Deric Lostutter

As the controversy surrounding the FBI investigation of Deric Lostutter–aka KYAnonymous, the hacker who brought the Steubenville rape case to national attention back in December–increases, so does the list of questions. Lostutter, who is facing charges relating to the hacking of the Steubenville High football fan site RollRedRoll.com, elected to go public and solicit donations for his defense prior to being officially charged with any crimes, sparking allegations of fraud and misconduct among the cyber community. I had an opportunity to speak with Jason Flores-Williams, the attorney currently representing Lostutter, via e-mail on Monday, who stated that he and Lostutter “would not go gently into that good night”, and that coming forward before formal charges were made was in order to “disrupt the government narrative before it could take hold.”

“The government has a higher than ninety-two percent conviction rate in federal court because they control everything. They control the    arguments made in the courtroom. They control the dialogue surrounding the case. They control the way a defendant is perceived. The  presumption of innocence goes out the window before the first juror is ever sworn. We determined that we were not going to let that  happen.”–Attorney Jason Flores-Williams, Whistleblower Defense League

Jason Flores-Williams

The charges against Lostutter under the Computer Fraud And Abuse Act (CFAA) include Identity Theft and Conspiracy, the latter of which appears to have been confirmed by Noah McHugh–aka BatCat–the hacker who claimed responsibility for hacking RollRedRoll.com back in February. McHugh has been conspicuously silent since the investigation of Lostutter began. When asked by Flores-Williams about McHugh’s involvement in the case, or whether he plans on releasing any statements, he stated that he cannot speak for McHugh in any capacity, but that he and his staff are “protecting and defending Deric from every possible angle” and working to learn “everything there is to know about any person of interest in this matter.”

While #OpRedRoll–the Knightsec operation that began with the hack Lostutter is being investigated for–was taking place, Deric was also involved in two other Knightsec operations under the moniker KYAnonymous, #OpHuntHunter and #OpWestboro. If charged, Lostutter faces three felonies under the CFAA. Flores-Williams would not comment on whether the potential charges pertained solely to #OpRollRedRoll, citing attorney-client privilege. He also would not comment on whether the FBI was investigating any link between Lostutter and the e-mail virus that was sent to Steubenville PD Chief McCafferty’s computer back in January, which along with death threats made to Jefferson County Sheriff Fred Abdalla, prompted law enforcement officials to contact and involve the FBI.

The main charge Lostutter is being investigated for is a violation of CFAA Title 18, Section 1030, which involves violating what is known as a “protected computer”. According to the law, a “protected computer” is defined as one that is:

• exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
• which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States.

Flores-Williams claims that the hack of RollRedRoll.com did not violate Title 18, Section 1030, stating the following:

“The definition of ‘protected computer’ has been unconstitutionally extended by the government to almost any computer that it deems to be protected so that it can use the statute to prosecute anyone they determine to prosecute. The statute is overbroad and the usage of ‘protected computer’ is an illegally vague statutory element that we intend to challenge directly in a motion if these charges are brought.”

When asked to clarify what law or laws the hack violated, Flores-Williams refused to comment.

(cross-posted at Soapbox Magazine)