Hide My Ass service not as secret as suspect likely believed

Share this article:

A web proxy service has come under fire after a federal indictment revealed that the company cooperated with U.S. authorities in their investigation into the hacking of SonyPictures.com.

HideMyAss.com, a VPN service that encrypts one's traffic to enable users to surf the web anonymously, was ordered by a U.K. judge, at the request of FBI agents, to release log information about an Arizona man who was arrested Thursday for his role in the Sony intrusion.

Cody Kretsinger, 23, of Phoenix, a purported member of the LulzSec hacktivist collective, was charged with conspiracy and unauthorized impairment of a protected computer. He is accused of participating in an approximately week-long SQL injection attack, ending in early June, on the Sony Pictures site. The compromise resulted in the theft of data belonging to roughly one million users, some of which was publicly posted.

But now, as Kretsinger awaits prosecution, HideMyAss.com faces criticism from privacy advocates and users who believe the service went back on its promise.

"Their entire website is covered with references to complete privacy, total anonymity and secure services," Eric King, human rights and technology adviser at the London-based watchdog Privacy International, told SCMagazineUS.com on Monday. "They encourage users to put trust in them when actually nothing they claim matches up to reality. There are many anonymity services that make far less grander claims that go to far greater lengths to ensure that users cannot be compromised."

In a Friday blog post defending its actions, HideMyAss.com said it simply was following laws in the U.K., where it is based.

"Our VPN service and VPN services in general are not designed to be used to commit illegal activity," the post said. "It is very naive to think that by paying a subscription fee to a VPN service, you are free to break the law."

The company admitted that it maintains logs of when users connect and disconnect from the service, but not which sites they visit. King objected to this policy, saying services like HideMyAss.com should never track user activity. But even if it does, HideMyAss.com should have first given its users a heads-up of the FBI's interest so they would have been able to contest the log request in court.

King added that he finds it contradictory that the company has publicized its services being used by Egyptian protestors during last winter's uprising.

"They're picking issues that support their business image rather than having any core belief to protect privacy," he said. "They don't seem to have any ethical compass at all on these issues."

In response to this seemingly hypocritical stance, HideMyAss.com said: "There isn't law that prohibits the use of Egyptians gaining access to blocked websites such as Twitter...though there are certainly laws regarding the hacking of government and corporate systems."

Meanwhile, U.S. prosecutors are asking that Kretsinger, who faces up to 15 years in prison, face trial in Los Angeles, the district in which he was charged.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

President signs Executive Order to improve payment security

President signs Executive Order to improve payment security

President Obama signed an Executive Order at the Consumer Financial Protection Bureau calling for enhanced security measures, including microchips and PINs.

Security, tech firm coalition fights Hikit actors, other advanced groups

Security, tech firm coalition fights Hikit actors, other ...

The coalition began as an effort to stop the spread of the Hikit trojan, previously known for targeting U.S. defense contractors.

Phishing email delivers keylogger malware, also takes screenshots

Phishing email delivers keylogger malware, also takes screenshots

The malware has various features, including the ability to start persistently, take screenshots and bypass user access controls.