Researcher Releases 10 Million Usernames And Passwords In Fight Against Obama’s War On Hackers
With the sentencing of Barrett Brown, a journalist who was convicted of numerous crimes and whose jail time was increased because he posted a link to stolen data, and some worrying cyber security proposals from the Obama administration that would appear to outlaw the everyday activities of researchers, both hacks and hackers have been anxious about the chilling effects on their work. Quinn Norton, a long-time security writer, said she would no longer report on leaked information for fear of arrest. Errata Security’s Robert Graham said there was a war being waged on professional hackers who have only been trying to make the internet safer.
One researcher, Mark Burnett, isn’t taking these affronts to his quotidian existence lying down, however. He’s decided to release a whopping 10 million usernames and passwords that he discovered during his investigations into data leaks, removing the domain portion from email addresses. Previously, researchers have been happy to release passwords but not concomitant usernames, which together might provide authentication to people’s online accounts. But Burnett believes they need to be studied together to get a better understanding of how people choose their login credentials.
Though he knows US statutes could be used against him, Burnett argued in his blog that he was not knowingly disseminating the data with intent to defraud, which the law requires for prosecutorial action. Indeed, the ultimate aim of releasing the usernames and passwords is to help people protect from fraud and unauthorized access. And the data were previously made publicly available in some format over the last decade, meaning they’re likely “dead passwords”.
Though he believes current laws are on his side, Burnett said under Obama’s proposals to change the Computer Fraud and Abuse Act, which remove “with intent to defraud” and replace it with “willfully”, he’d likely get into more trouble with the law.
Depressingly for Burnett, he’s been fighting the same fight for at least 15 years, he told Forbes. “The government needs to be aware there is a balance between research and laws are made to punish people,” he said. “[It’s similar to] marijuana research. No one has been able to research marijuana as it’s illegal. it shouldn’t be illegal to research.” Burnett said that whilst he hasn’t ever been directly approached by law enforcement, the publisher of his book Stealing the Network was contacted by the FBI to warn about the dangers of publishing such information.
Thus far, it doesn’t appear that many are concerned about grabbing the data, including your reporter. According to Burnett, there have been around 10,000 downloads. “There’s no reason to be afraid of committing a crime,” he added. Whilst Norton and others are justifiably backing away from accessing stolen information, this reporter welcomes any disclosure that’s newsworthy.