The founder of the file-sharing site Pirate Bay was found guilty today in Denmark on hacking charges unrelated to the web site.
Swedish national Gottfrid Svartholm was found guilty of hacking into servers belonging to the U.S. technology firm CSC after being partially acquitted of other hacking charges in Sweden.
In the Danish case, Svartholm and a 21-year-old Danish accomplice were accused of hacking CSC’s servers in April 2012 and remaining inside for four months, stealing and altering data during the breach, according to prosecutors.
As evidence, authorities offered documents belonging to CSC that were found on Svartholm’s computer as well as IRC logs between two parties using the handles “Advanced Persistent Terrorist Threat” and “My Evil Twin” discussing the security of CSC’s systems. Prosecutors asserted that “My Evil Twin” was Svartholm and his Danish accomplice was the other party.
But the Danish defendant, who has not been identified and has refused to cooperate with authorities by giving them the encryption key for his computer, testified that he had met “My Evil Twin” in person and it was not Svartholm.
The defense team argued that Svartholm was framed. They said he did not commit the crimes, but that his computer had been hijacked by someone who used it as a proxy to break into CSC’s servers.
Prosecutors argued this was impossible.
Noted Tor developer and security expert Jacob Appelbaum testified on behalf of the defense that it was possibile, and Svartholm’s legal team produced an antivirus scan of his computer showing that 545 threats had been found on it, some of which were capable of providing a hacker with remote control of the computer.
At least two jurors determined that the remote hacking defense couldn’t be ruled out, so voted to acquit Svartholm, according to TorrentFreak.
“There were so many leads pointing toward the fact that my client’s computer was in fact remotely controlled,” Svartholm’s attorney Luise Høj, told WIRED. “That was a point that the court accepted.”
She says he was convicted because authorities claimed that in an encrypted partition they found on his computer that contained the stolen CSC files “there was also personal information about my client, and due to that argument and a couple of other arguments prosecutors said even thought it was likely the computer was remotely controlled, there was other information that pointed toward my client.”
Asked what evidence she provided, beyond the antivirus scan, that someone actually had hijacked Svartholm’s computer to use it to hack CSC, Høj told WIRED that she provided none.
“I only needed to reach the point where there was reasonable doubt about it,” she says. “It wasn’t in my interest to find out if it was in fact remotely controlled or not. I just have to prove to the court that it was in fact a possibility. Because the police so categorically said this is not a possibility, it actually made my argument a bit easier [because] then I could say to the jury for sure that’s not true.”
Svartholm was previously convicted in 2009 on separate charges for operating the illicit file-sharing service where pirated movies and other material was traded. He was sentenced to one year in prison in that case.
With regard to the separate case in Sweden, Svartholm was charged with hacking into Nordea Bank to siphon money and into an IT company called Logica, a contractor for the Swedish tax authority. He was found guilty of hacking Logica, but was acquitted on the bank hacking charges. He was sentenced to two years in prison on that case, while an accomplice was given probation.
Svartholm is scheduled to be sentenced on the Denmark case tomorrow.