A prominent Reuters journalist formerly employed at the Tribune Company was indicted on Thursday of conspiring with Anonymous to hack into the website of the Los Angeles Times, a Tribune property. However, there is something fishy about the Matthew Keys case: Allegations of Keys' collaboration with Anonymous were first made in 2011. Moreover, an Anonymous member-turned-government witness previously threatened to expose Keys.
Keys, a social media editor at Reuters, is accused by the federal government of abetting Anonymous' break-in into the Tribune Co.'s content management system (CMS). On December 14 and 15, 2010, a hacker named "Sharpie" altered an existing Times story to read "Pressure Builds In House To Elect CHIPPY 1337." Chippy1337 is a hacker crew with alleged tie to Anonymous.
A screenshot of the hacked story, archived by the Times, is shown below.
Right now, Keys faces up to 30 years in prison for allegedly handing over login info for the Tribune Co.'s CMS to participants in an Anonymous chat room. The Eastern District of California's indictment (PDF), as published by the Huffington Post, contains what appear to be detailed chat logs between Keys and Anonymous affiliates. But the question remains, how did the government receive the alleged chat logs?
In March 2011, Hector Xavier Monsegur, a New York-based hacker affiliated with Anonymous and LulzSec known as "Sabu," posted a tweet identifying Keys as a participant in the Times hack. Monsegur was arrested in March 2012, and unsealed court records indicate that he began cooperating with the government almost immediately. Monsegur has previous drug arrests and is the single father of two small children—both strong inducements to collaboration with the U.S. Attorney.
Monsegur, it seems, previously threatened Keys. The Reuters reporter, in one of his first blog posts at his new job, detailed threats made against him. Keys was open about gaining access to a chat room frequented by Anonymous-affiliated hackers, and posted screen captures to Reuters' blog. Shortly after Keys disclosed to Monsegur that he took screencaps, he was banned from the chat room and a blanket threat was issued that he would "destroy the reputation" of anyone who exposed him or Anonymous. Keys wrote:
"He said he would try to destroy the reputation of anyone who might expose him or ruin his reputation or that of Anonymous. He’d release personal information about any individual whom he considered his enemy or Anonymous’ enemy. He’d steal their credit card information and charge hundreds of dollars in charitable donations. He’d invent stories so as to discredit any whistleblower or hacker-turned-informant."
Keys himself is a complicated figure. Sources Fast Company spoke with off the record characterized him a brilliant journalist who by all accounts is very good at his job, but also as personally erratic and prone to getting into Twitter flame wars. He has also been accused in public forums of deleting embarrassing tweets and by BuzzFeed's Ryan Broderick of being a prominent LiveJournal troll in mid-'00s. With that said, Keys was also allegedly praised at a recent SXSW panel as being one of the best journalists on Twitter.
Keys wrote in a public posting on Facebook that "I'm fine, and everything will be okay." In response to queries, a Reuters spokesperson told [em]Fast Company[/em] that Keys is currently suspended with pay.
"We are aware of the charges brought by the Department of Justice against Matthew Keys, an employee of our news organization. Thomson Reuters is committed to obeying the rules and regulations in every jurisdiction in which it operates. Any legal violations, or failures to comply with the company’s own strict set of principles and standards, can result in disciplinary action. We would also observe the indictment alleges the conduct occurred in December 2010; Mr. Keys joined Reuters in 2012, and while investigations continue we will have no further comment," the spokesperson said in a prepared statement.
Fast Company has reached out to Keys for comment and will update the story if any additional information is received. PACER records indicate that a search warrant was conducted on Keys' home on October 4, 2012. Stringent federal cybercrime laws call for up to 30 years for the website defacement and alleged CMS break-in.
[Top Image: Matthew Keys via Facebook / Bottom Image: Los Angeles Times]
Disclosure: The author is a Reuters freelancer.