 |
By NOAM COHEN
Published: January 20, 2013
In the early days of 2011, the Massachusetts Institute of Technology learned that it had an intruder. Worse, it believed the intruder had been there before.
Months earlier, the mysterious visitor had used the school’s computer network to begin copying millions of research articles belonging to Jstor, the nonprofit organization that sells subscription access to universities. The visitor was clever — switching identifications to avoid being blocked by M.I.T.’s security system — but eventually the university believed it had shut down the intrusion, then spent weeks reassuring furious officials at Jstor that the downloading had been stopped.
However, on Jan. 3, 2011, according to internal M.I.T. documents obtained by The New York Times, the university was informed that the intruder was back — this time downloading documents very slowly, with a new method of access, so as not to alert the university’s security experts.
“The user was now not using any of the typical methods to access MITnet to avoid all usual methods of being disabled,” concluded Mike Halsall, a senior security analyst at M.I.T., referring to the university’s computer network.
What the university officials did not know at the time was that the intruder was Aaron Swartz, one of the shining lights of the technology world and a leading advocate for open access to information, with a fellowship down the road at Harvard.
Mr. Swartz’s actions presented M.I.T. with a crucial choice: the university could try to plug the weak spot in its network or it could try to catch the hacker, then unknown. The decision — to treat the downloading as a continuing crime to be investigated rather than a security threat that had been stopped — led to a two-day cat-and-mouse game with Mr. Swartz and, ultimately, to charges of computer and wire fraud. Mr. Swartz, 26, who faced a potentially lengthy prison term and whose trial was to begin in April, was found dead of an apparent suicide in his Brooklyn apartment on Jan. 11. Mr. Swartz’s supporters called M.I.T.’s decision a striking step for an institution that prides itself on operating an open computer network and open campus — the home of a freewheeling programming culture. M.I.T.’s defenders viewed the intrusion as a computer crime that needed to be taken seriously.
M.I.T. declined to confirm any of these details or comment on its actions during the investigation. The university’s president, L. Rafael Reif, said last week, “It pains me to think that M.I.T. played any role in a series of events that have ended in tragedy.” He appointed a professor, Hal Abelson, to analyze M.I.T.’s conduct in the investigation. To comment now, a spokeswoman for the university said, would be “to get ahead of that analysis.”
Early on Jan. 4, at 8:08 a.m., according to Mr. Halsall’s detailed internal timeline of the events, a security expert was able to locate that new method of access precisely — the wiring in a network closet in the basement of Building 16, a nondescript rectangular structure full of classrooms and labs that, like many buildings on campus, is kept unlocked.
In the closet, Mr. Halsall wrote, there was a netbook, or small portable computer, “hidden under a box,” connected to an external hard drive that was receiving the downloaded documents.
At 9:44 a.m. the M.I.T. police were called in; by 10:30 a.m., the Cambridge police were en route, and by 11 a.m., Michael Pickett, a Secret Service agent and expert on computer crime, was on the scene. On his recommendation, a surveillance camera was installed in the closet and a second laptop was connected to the network switch to track the traffic.
There may have been a reason for the university’s response. According to the timeline, the tech team detected brief activity from China on the netbook — something that occurs all the time but still represents potential trouble.
E-mails among M.I.T. officials that Tuesday in January 2011 highlight the pressures university officials felt over a problem they thought they had solved. Ann J. Wolpert, the director of libraries, wrote to Ellen Finnie Duranceau, the official who was receiving Jstor’s complaints: “Has there ever been a situation similar to this when we brought in campus police? The magnitude, systematic and careful nature of the abuses could be construed as approaching criminal action. Certainly, that’s how Jstor views it.”
Some of Mr. Swartz’s defenders argue that collecting and providing evidence to the government without a warrant may have violated federal and state wiretapping statutes. “This was a pivotal moment,” said Elliot Peters, Mr. Swartz’s lawyer. “They could have decided, we’re going to unplug this computer, take it off the network and tell the police to get a warrant.”
Mr. Peters had persuaded a judge to hear his arguments that the evidence collected from the netbook be excluded from the trial, asserting that Mr. Swartz’s Fourth Amendment protections from unlawful search and seizure had been violated. (All charges against Mr. Swartz were dropped after his death.)
Investigators first caught sight of Mr. Swartz on camera the day it was installed. At 3:26 p.m., the timeline notes, the “suspect is seen on camera entering network closet, noticeably unaware of what had occurred all morning.”
But Mr. Swartz managed to leave before the police could arrive. Also, “on his way out, the suspect shuts off the lights,” the timeline reports, which “will hurt video quality and possibly work against the motion activation of the camera.” A technician quickly turned them back on.
Mr. Swartz certainly knew his way around the M.I.T. campus — as his defense pointed out in court, he had given a guest lecture there, he had many friends on campus, and his father, Bob Swartz, remains as a consultant at the university’s Media Lab. Two days later, the timeline notes that Aaron Swartz “enters network closet while covering his face with bike helmet, presumably thinking video cameras may be in hallway.” More seriously for the M.I.T. investigation, “once inside and with the door closed, he hurriedly removes his netbook, hard drive and network cable and stows them in his backpack.” He was gone within two minutes, too quickly for the police to catch him.
Perhaps suspecting he was being watched, Mr. Swartz moved the computer. But M.I.T.’s tech team believed it had tracked it to the fourth floor of the same Building 16. The university called for “police presence.”
A little after 2 p.m., according to the government, Mr. Swartz was spotted heading down Massachusetts Avenue within a mile of M.I.T. After being questioned by an M.I.T. police officer, he dropped his bike and ran (according to the M.I.T. timeline, he was stopped by an M.I.T. police captain and Mr. Pickett). He was carrying a data storage device with a program on it, the government says, that tied him to the netbook. The arrest shocked friends of Mr. Swartz, as well as M.I.T. alumni. Brewster Kahle, an M.I.T. graduate and founder of the digital library Internet Archive, where Mr. Swartz gave programming assistance, wrote: “When I was at M.I.T., if someone went to hack the system, say by downloading databases to play with them, might be called a hero, get a degree, and start a company. But they called the cops on him. Cops.”
Mr. Swartz turned over his hard drives with 4.8 million documents, and Jstor declined to pursue the case. But Carmen M. Ortiz, the United States attorney in Boston, decided to press on. The government has defended M.I.T.’s decision to “collaborate” with the federal investigation and argued there was no need for a warrant because, as a trespasser on M.I.T.’s campus, Mr. Swartz had no reasonable expectation of privacy for his netbook. And M.I.T.’s officials were rightfully concerned, the government argued, by the threat they faced.
“M.I.T. had to identify the hacker and assist with his apprehension in order to prevent further abuse,” the government argued in court.
Michael Sussmann, a Washington lawyer and a former federal prosecutor of computer crime, said that M.I.T. was the victim and that, without more information, it had to assume any hackers were “the Chinese, even though it’s a 16-year-old with acne.” Once the police were called in, the university could not back away from the investigation. “After there’s a referral, victims don’t have the opportunity to change their mind.” Mr. Swartz’s father, in a telephone interview, described himself as “devastated” by M.I.T.’s conduct during the investigation of his son. “M.I.T. claimed they were neutral — but we don’t believe they acted in a neutral way,” he said, adding, “My belief is they put their institutional concerns first.”
He described attending two meetings with the chancellor of M.I.T., Eric Grimson. Each time there also was a representative of the general counsel’s office. At both meetings, he said, members of M.I.T.’s legal team assured him and the chancellor that the government had compelled M.I.T. to collect and hand over the material. In that first meeting, he recalled, “I said to the chancellor, ‘Why are you destroying my son?’ He said, ‘We are not.’ ”
John Schwartz contributed reporting.
This article has been revised to reflect the following correction:
Correction: January 21, 2013
An earlier version of this article misquoted part of statement by a spokeswoman for the Massachusetts Institute of Technology. Referring to a review of M.I.T.’s conduct that was commissioned by the university’s president, she said to comment now on the events surrounding Aaron Swartz’s arrest would be “to get ahead of that analysis,” not “to get ahead of that investigation.”
A version of this article appeared in print on January 21, 2013, on page A1 of the New York edition with the headline: How M.I.T. Ensnared a Hacker, Bucking a Freewheeling Culture.
In the early days of 2011, the Massachusetts Institute of Technology learned that it had an intruder. Worse, it believed the intruder had been there before.
Months earlier, the mysterious visitor had used the school’s computer network to begin copying millions of research articles belonging to Jstor, the nonprofit organization that sells subscription access to universities. The visitor was clever — switching identifications to avoid being blocked by M.I.T.’s security system — but eventually the university believed it had shut down the intrusion, then spent weeks reassuring furious officials at Jstor that the downloading had been stopped.
However, on Jan. 3, 2011, according to internal M.I.T. documents obtained by The New York Times, the university was informed that the intruder was back — this time downloading documents very slowly, with a new method of access, so as not to alert the university’s security experts.
“The user was now not using any of the typical methods to access MITnet to avoid all usual methods of being disabled,” concluded Mike Halsall, a senior security analyst at M.I.T., referring to the university’s computer network.
What the university officials did not know at the time was that the intruder was Aaron Swartz, one of the shining lights of the technology world and a leading advocate for open access to information, with a fellowship down the road at Harvard.
Mr. Swartz’s actions presented M.I.T. with a crucial choice: the university could try to plug the weak spot in its network or it could try to catch the hacker, then unknown. The decision — to treat the downloading as a continuing crime to be investigated rather than a security threat that had been stopped — led to a two-day cat-and-mouse game with Mr. Swartz and, ultimately, to charges of computer and wire fraud. Mr. Swartz, 26, who faced a potentially lengthy prison term and whose trial was to begin in April, was found dead of an apparent suicide in his Brooklyn apartment on Jan. 11. Mr. Swartz’s supporters called M.I.T.’s decision a striking step for an institution that prides itself on operating an open computer network and open campus — the home of a freewheeling programming culture. M.I.T.’s defenders viewed the intrusion as a computer crime that needed to be taken seriously.
M.I.T. declined to confirm any of these details or comment on its actions during the investigation. The university’s president, L. Rafael Reif, said last week, “It pains me to think that M.I.T. played any role in a series of events that have ended in tragedy.” He appointed a professor, Hal Abelson, to analyze M.I.T.’s conduct in the investigation. To comment now, a spokeswoman for the university said, would be “to get ahead of that analysis.”
Early on Jan. 4, at 8:08 a.m., according to Mr. Halsall’s detailed internal timeline of the events, a security expert was able to locate that new method of access precisely — the wiring in a network closet in the basement of Building 16, a nondescript rectangular structure full of classrooms and labs that, like many buildings on campus, is kept unlocked.
In the closet, Mr. Halsall wrote, there was a netbook, or small portable computer, “hidden under a box,” connected to an external hard drive that was receiving the downloaded documents.
At 9:44 a.m. the M.I.T. police were called in; by 10:30 a.m., the Cambridge police were en route, and by 11 a.m., Michael Pickett, a Secret Service agent and expert on computer crime, was on the scene. On his recommendation, a surveillance camera was installed in the closet and a second laptop was connected to the network switch to track the traffic.
There may have been a reason for the university’s response. According to the timeline, the tech team detected brief activity from China on the netbook — something that occurs all the time but still represents potential trouble.
E-mails among M.I.T. officials that Tuesday in January 2011 highlight the pressures university officials felt over a problem they thought they had solved. Ann J. Wolpert, the director of libraries, wrote to Ellen Finnie Duranceau, the official who was receiving Jstor’s complaints: “Has there ever been a situation similar to this when we brought in campus police? The magnitude, systematic and careful nature of the abuses could be construed as approaching criminal action. Certainly, that’s how Jstor views it.”
Some of Mr. Swartz’s defenders argue that collecting and providing evidence to the government without a warrant may have violated federal and state wiretapping statutes. “This was a pivotal moment,” said Elliot Peters, Mr. Swartz’s lawyer. “They could have decided, we’re going to unplug this computer, take it off the network and tell the police to get a warrant.”
Mr. Peters had persuaded a judge to hear his arguments that the evidence collected from the netbook be excluded from the trial, asserting that Mr. Swartz’s Fourth Amendment protections from unlawful search and seizure had been violated. (All charges against Mr. Swartz were dropped after his death.)
Investigators first caught sight of Mr. Swartz on camera the day it was installed. At 3:26 p.m., the timeline notes, the “suspect is seen on camera entering network closet, noticeably unaware of what had occurred all morning.”
But Mr. Swartz managed to leave before the police could arrive. Also, “on his way out, the suspect shuts off the lights,” the timeline reports, which “will hurt video quality and possibly work against the motion activation of the camera.” A technician quickly turned them back on.
Mr. Swartz certainly knew his way around the M.I.T. campus — as his defense pointed out in court, he had given a guest lecture there, he had many friends on campus, and his father, Bob Swartz, remains as a consultant at the university’s Media Lab. Two days later, the timeline notes that Aaron Swartz “enters network closet while covering his face with bike helmet, presumably thinking video cameras may be in hallway.” More seriously for the M.I.T. investigation, “once inside and with the door closed, he hurriedly removes his netbook, hard drive and network cable and stows them in his backpack.” He was gone within two minutes, too quickly for the police to catch him.
Perhaps suspecting he was being watched, Mr. Swartz moved the computer. But M.I.T.’s tech team believed it had tracked it to the fourth floor of the same Building 16. The university called for “police presence.”
A little after 2 p.m., according to the government, Mr. Swartz was spotted heading down Massachusetts Avenue within a mile of M.I.T. After being questioned by an M.I.T. police officer, he dropped his bike and ran (according to the M.I.T. timeline, he was stopped by an M.I.T. police captain and Mr. Pickett). He was carrying a data storage device with a program on it, the government says, that tied him to the netbook. The arrest shocked friends of Mr. Swartz, as well as M.I.T. alumni. Brewster Kahle, an M.I.T. graduate and founder of the digital library Internet Archive, where Mr. Swartz gave programming assistance, wrote: “When I was at M.I.T., if someone went to hack the system, say by downloading databases to play with them, might be called a hero, get a degree, and start a company. But they called the cops on him. Cops.”
Mr. Swartz turned over his hard drives with 4.8 million documents, and Jstor declined to pursue the case. But Carmen M. Ortiz, the United States attorney in Boston, decided to press on. The government has defended M.I.T.’s decision to “collaborate” with the federal investigation and argued there was no need for a warrant because, as a trespasser on M.I.T.’s campus, Mr. Swartz had no reasonable expectation of privacy for his netbook. And M.I.T.’s officials were rightfully concerned, the government argued, by the threat they faced.
“M.I.T. had to identify the hacker and assist with his apprehension in order to prevent further abuse,” the government argued in court.
Michael Sussmann, a Washington lawyer and a former federal prosecutor of computer crime, said that M.I.T. was the victim and that, without more information, it had to assume any hackers were “the Chinese, even though it’s a 16-year-old with acne.” Once the police were called in, the university could not back away from the investigation. “After there’s a referral, victims don’t have the opportunity to change their mind.” Mr. Swartz’s father, in a telephone interview, described himself as “devastated” by M.I.T.’s conduct during the investigation of his son. “M.I.T. claimed they were neutral — but we don’t believe they acted in a neutral way,” he said, adding, “My belief is they put their institutional concerns first.”
He described attending two meetings with the chancellor of M.I.T., Eric Grimson. Each time there also was a representative of the general counsel’s office. At both meetings, he said, members of M.I.T.’s legal team assured him and the chancellor that the government had compelled M.I.T. to collect and hand over the material. In that first meeting, he recalled, “I said to the chancellor, ‘Why are you destroying my son?’ He said, ‘We are not.’ ”
John Schwartz contributed reporting.
This article has been revised to reflect the following correction:
Correction: January 21, 2013
An earlier version of this article misquoted part of statement by a spokeswoman for the Massachusetts Institute of Technology. Referring to a review of M.I.T.’s conduct that was commissioned by the university’s president, she said to comment now on the events surrounding Aaron Swartz’s arrest would be “to get ahead of that analysis,” not “to get ahead of that investigation.”
A version of this article appeared in print on January 21, 2013, on page A1 of the New York edition with the headline: How M.I.T. Ensnared a Hacker, Bucking a Freewheeling Culture.
