Computer forensics is a branch of knowledge that pertains to the evidence found in computers and other materials which are digital in nature. Similar to other forensic science, its goal is to uncover evidence and preserve it in a manner that is scientific. Because forensic computer science is concerned with computer related crimes, it involves a disproportionate number of people who are hackers, online dissidents, and hacktivists. One such hacker, internet freedom activist, and hacktivist was Aaron Swartz.
Biographical Information
Swartz was born into a family that already had a focus on the computing world in 1987 in Chicago, to a father who owned a software development firm, the Mark Williams Company (Schwartz). His parents sent him to a private day school, the North Shore County until he reached the ninth grade; however, in the tenth grade, he left high school, which he found boring the way his father had done, and enrolled in a college in Chicago (Schwartz). At 13, he was already very adept in computers and won the ArsDigita Prize that was handed out to young people who helped create purposely and educational websites that were both collaborative and non-commercial (Schwartz). At only fourteen years, Swartz was part of the team that would author the RSS 1.0 specification (Abelson). As it is apparent, while he had a talent for computers from an early age, he did not seek to profit from it, focusing instead on non-commercial computer websites and programs.
Swartz then joined Stanford University. However, similar to his high school, he did not finish college. Instead, he started working on Infogami with its co-founder Simon Carstensen (Schwartz). During this time, Swartz continued to be prolific on the internet application creations helping author a web application framework, web.py, based on the Python framework, which he considered an upgrade to the then widely used Python (Schwartz). He also worked on the online chat room Reddit by helping change the codebase of Reddit from the outdated Lisp to Python and his newly written web.py (Schwartz). His work with Reddit was to see him hired by Conde Nast, a corporation that later acquired the company and controlled Reddit (Schwartz). However, he soon became restive and left the company.
Swartz then became an online dissident founding and launching the website Watchdog.net. The website was supposed to be a tool for accountability by aggregating and helping make data on politicians more understandable to the general population by visualizing it (Witt). His activism continued unabated this time as he developed a program known as SecureDrop that allowed anonymous sources to give information to journalists, without the fear that someone might find out the whistleblower (Witt). This program has become the mainstay of whistleblowing journalism at several organizations including the Guardian and the Washington Post.
Swartz continued his activism by launching the Progressive Change Campaign Committee and Demand Progress. He would later protest against the Stop Online Piracy Act (SOPA) that, among other things, would have authorized the U.S. government to close down the websites, which were affected by online piracy (Witt). Around this time, he was also involved in the Open Access movement, seeking to make much of the information available online free (Witt). Moreover, he wrote a call up call asking people to help break the barriers that existed in online information ,calling the statement the Guerilla Open Access Manifesto (Witt). In 2010, in a bid to know the fate of another dissent, he filed the freedom of information on the treatment of the sources of some of the initial information in WikiLeaks, Chelsea Manning.
Crimes Committed, Statutes and Outcome of the Case
Swart first came into the radar of law enforcement authorities in 2008. In the course of the year, there was a call by his fellow online activist Carl Malamud to help download documents from the Public Access to the Court Electronic Records (PACER) database (Abelson, et al. 32). Swartz went on to download almost three million documents from the resource (Abelson, et al. 32). He hoped that by doing so, he would provide the documents outside the expensive court system, which he contended should be free since those were public documents (Witt). The Federal Bureau of Investigation decided to investigate the case but ultimately decided not to go ahead and press charges after they had concluded that the documents Swartz had were public records (Abelson, et al. 32). At that time, Sward did not even know that he was even under investigation by the FBI and found it out much later when he was requesting the information on Chelsea Manning.
However, he was not to be so lucky with his next misdirection. In 2010 and early 2011, Swartz was a research fellow at Harvard University (Abelson, et al. 33). As is customary, Harvard provided him with a JSOR account for research purposes (Abelson, et al. 33). While visiting the Massachusetts Institute of Technology, he began using the MIT’s computer network to access and download articles in large numbers from JSTOR (Abelson). One of the big factors for the prosecution was that he used a laptop that he would connect to a controlled-access wiring closet in the MIT campus (Abelson, et al. 31). Needing to know who was illegally downloading many articles from their site, the MIT security personnel and police officials placed a camera in the closet (Abelson, et al. 163). After the police and the university had discovered him, JSTOR had no interest in perusing a civil case against him (Bombardieri). Thus, they let him go after he had returned all the articles he had downloaded illegally.
Our outstanding writers are mostly educated to MA and PhD level
However, the lack of interest by JSTOR in perusing a civil case did not stop the prosecutors from persuading a criminal case against him. In early January 2011, the police flanked by a Secret Service agent arrested him (Bombardieri). The prosecutor then charged him in the Cambridge District Court under the charges of breaking and entering with the intent to commit a felony (Bombardieri). In July, the same way, a federal grand jury indicted him for thirteen charges, the chief of which included wire fraud, computer fraud, obtaining information from a computer that was protected, and damaging a protected computer (Bombardieri). The prosecution also charged him with aiding and abetting a computer crime.
The indictments continued with a grand jury at the Middlesex County Superior Court in November 2011. In these instances, the charges were unauthorized access to a computer network, grand larceny, and breaking and entering with intent (Witt). The state prosecutors dropped some of the charges that were similar to the federal ones so as not to impede federal charges.The federal prosecutors offered Swartz a plea deal in which they offered him six months in jail, rather than the maximum exposure of fifty years and around a million of fine with the provison that he would plead guilty to all the federal charges (Witt). However, he refused the deal. The presumption was that he and his attorneys wanted to place the burden on the prosecutors to prove why they continued to peruse Swartz.
The prosecution brought the charges under the 1986 Computer Fraud and Abuse Act. The wire fraud issue was under the 18 US Code s1343. The issue to do with obtaining information from a protected computer was to be prosecuted via 18 U.S Code ss. 1029. Recklessly damaging a protected computer falls under 18 USC ss. 1030. The Congress passed this law so as to netback the government to punish hackers who stole information from computers, destroyed or disrupted their functionality. The prosecution charged him with aiding and abetting under the 18 USC ss2. However, after Swartz had committed suicide, the prosecution dropped all the charges.
Technical Details of the Computer Involvement
In the MIT, a free flow of information is allowed, with even guests having access to the computer network while on campus. However, it still seems that Swartz was aware that downloading huge numbers of articles, more than 80% of the materials in the JSTOR depository, might have been an offense (Bombardieri). He subsequently went to significant technical lengths to hide this aspect.
First, rather than using a wireless connection as is the case for many of the students, he opted to tap into the network, which was not only much faster, but would also allow him to download much more articles. This enabled him to hide his computer as much as possible so that the downloading could go on uninterrupted. Consequently, he opted to connect his laptop to the network system in a closet that the university did not mean (Bombardieri). He would then leave it hidden there for weeks as his downloads continued (Bombardieri). The issue was so sophisticated that some network administrators at first thought that it was an MIT student who was experimenting with a robot (Bombardieri). However, the most sophisticated part of Swartz’s scheme was a script that he wrote; naming it “keepgrabbing.” Bombardieri explains that the code did its work as it downloaded almost half a million articles from the JSTOR website in the timespan of around eleven hours from five in the evening of the 25th of September 2010 to four a.m. the next morning.
Moreover, after that, JSTOR cut off the internet protocol address that Swartz was using. He then used his computer to switch to another address (Bombardieri). Most interestingly, the MIT technicians were able to discover his computer through its registration and stopped it from getting to the network for some time. On discovering this, he went ahead and changed his computer registration details (Bombardieri). At some point, he was responsible for such a significant traffic from JSTOR that was causing delays in JSTOR’s system (Bombardieri). This shows how fast and heavy his downloads were. Moreover, he also managed to slow down the download process to a speed that JSTOR could not detect for several days.
An Assessment of the Sophistication of the Offender and a Psychographic Profile of the Offender
However, the seeming sophistication of Swartz has to be mitigated by the fact the MIT offered a network that is extraordinarily open. There are very few other places where Swartz could have had a routable public IP address (Stamos). One could access the MIT network via an unauthenticated DHCP. The system also seemed to lack even the basic controls to prevent abuse of any kind. Moreover, it also seems that at the time of the download, the JSTOR network offered anyone within the MIT 18.x Class-A network (Stamos). The JSTOR site then did not have any basic controls to avoid such abuses, for instance, a CAPTCHA on reaching a certain number of articles or even restricting the number of articles one could download with one account.
Moreover, while Swartz had the technical know-how of writing a code line, what he did was not too complicated. All he did was write basic scripts based on the Python (.py) system that worked to crawl up the JSTOR website, discover the uniform resource locators of the articles, and then request them (Stamos). It is notable that what he did was not hacking in the most technical definition of the word as it only involved a basic command line whose basic import was downloading a file and saving it in the computer hard-disk.
Some experts have also argued that there was no evidence that Aaron Swartz tried to hide what he was doing. For instance, he was technologically savvy enough to encrypt his computer but did not do so (Stamos). Changing the media access control (MAC) address of the computer was not an effort at hiding, bit more an effort to continue doing his downloads. Moreover, doing so is not even a crime.
On being arrested, he cooperated fully with the police. It seemed that he was not expecting to be under surveillance in any way as he kept his usual routine. The police arrested him near the campus what testified to that fact that he did not have any plans of hiding. However, the arrest, coupled with the possibility of jail time, seems to have made him depressed.
However, the past, rather than the present behaviors of Swartz might have played a larger bit in his prosecuting than the crime for which the police arrested him. For instance, he had downloaded court documents in bulk from Public Access to Court Electronic Records (PACER) before, although not criminal, they might have put him on the radar of law enforcement (Witt). Moreover, he also seemed to have had radical views given his publication of the “Guerrilla Manifesto.” According to Witt, Swartz had posted the manifesto online to explain that it was imperative for everyone to make information, such as scientific journals, and every other information “wherever it is stored” available to all people, what he termed the Guerrilla Open Access.
On this basis, one can conclude that Swartz was very sophisticated technologically. He, however, did not try to use his sophistication to hide himself, which led to his arrest. This could have happened because he was not convinced that he was doing the wrong thing.
Speculation about What Should Have Been Sought In a Forensic Review
Using a write-blocker, the examiner can make an exact copy of the device under review by copying it byte by byte so as to allow for the examination of the original storage medium. The computer forensic expert does this to leave the original manifestly unchanged.
Since digital memories keep a record of everything and the laptop was not encrypted, the forensic review should have resulted in the location of the files. Besides, possibly other facts concerning the crime such as the emails to any person who Swartz might have been collaborating with, images, and any other records should have been considered. Moreover, as the suspect did not delete his browser’s history, it would have been easy to locate the websites and the time of his visits from his browser’s history. It would have shown to the investigators the time the computer had visited the JSTOR website, how long it had done it, and the pages it had visited on the website.
The computer forensic expert should also have sought a network if the investigators did not believe that he had been acting alone. A cross-drive analysis with other suspects would have served to establish if there were any social networks between Swart and any other person. A cross-drive analysis could help correlate the information between different drives and, hence, establish a possible connection between the computers. For instance, if the investigators could have located a personal computer belonging to the friend of Swartz’s, this would have established a possible connection in the crime between the two. Moreover, email analysis can also perform the same function. Email is usually a treasure when investigating a computer crime. Emails keep records and sometimes set the difference between an acquittal and a jail time.
The Internet Serve Provider (ISP) could also have been essential in connecting Swartz’s computer to the network. As the ISP records all bytes of information that pass through it, a forensic expert would have connected Swartz’s computer and downloads from the JSTOR website.
However, if Swartz had thought that the police were monitoring him, he would have possibly deleted the files. However, the forensic examiner could have recovered the files, in PDF or any other format they were downloaded, by reconstructing disc sectors because most operating systems do not allow the physical deletion of data.
Where He is Now
Unlike so many other computer hacktivists and online freedom activists who are in exile to avoid jail terms or have ended up in prison, the same did not happen to Swartz. The arrest took a toll on Swartz, who was only twenty-four years then and had genuinely believed that he was a force for good in the world. In his actions, he bellied that what he was doing was either justifiable legally, or was for the greater good (Witt). Unfortunately, the prosecutors did not think of it that way and decided to peruse a criminal case against him, even when JSTOR, the chief victims of the crime, opted not to peruse a case, criminal or civil, against Swartz. Unable to cope with the pressure, Swartz committed suicide in 2013 while on bail (Witt). His partner found him in his apartment having hanged himself with no suicide note (Witt). It is notable that, after his death, there was an outpouring of sympathy towards him, and many celebrated him as an advocate for online freedom, rather than a person who had allegedly stolen millions of documents from the JSTOR website and who would possibly have (Witt). This shows the usually thin line between crime and activism in matters dealing with computers and cybercrimes.
Conclusion
This paper was a case study on Aaron Swartz in matters pertaining to the computer crimes he allegedly committed. As it is apparent, he had an early exposure to computers from his father who owned a software company. The young Aaron Swartz was a prodigious computer talent and was winning awards by the time he was thirteen. He also helped start Reddit, while being one of the foremost advocates of internet freedom. However, his internet activism also led him to do things that would be considered borderline criminal by downloading a trove of documents from PACER. He would later bulk-download documents from the JSTOR website which the FBI and the local police would consider to have been illegal and for which two grand juries, a local and a federal one, would indict him more than a dozen charges. Some experts disagree as to whether there was evidence to charge and convict him on any of the charges brought against him. A forensic examination of his computer would have possibly resulted in the presence of documents, web history, and emails on his computer. Aaron Swartz, unfortunately, committed suicide before the trial was over, and many have praised him since then as an online freedom campaigner.