Matthew Keys, former deputy social media editor for the Reuters news agency, was convicted Wednesday for his role in a conspiracy to hack Los Angeles Times and Tribune Co. servers.
Keys, 28, who also was a web producer for KTXL Fox 40 in Sacramento, a Tribune-owned television station, provided members of the hacker group Anonymous with login information for Tribune servers in 2010.
Though Keys faces up to 25 years in prison at his sentencing, U.S. attorney's office spokeswoman Lauren Horwood said prosecutors are "likely" to seek less than five years.
Keys' attorney, Jay Leiderman, said they will appeal after Keys' sentencing, which is scheduled for Jan. 20 in Sacramento.
"He shouldn't be doing a day in jail," Leiderman said. "With love and respect, [The Times'] story was defaced for 40 minutes when someone found it and fixed it in three minutes. What do you want, a year a minute?"
Keys, who works as a managing editor for Grasswire, a news curation website, said he will continue to report until his sentencing.
Edward Snowden, who exposed the mass-surveillance practices of the National Security Agency, tweeted about Keys' potential sentence, followed by #PrisonPolicy.
"I appreciate the support that everyone is sending my way," Keys said in response. "This affects our ability to keep sources confidential. I hope they funnel that outrage and anger into progress."
In their indictment, federal prosecutors alleged Keys conspired with Anonymous members to access the Tribune Co.'s servers "for the purpose of learning how to alter and damage it." According to federal authorities, Keys provided a username and password for Tribune servers to hackers in an online chat room after he left KTXL in late October 2010.
A jury convicted Keys of one count of conspiracy to make changes to Tribune's website and damage its computer systems, one count of transmitting malicious code and one count of attempting to transmit malicious code.
With the information from Keys, prosecutors say, a hacker accessed a news story on The Times' website and changed a headline on a story about tax cuts to read: "Pressure builds in House to elect CHIPPY 1337."
"[T]hat was such a buzz having my edit on the LA Times," the hacker, using the screen name "sharpie," wrote to Keys, according to the indictment.
"Nice," Keys, using the screen name "AESCracked," allegedly replied.
Keys said he was using a virtual private network "to cover my tracks," according to the indictment.
Prosecutors wrote in the indictment that Tribune spent more than $5,000 responding to the attack and restoring its systems.
According to the indictment, Keys conspired with hackers via a chat room known as "internetfeds."
Keys had written about gaining access to the chat room and communicating with hackers in a blog post for Reuters last year. Keys said the chat room was a "top secret" place where "elite hackers assembled."
"If there was a political or economic reason behind their mayhem, so much the better. If not, they did it for kicks," he wrote of the hackers' motivations for their attacks.
He wrote in the post about the hack on The Times' site, without acknowledging any personal involvement.
Keys was fired from Reuters shortly after federal prosecutors launched their case against him, though the company said he was let go for social media activities.
"Although this case has drawn attention because of Matthew Keys' employment in the news media, this was simply a case about a disgruntled employee who used his technical skills to taunt and torment his former employer," U.S. Atty. Benjamin Wagner said in a statement. "Although he did no lasting damage, Keys did interfere with the business of news organizations, and caused the Tribune Company to spend thousands of dollars protecting its servers. Those who use the Internet to carry out personal vendettas against former employers employers should know that there are consequences for such conduct."
In an interview with The Times following his conviction, Keys used an expletive to describe the government's case against him and tweeted the same sentiment. He said prosecutors only went after him after he published information in 2011 that he gleaned from unnamed online sources, and refused to cooperate with federal investigators in a separate probe.
"They would love it if journalists who get background or go into dark places would play ball in criminal investigations," Keys said of prosecutors. "But we're under no obligation to do that. That's how we get out our stories – by protecting our sources."
FOR THE RECORD
An earlier version of this post misquoted Keys as saying, "But we're under no obligation to do that. That's how we get out our sources - by protecting our sources." It should have said, "But we're under no obligation to do that. That's how we get out our stories - by protecting our sources."
He drew similarities between the case against him and the government seizure of Associated Press phone records and the prosecution of a New York Times reporter for refusing to divulge a source, as examples. He had no part in the hacking of The Times site, in which the headline of an article was defaced, he said.
"Are you guys really that offended?" Keys asked a Times reporter. "Shame on the Tribune Co. for being complicit in this."
U.S. Atty. Matthew Segal, lead prosecutor in the case, said Keys' assertion that he was targeted by the government as retribution for his work and to have him reveal his sources was baseless. "It's silly," he said.
Segal said Keys signed a confession and offered to cooperate with authorities.
"Anybody with any doubt as to what happened here can read the statement that Keys wrote and gave to the FBI," Segal said. "He admitted what he did and offered to cooperate."
Keys said that when FBI agents executed a search warrant at his home in 2012, he was under the influence of medication and was directed by an agent to write the statement. Keys said the statement was coerced and that he and his lawyers intend to address the issue on appeal.
"It's wrong to call it a confession," he said. "Armed FBI agents who just pointed a gun at my face were telling me what to write."
Keys' attorney made similar arguments in an effort to exclude the statement from evidence in the case, but that request was denied by a judge.
Segal said the crime involved more than just the defaced headline on the Los Angeles Times website.
The jury heard evidence that Keys constructed several "back-door access points" for himself and others to enter the company's servers. Jurors also heard testimony that it took months for the company to assess the damage that was done, Segal said.
"This is not the crime of the century, but you cannot do this stuff," he said. "It is illegal and for a good reason."
For breaking California news, follow @JosephSerna.