In her Medium post, Norton wrote:
I believe this list, personally, though I can't prove it. I remember the Brazil, Syria, and Colombia hacks, and some of the talk of Iraq and Puerto Rico. Some of the docs were even screenshot and included in the Lulzxmas video. Some of the Brazilian defacements gave thanks to Antisec and Sabu in particular. Some documents from these hacks appeared online on the now-defunct Anonymous leaks site, par-anoia.net.
For the record, I talked to someone with some 20 years of experience living in the shadows where the security world and federal government intersect. He is skeptical that the feds went to the trouble of targeting Hammond -- using Stratfor like a goat tied out to a stake to lure a lion -- when there are so many bigger bad guys to bag.
Domestic Web work
Still, the questions these accounts raise provide enough material for another three Jason Bourne movies. For example:
- Hacking foreign government sites, exposing backdoors, pawing through millions of emails -- who does that sound like to you? Any three-letter agency that's been in the news lately?
- Did the feds hand a talented hacker its wish list for places it wanted to break into but didn't have the skilz? What happened after Hammond opened all those backdoors? Were these foreign entities ever notified about the vulnerabilities?
- How did that Stratfor vulnerability come into Sabu's possession? According to Norton's account, " the vuln had come from outside the group, and that person was out of touch not long after turning it over." That's not suspicious or anything.
- Was it perhaps a friendly member of No Such Agency who provided it to the feds, in exchange for that list of foreign backdoors?
- Why did the top fed running the Hammond sting retire three days after the hacker's arrest and become president of Crowdstrike, a security firm whose MO is to hack the hackers? Did Shawn Henry take the list of backdoors to his new job?
- If you handed a convicted bank robber a list of bank vault combinations, then sat back and watched him go on crime spree for three weeks, wouldn't you be at least just a bit culpable yourself?
- Finally, why are the chat logs and other the evidence cited by Hammond being kept from the public? If the feds truly acted like the forthright upholders of truth and justice they claim to be, wouldn't they clear them of such scurrilous suspicions?
Is Hammond guilty of breaking the law? Absolutely, though I'm sure he'd frame it as civil disobedience or political protest. But it also seems pretty clear he was lured into these particular crimes by the feds. If that's not entrapment, then I don't know what is.
More important, though, the crimes he committed pale in comparison to the allegedly legal and patently illegal activities undertaken by certain three-letter agencies. Where are the jury trials for those?
What's worse: hacking a company or a country? Share your thoughts below or email me: email@example.com.
This article, "The feds' guide to bringing down a hacker from the inside," was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, follow Cringely on Twitter, and subscribe to Cringely's Notes from the Underground newsletter.