JSTOR Flashcards
(18 cards)
What did Aaron Swartz do to access JSTOR articles?
Swartz used MIT’s network, running scripts to mass-download academic articles, bypassing download limits and IP blocks. He hid a laptop in a networking closet, masked its MAC address, and triggered alarms due to abnormal traffic.
How did JSTOR and MIT respond to Swartz’s actions
JSTOR noticed bulk downloading, temporarily blocked MIT access, and identified the MAC address and IP. MIT monitored the connection point and caught Swartz retrieving the hidden laptop.
What are network access controls, and how could they have prevented Swartz’s actions?
Restrict access to sensitive services like JSTOR based on authentication or user groups. Segmentation isolates public WiFi/guest networks from academic services, preventing unauthorized access.
How does rate limiting or throttling enhance security?
Enforces download rate limits per user or IP, preventing bulk access by bots or scrapers, which could have stopped Swartz’s mass downloads.
How can MAC address/device authentication improve security?
Requires device registration tied to user credentials, preventing MAC spoofing. JSTOR could have used student login-based authentication instead of IP-based open access.
What is anomaly detection/logging, and how does it relate to the Swartz case?
Monitors for unusual behavior (e.g., excessive downloads, odd access locations) and triggers alerts or blocks. Could have flagged Swartz’s bulk downloading earlier.
How does physical security relate to the Swartz case?
Securing network infrastructure (e.g., locked closets) and monitoring server areas could have prevented Swartz from hiding a laptop in MIT’s networking closet.
What legal charges did Aaron Swartz face?
Charged under the Computer Fraud and Abuse Act (CFAA) with 13 felony counts, including wire fraud and computer fraud, facing up to 35 years in prison and $1 million in fines.
Did JSTOR and MIT press charges against Swartz?
Neither JSTOR nor MIT pressed charges, but federal prosecutors pursued the case aggressively.
What ethical questions arose from Swartz’s case?
Is bypassing paywalls for public good ethical? Should intent matter in unauthorized access cases? Is downloading information theft? What is the role of institutions in prosecuting violations?
What are the legal grey areas in the Computer Fraud and Abuse Act (CFAA)?
Vague terms like “unauthorized access” enable harsh punishment for minor infractions. The law, pre-dating the modern internet, is applied inconsistently.
What are the key computer security lessons from Swartz’s case?
Importance of access controls and monitoring. Abusing legitimate access is still a violation. Systems must detect behavioral abnormalities. Ethical hacking, activism, and malicious intent need distinction.
What were the consequences of Swartz’s case?
Swartz’s suicide in 2013 sparked outrage, debates on digital rights, calls for CFAA reform, and inspired open access movements.
Where should the line be drawn between ethical activism and criminal hacking?
Ethical activism seeks public good without harm, while criminal hacking causes damage or personal gain. Swartz’s intent to share knowledge blurred this line, raising questions about proportionality.
How should security professionals handle insider threats like Swartz’s actions?
Implement strong access controls, user authentication, anomaly detection, and physical security to prevent and detect abuse of legitimate access.
Is the law keeping up with technology and ethics in cases like Swartz’s?
The CFAA, outdated and vague, fails to align with modern internet use and ethical considerations, leading to disproportionate punishments.
What could MIT or JSTOR have done differently to prevent Swartz’s actions?
Implement user-based authentication, rate limiting, anomaly detection, and secure physical infrastructure to restrict bulk downloads and unauthorized access.
What are the key takeaways from Swartz’s case?
Logic ≠ ethics; security incidents need both perspectives. Systems must balance openness and controls. CFAA needs reform for proportionality. Swartz’s case is a cautionary tale for security and activism.
