Judge orders self-described hacker's computer seized without warning

Judge orders self-described hacker's computer seized without warning

The court was worried developer Corey Thuen might erase evidence

In a rare move, a federal court in Idaho recently ordered a software developer's computer seized and its contents copied without prior notice because the developer described himself as a 'hacker' on his website.

Judge Lynn Winmill, of the U.S. District Court for the District of Idaho, issued the ruling even as he acknowledged it was "very rare" and "extraordinary." Nonetheless, he maintained it was necessary under the circumstances. "The tipping point for the Court comes from evidence that the defendants - in their own words - are hackers," Winmill wrote.

"By labeling themselves this way, they have essentially announced that they have the necessary computer skills and intent to simultaneously release the code publicly and conceal their role in that act."

The ruling has potential Fourth Amendment implications against unreasonable search and seizure and involves Battelle Energy Alliance and Southfork Security, a software startup established this year by former Battelle employee Corey Thuen.

Battelle Energy Alliance is based in Idaho Falls. It manages and operates the Idaho National Laboratory (INL) on behalf of the U.S. Department of Energy.

In 2009, Battelle was commissioned to build a monitoring tool capable of detecting and stopping anomalous behavior on INL's network. The result of that effort was a security tool dubbed Sophia. Thuen was part of the team that helped develop Sophia.

In 2012, after successful tests of the tool, Battelle decided to license Sophia out to other owners and operators of industrial control systems and Supervisory Control and Data Acquisition (SCADA) systems.

Since Battelle did not have the ability to commercialize the product on its own, it opened up a bidding process for companies interested in doing so. Thuen left Battelle and set up Southfork Security so his new company could bid for exclusive rights to the product.

Southfork submitted a proposal for licensing the product early this year but withdrew it shortly thereafter.

Battelle claims that a few months later, Southfork began marketing a tool called Visdom that was very similar to Sophia. Battelle also claimed that Southfork planned to offer Visdom as an open-source product available to all.

In a complaint, the company urged the court to issue a Temporary Restraining Order on Southfork preventing it from marketing Visdom or releasing it to the open-source community. Battelle claimed copyright infringement, trade secret theft, breach of contracts and other misdeeds by Southfork.

Battelle also asked the court to issue the restraining order without any notice, because it feared Thuen would release the software as open source if he were given notice.

In complying with that request, Winmill offered several explanations as to why Battelle's numerous claims were strong enough to merit a restraining order. However, it was the judge's reasons for issuing the order without notice to Southfork raised questions.

The ruling, for instance, pointed to hacking-related comments on Southfork's website. "The court finds it significant that defendants are self-described hackers, who say, 'We like hacking things and we don't want to stop,'" Winmill wrote.

The court was also convinced that Southwork would wipe its hard drives clean if given the chance. "The defendants have identified themselves as hackers," Winmill wrote. "A well-known characteristic of hackers is that they cover their tracks."

The order requires a forensic expert retained by Battelle to image Thuen's hard drive and then hand the image over to the court without examining the copy or image.

"The court has struggled over the issue of allowing copying of the hard drive," Judge Winmill noted. "This is a serious invasion of privacy and certainly not a standard remedy." But by labeling themselves hackers, Southwork has essentially announced that it has the "necessary computer skills and intent to simultaneously release the code publicly and conceal their role in act," the judge wrote.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is

See more by Jaikumar Vijayan on

Read more about legal in Computerworld's Legal Topic Center.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags legalCybercrime and HackingNoneU.S. Department of Energy


Show Comments