Rogue Academic Downloader Busted by MIT Webcam Stakeout, Arrest Report Says

Hacker and activist Aaron Swartz faces federal hacking prosecution for allegedly downloading millions of academic documents via MIT’s guest network, using a laptop hidden in a networking closet. Swartz, 24, faces 35 years in prison and a $1 million fine under the indictment, announced last week, raising questions about his intentions, the vagueness of anti-hacking […]
This image may contain Electronics
Building 16 on the MIT campus, where Swartz is accused of breaking and entering. Credit: MIT

Hacker and activist Aaron Swartz faces federal hacking prosecution for allegedly downloading millions of academic documents via MIT's guest network, using a laptop hidden in a networking closet.

Swartz, 24, faces 35 years in prison and a $1 million fine under the indictment, announced last week, raising questions about his intentions, the vagueness of anti-hacking statutes and copyright as it applies to academic work.

But the indictment (embedded below) also left one other question unresolved: How did Swartz get caught?

The answer, it turns out, involves a webcam stakeout, the Secret Service and a campus-wide manhunt for a slender guy with a backpack riding a bike on MIT's campus.

Swartz, the founder of the activist group Demand Progress, was arrested by the MIT police on Jan. 6, charged with breaking and entering for allegedly entering a "restricted" networking room. The alleged purpose was to hide a laptop that was using a guest account on the MIT network to download millions of academic papers from JSTOR, an academic journal service that MIT pays for. However, MIT, which is open 24 hours a day to students and guests, allows students and guests to use the service and its network for free.

That arrest was first reported by Politico's Josh Gerstein.

[Disclosure: Swartz joined Reddit six months after its launch and had the same ownership stake as its two founders. Reddit, like Wired.com, is owned by Condé Nast. He is also a general friend of Wired.com, and has done coding work for Wired.]

Swartz is accused, both in the federal indictment and in the January arrest report, of stealing the articles by attaching a laptop directly to a network switch in what's described as a "restricted" room, though neither the police report nor the indictment have any mention of a door lock or signage indicating the room is off-limits.

MIT police first learned of the laptop in a networking closet in MIT's Building 16 on Jan. 4 from a member of MIT's tech staff, who had discovered the laptop and an external hard drive under a cardboard box in the room.

According to the police report, a Cambridge police officer, a member of the Secret Service, and a Boston police officer went to the room 004T at 10:30 am, and the laptop was taken away to search it for latent fingerprints. The authorities then put the laptop back that same day and installed a webcam to watch the room.

That afternoon, at about 2:30 pm, a "white male, dark or black shoulder length wavy hair, wearing a dark coat, gray backpack, jeans with a white bicycle helmet" entered the room, according to the report, with something that looks like an external hard drive.

The next day MIT and Secret Service agent Michael Pickett told the MIT police officer in charge of the case that "approximately 70 gigabytes of data had been downloaded, 98% of which was from JStor," which MIT valued at $50,000.

That officer was watching the video feed the next day when, a little after noon, someone who resembled the person caught on tape two days earlier entered the room and took the laptop and hard drive. A call went out to find the suspect and at 2:11, a captain reported that he'd located the suspect riding a bicycle.

The two MIT officers and Special Agent Pickett then tried to stop Swartz, who jumped off his bike and ran away, only to be caught and handcuffed by the Secret Service Agent, according to the report.

The arrest report makes no mention of Swartz hiding from the webcam, but his federal indictment accuses him of hiding his face from surveillance cameras by holding his bike helmet up to his face and looking through the ventilation holes.

Swartz is now being prosecuted by the Middlesex County District Attorney on two state felony counts – one for breaking and entering, the other for breaking into a depository, according to a spokeswoman for the D.A.'s office. The case is being heard in the Cambridge District court, where the next hearing is on August 8th to make sure that Swartz is complying with the terms of his release.

Swartz declined to comment on the report and said that his lawyer, Andrew Good, was not commenting either.

Wired asked MIT about the arrest and about whether the networking closet was locked or had any signs instructing people not to enter.

MIT spokesman Nate Nickerson said "We are not commenting on this matter at this time."

For its part, JSTOR says it worked with Swartz's lawyers to get the data back, which it said satisfied its interest in the matter.

The federal indictment accuses Swartz of planning to put the archive on the web through peer-to-peer file sharing services.

Given Swartz's history with downloading massive amounts of non-copyrighted documents from behind paywalls to release into the public domain, that's not inconceivable (though much of what Swartz is accused of downloading from JSTOR is copyrighted).

In 2008, the federal court system decided to try out allowing free public access to its court record search system PACER at 17 libraries across the country. Swartz went to the 7th U.S. Circuit Court of Appeals library in Chicago and installed a small Perl script he had written. The code cycled sequentially through case numbers, requesting a new document from PACER every three seconds. In this manner, Swartz got nearly 20 million pages of court documents, which his script uploaded to Amazon’s EC2 cloud computing service.

While the documents are in the public record and free to share, PACER normally charges eight cents a page.

The courts reported him to the FBI, which investigated whether the public records were “exfiltrated.” After in-depth background searches, a luckless stakeout and futile attempts to get Swartz to talk, the FBI dropped the case.

However, Swartz is also an acolyte of StanfordHarvard professor Larry Lessig, who currently tracks the corrupting influence of money. He has a history of analyzing large collections of research to determine who funded them. Swartz co-authored a study with Shireen Barday, which looked through thousands of law review articles looking for law professors who had been paid by industry patrons to write papers. That study was published in 2008 in the Stanford Law Review.

Photo: Aaron Swartz in 2008, with former Red Hat CEO Bob Young in the background. (CreativeCommons)

See Also:- Feds Charge Activist as Hacker for Downloading Millions of Academic Articles