How M.I.T. Ensnared a Hacker

In the early days of 2011, the Massachusetts Institute of Technology learned that it had an intruder. Worse, it believed the intruder had been there before.

Months earlier, the mysterious visitor had used the school’s computer network to begin copying millions of research articles belonging to Jstor, the nonprofit organization that sells subscription access to universities.

The visitor was clever — switching identifications to avoid being blocked by M.I.T.’s security system — but eventually the university believed it had shut down the intrusion, then spent weeks reassuring furious officials at Jstor that the downloading had been stopped.

However, on Jan. 3, 2011, according to internal M.I.T. documents obtained by The New York Times, the university was informed that the intruder was back — this time downloading documents very slowly, with a new method of access, so as not to alert the university’s security experts.

“The user was now not using any of the typical methods to access MITnet to avoid all usual methods of being disabled,” concluded Mike Halsall, a senior security analyst at M.I.T., referring to the university’s computer network.

What the university officials did not know at the time was that the intruder was Aaron Swartz, one of the shining lights of the technology world and a leading advocate for open access to information, with a fellowship down the road at Harvard.

Mr. Swartz’s actions presented M.I.T. with a crucial choice: the university could try to plug the weak spot in its network or it could try to catch the hacker, then unknown.

The decision — to treat the downloading as a continuing crime to be investigated rather than a security threat that had been stopped — led to a two-day cat-and-mouse game with Mr. Swartz and, ultimately, to charges of computer and wire fraud. Mr. Swartz, 26, who faced a potentially lengthy prison term and whose trial was to begin in April, was found dead of an apparent suicide in his Brooklyn apartment on Jan. 11.

Mr. Swartz’s supporters called M.I.T.’s decision a striking step for an institution that prides itself on operating an open computer network and open campus — the home of a freewheeling programming culture. M.I.T.’s defenders viewed the intrusion as a computer crime that needed to be taken seriously.

M.I.T. declined to confirm any of these details or comment on its actions during the investigation. The university’s president, L. Rafael Reif, said last week, “It pains me to think that M.I.T. played any role in a series of events that have ended in tragedy.” He appointed a professor, Hal Abelson, to analyze M.I.T.’s conduct in the investigation. To comment now, a spokeswoman for the university said, would be “to get ahead of that analysis.”

Early on Jan. 4, at 8:08 a.m., according to Mr. Halsall’s detailed internal timeline of the events, a security expert was able to locate that new method of access precisely — the wiring in a network closet in the basement of Building 16, a nondescript rectangular structure full of classrooms and labs that, like many buildings on campus, is kept unlocked.

In the closet, Mr. Halsall wrote, there was a netbook, or small portable computer, “hidden under a box,” connected to an external hard drive that was receiving the downloaded documents.

At 9:44 a.m. the M.I.T. police were called in; by 10:30 a.m., the Cambridge police were en route, and by 11 a.m., Michael Pickett, a Secret Service agent and expert on computer crime, was on the scene. On his recommendation, a surveillance camera was installed in the closet and a second laptop was connected to the network switch to track the traffic.

More from the NY Times:
http://www.nytimes.com/2013/01/21/technology/how-mit-ensnared-a-hacker-bucking-a-freewheeling-culture.html?pagewanted=all&_r=0