The feds' guide to bringing down a hacker from the inside

Jeremy Hammond faces 10 years in prison for hacking Stratfor Global, but many details of his conviction don't add up

Earlier this month, Jeremy Hammond was sentenced to 10 years in prison for his role in the hack of security consultancy Stratfor Global Intelligence. Hammond is the biggest fish to be snared after the FBI managed to turn former top Anon Sabu into a confidential informant. His conviction is a dagger in the side of the struggling hacktivist movement.

Quinn Norton has a fascinating post on Medium called "How Antisec died." It offers an almost-inside view of how the feds targeted and took down the most active members of Anonymous and its kin.

[ For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter and follow Cringely on Twitter. | Check out InfoWorld TechBrief, your source for quick, smart views on the news you'll be talking about -- subscribe today. ]

Norton has reported extensively on the activities of the Anons. More than any reporter I am aware of, she managed to get inside that very secretive, very suspicious org and talk to them, even if she never knew more about them personally than the handles they liked to use in IRC conversations.

What she reveals about how Hammond was taken down, though, isn't simply a tale of some arrested adolescent who let his hacking talents run amok. Too many details just don't smell right.

The sting

When Hammond was sentenced, he gave an extended and impressively articulate statement about his role in the hack, his motivations for doing it, and how he got set up by Sabu (aka Hector Xavier Monsegur), a key member of the Anons turned FBI informant. He wrote:

I had never even heard of Stratfor until Sabu brought it to my attention. Sabu was encouraging people to invade systems, and helping to strategize and facilitate attacks. He even provided me with vulnerabilities of targets passed on by other hackers, so it came as a great surprise when I learned that Sabu had been working with the FBI the entire time.

On December 4, 2011, Sabu was approached by another hacker who had already broken into Stratfor's credit card database. Sabu, under the watchful eye of his government handlers, then brought the hack to Antisec by inviting this hacker to our private chatroom, where he supplied download links to the full credit card database as well as the initial vulnerability access point to Stratfor's systems.

On Dec. 6, the feds contacted Stratfor, informed the company it was being hacked, and asked it to do nothing to stop it. For three weeks, Hammond had his way with the systems -- downloading millions of emails and thousands of customer credit card numbers, which were later used to generate bogus donations to various charities, and trashing the company servers -- all while the FBI watched.

Foreign intrigue

But the Stratfor vulnerabilities weren't the only ones Sabu shared with Hammond. At the FBI's behest he provided Hammond with a laundry list of vulnerable targets for the hacker to crack, then uploaded all the information Hammond collected onto servers controlled by the FBI.

The names of the targets provided to Hammond were redacted in the statement released by the court. But somebody posted the unredacted list on Pastebin. It's an eye-opener:

These intrusions took place in January/February of 2012 and affected over 2000 domains, including numerous foreign government websites in Brazil, Turkey, Syria, Puerto Rico, Colombia, Nigeria, Iran, Slovenia, Greece, Pakistan, and others. A few of the compromised websites that I recollect include the official website of the Governor of Puerto Rico, the Internal Affairs Division of the Military Police of Brazil, the Official Website of the Crown Prince of Kuwait, the Tax Department of Turkey, the Iranian Academic Center for Education and Cultural Research, the Polish Embassy in the UK, and the Ministry of Electricity of Iraq.

Hammond's proof, he says, can be found in the chat logs maintained by the FBI, as well as other documents -- all of them under a "protective order" that prohibits them from being made public.

1 2 Page 1
Page 1 of 2
How to choose a low-code development platform