Ky. man who changed views on website sent to prison

COVINGTON, Ky. -- His lawyer dubbed him the Robin Hood of pranksters. Federal prosecutors characterized him as a computer hacker engaged in cyberbullying.

And a federal judge found him in violation of the Computer Fraud and Abuse Act and sentenced him to five months in prison and two years on probation. Michael Pullen has to report on Oct. 21 to a federal work camp.

What got the 38-year-old father of two from Dry Ridge, Ky., in trouble was breaking into people's accounts on the social networking site SodaHead.com and changing posts that espoused conservative views.

Pullen said he would replace posts he considered racist or homophobic with something like, "I'm super fancy. Why don't you call me fancy pants?"

Pullen's attorney, Dennis C. Alerding, called the case "an enormous waste of taxpayer money."

"If what they wanted to do was to convince my client to never, never do it again ... and punish him, they could have just as easily suspended his driver's license for a year and fined him $1,000," said Alerding, who was appointed by a judge to represent Pullen under the federal courts' public defender program.

Alerding estimated the final bill to taxpayers for just representing Pullen will be at least $14,000, including the cost of flying in a witness from the West Coast. That does not include the prosecutor's costs.

It also doesn't include the cost of locking up Pullen. Alerding said the federal government estimates it costs $30,000 per year to incarcerate someone.

The spokesman for U.S. Attorney's Office for the Eastern District of Kentucky was furloughed because of the partial government shutdown and couldn't be reached for comment. Other employees of the office said they were not authorized to comment.

Internet law expert Eric Goldman has been an outspoken critic of the Computer Fraud and Abuse Act, known as the CFAA, but said it appears to have been properly applied in Pullen's case.

"This is a fairly straightforward application of the law," said Goldman, a Santa Clara University School of Law professor and director of the High Tech Law Institute in Silicon Valley. "We might want some type of restriction against accessing someone's private space on a computer -- even if it is done as a prank.

"Having said all of that, it isn't clear whether this was all that harmful. There was probably some teeth gnashing, but what other damages were incurred from his intrusion?"

Arthur Clements, former director of technical operations at SodaHead.com, testified at Pullen's sentencing last month. Clements said if the hacking had continued it would have posed a threat to the company.

"We realized it could kill our business," said Clements, who is now a contract employee for SodaHead.com. "Everyone was told by the founder to review all computer code to find the vulnerability."

The California-based social networking site was founded in 2007 by Jason Feffer, former vice president of operations at MySpace, and his childhood friend, Michael Glazer. The privately held company says it has 3.8 million unique monthly visitors in the United States and 6.9 million globally. It's known for technology that allows users to create online polls and take them viral.

After Glazer's testimony, U.S. District Judge David Bunning ordered Pullen to pay $21,000 in restitution to the Internet company.

The trouble started in early 2009 after Pullen was laid off from his job of three years. Bored and unable to find work, Pullen became a prolific user of SodaHead.com.

The self-proclaimed nonconformist said he soon became concerned about the tone of the comments on the site.

At first, Pullen said he would legally respond to posts he found offensive and challenge the original poster's views.

"They would propagate misconceptions about the Civil War," Pullen said. "I would go in there and poke holes in their arguments."

After a few months Pullen learned how to take control of other users' accounts by exploiting a known bug in SodaHead.com's software. That's when he realized there was an opportunity for some tomfoolery. He said he targeted the accounts of people who are intolerant of others.

"They were saying these devious, dastardly things like, 'I can't wait for the second Civil War so I can shoot me a liberal,' " Pullen said.

He says he only hacked accounts for two weeks, but it was long enough to catch the attention of the Secret Service. Federal agents showed up at his door in March 2010, but he wasn't indicted until November 2012.

"It was all just meant to be funny," Pullen said.

"I never meant to hurt, in any way, anybody. It was just kind of tweaking these folks -- popping their balloons, so to speak."