete privacy, total anonymity and secure services,"  Privacy International adviser Eric King said.

"They encourage users to put trust in them when actually nothing they claim matches up to reality. There are many anonymity services that make far less grander claims that go to far greater lengths to ensure that users cannot be compromised."

HideMyAss.com said it was following laws in the Britain, where it is based.

"Our VPN service and VPN services in general are not designed to be used to commit illegal activity," the post said.

"It is very naive to think that by paying a subscription fee to a VPN service, you are free to break the law."

The company admitted that it maintains logs of when users connect and disconnect from the service, but not which sites they visit.

King said services like HideMyAss.com should not  track user activity, and in this case should have warned users of the FBI's interest so they may  have been able to contest the log request in court.

He said it was contradictory that the company publicised its services being used by Egyptian protesters during last winter's uprising.

"They're picking issues that support their business image rather than having any core belief to protect privacy," he said. "They don't seem to have any ethical compass at all on these issues."

HideMyAss.com refuted the statement and said protesters sought VPN access to Twitter, not for hacking.

Meanwhile, US prosecutors asked that Kretsinger, who faces up to 15 years in prison, face trial in Los Angeles, the district in which he was charged.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


HideMyAss defends hacker sell-out
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 333

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 138

Vote