A security consultant who helped uncover evidence of the repeated rape of an Ohio teenager has been raided by the FBI and charged with offenses that could see him spend 10 years in prison.
Last year, a 16 year-old girl from Steubenville, Ohio was repeatedly assaulted by members of the local football team, dubbed Big Red, after she passed out drunk at a party. Despite photos on Twitter of the unconscious girl being carried from house, to house the local police decided there was not enough evidence to investigate the popular sports team's members.
After crime blogger and one-time Steubenville resident Alexandria Goddard started writing about the case, a group of hackers operating under the Anonymous brand decided to get busy and soon found plenty of evidence, including a sickening 12-minute video of one team member joking about having witnessed the attack. The hackers gained control of the Big Red fan site and posted the information there.
The case and subsequent hacking caught the national news media's attention and the local police decided that they did have enough evidence to investigate after all. In March, two teenagers, Trent Mays and Ma’lik Richmond, were convicted of sexual assault and distributing naked images of a minor and sentenced to a minimum of a year in juvenile detention, or a maximum of four years.
Barely a month later, a dozen armed FBI agents raided the home of one of those suspected of the hacking that uncovered evidence of the rape, Kentucky IT security consultant Deric Lostutter – also known as KYAnonymous. Lostutter, his brother, and his sibling's girlfriend were all arrested, computers in the house were confiscated, and the trio was warned not to discuss the case or face charges of "tampering with evidence."
Doing this gets you a year, uncovering it gets you 10 years
"They want to make an example of me, saying, 'You don't fucking come after us. Don't question us,'" he told Mother Jones.
Lostutter does admit that he helped organize a protest meeting in the town about the lack of police action and appeared on CNN wearing a Guy Fawkes mask to talk about the case. But he denies any hacking charges, saying that someone else has already admitted hijacking the football team's fan site.
That hacker, who operates under the name Batcat, told the local Ohio Herald-Star newspaper in February that he had got into the account by the simplest of means, namely guessing that the answer to the password reset question of the person who owned the fan site would be "Big Red."
Batcat remains at large, but Lostutter now faces computer crime charges that could see him spending ten years in a federal prison, as well as suffering ongoing disruption to his day-to-day consultancy business and facing potentially huge legal fees. A donation site has already raised over $30,000 for his defense.
"I was always raised to stick up for people who are getting bullied," Lostutter said. "I'd do it again."
While El Reg doesn’t condone criminal hacking or cracking, it does seem somewhat ridiculous that a person can face such a light sentence for sexual assault (the victim's attackers are due to be moved to a no-bars rehabilitation center next week) while someone who may have helped expose the crime faces ten years hard time. ®