Did the FBI use Jeremy Hammond to hack foreign governments?
Yesterday, former Anonymous, Lulzsec, and Antisec hacker Jeremy Hammond (Anarchaos) was sentenced to 10 years, after pleading guilty to the hacking of Stratfor, a global private intelligence company. Upon the objections of federal prosecutors, Jude Loretta Preska struck portions of Hammond’s sentencing statement. These stricken portions later surfaced on Pastebin—as a separate, unverified letter—some time after the sentencing. In them, Hammond suggests the federal government supplied him and other hackers with foreign government targets.
In his statement, Hammond claimed Sabu supplied “lists of targets that were vulnerable to ‘zero day exploits’”—that is, previously unknown security holes. He also emphasized that pilfered files (including the Stratfor data) were stored on Sabu’s server, which was operated by the FBI.
“At [Sabu's] request, these websites were broken into, their emails and databases were uploaded to Sabu’s FBI server, and the password information and the location of root backdoors were supplied,” stated Hammond to the court. “These intrusions took place in January/February of 2012 and affected over 2000 domains, including numerous foreign government websites in Brazil, Turkey, Syria, Puerto Rico, Colombia, Nigeria, Iran, Slovenia, Greece, Pakistan, and others.”
Looking at that list, all but Puerto Rico and perhaps Slovenia are strategic US targets for one reason or another. Brazil is increasingly becoming a rival economic competitor in the Western hemisphere; Turkey is a bulwark against Iran and other volatile Islamic dictatorships; hacking Syrian government websites is self-evident (more on that below); and so on. And, after Edward Snowden’s NSA leaks, we now know that the US government spies on foreign governments without compunction.
Hammond recollected the compromised websites being “the official website of the Governor of Puerto Rico, the Internal Affairs Division of the Military Police of Brazil, the Official Website of the Crown Prince of Kuwait, the Tax Department of Turkey, the Iranian Academic Center for Education and Cultural Research, the Polish Embassy in the UK, and the Ministry of Electricity of Iraq.”
Syria’s inclusion on this list should raise eyebrows. It’s easy to forget that with 2013 being a year of such escalating civil war bloodshed, Syria was already a target for hackers several years prior. And remember that in 2011 Anonymous made a lot of noise about hacking Syria’s Ministry of Defense website.
“To the Syrian people: The world stands with you against the brutal regime of Bashar Al-Assad,” read Anonymous’s message in both English and Arabic. ” … To the Syrian military: You are responsible for protecting the Syrian people, and anyone who orders you to kill women, children, and the elderly deserves to be tried for treason. No outside enemy could do as much damage to Syria as Bashar Al-Assad has done. Defend your country — rise up against the regime!”
Free Hammond by Molly Crabapple
Also recall that the Syrian Electronic Army formed in 2011 in response to these hacks, and didn’t really hit its stride until 2012. According to Hammond, the FBI gained access to Syrian systems and data through the puppeteering of Sabu.
“Sabu … infiltrated a group of hackers that had access to hundreds of Syrian systems including government institutions, banks, and ISPs,” Hammond stated. “He logged several relevant IRC channels persistently asking for live access to mail systems and bank transfer details. The FBI took advantage of hackers who wanted to help support the Syrian people against the Assad regime, who instead unwittingly provided the U.S. government access to Syrian systems, undoubtedly supplying useful intelligence to the military and their buildup for war.”
Hammond said that all of this can be “easily confirmed by chat logs the government provided” to Anonymous; made possible, of course, by the federal government’s discovery obligations in Hammond’s case.
“However, the full extent of the FBI’s abuses remains hidden,” stated Hammond, striking a rather ominous tone. “Because I pled guilty, I do not have access to many documents that might have been provided to me in advance of trial, such as Sabu’s communications with the FBI. In addition, the majority of the documents provided to me are under a ‘protective order’ which insulates this material from public scrutiny. As government transparency is an issue at the heart of my case, I ask that this evidence be made public. I believe the documents will show that the government’s actions go way beyond catching hackers and stopping computer crimes.”
In prosecutorial documents available at Cryptome, the government discusses the law with respect to Hammond’s sentencing. In a footnote on page 7, they write, “The FBI immediately notified Stratfor upon learning in early December that Stratfor’s computer systems had been compromised. The FBI continued to provide updates to Stratfor as it learned more about Hammond’s continued attack against that company.”
“In an addendum to his sentencing submission, Hammond discusses additional hacks and conduct that he claims ‘provide the contextual framework for the Court’s overall consideration of [his] intentions and motivation.’ (Def. Exh. H at 1.) Specifically, Hammond alleges that the Government was ‘using [Hammond] to collect information regarding the vulnerabilities of foreign government websites and in some cases, disabling them.’ (Id. at 2.) Hammond apparently reaches this dramatic conclusion based in part on a partially-redacted online posting by an anonymous individual who claimed to have hacked a foreign government at the behest of the CW. These claims are baseless. While the CW and Hammond did discuss vulnerabilities of foreign websites (among others), in fact, the FBI notified foreign governments about this activity and the vulnerabilities in their websites after Hammond was arrested and the CW’s role could be revealed without harming the investigation so they could take appropriate remedial action. In any event, even if Hammond’s allegations were true, which they are not, they do not bear on any issues relevant to sentencing.” (p. 21/21)
The federal prosecutors sound rather confident in the FBI’s upstanding conduct. But, as noted on page 20 of the government’s memorandum, the prosecutors officially acknowledge that the FBI provided Hammond and his co-conspirators with a server onto which they could store data pilfered from Stratfor. They also acknowledged that, as a result of the FBI’s control of the server, “they were able to mitigate the harm by, for example, notifying credit card companies about the compromised cards.” Prosecutors also noted that Sabu created chat rooms for Hammond and company, at the behest of the FBI, where they monitored chats, “gaining valuable intelligence about the hack which it used to notify Stratfor and credit card companies as the hack developed, as well as powerful evidence of Hammond’s criminal activity.”
Elsewhere in his sentencing statement, Hammond admitted he didn’t know how other data supplied to Sabu was used by the government. The hacker suggested, however, that the government’s collection and use of this data should be investigated. “The government celebrates my conviction and imprisonment, hoping that it will close the door on the full story,” Hammond added. “I took responsibility for my actions, by pleading guilty, but when will the government be made to answer for its crimes?”
If Hammond is right, then the FBI and, indeed, President Obama have some serious ‘splaining to do. And the fact that portions of Hammond’s statement were stricken by Judge Preska is also troubling. Even if Hammond were wrong about the FBI’s feeding of targets to Sabu, the federal prosecutor’s objections to Hammond’s accusations, allowed by Preska, is a vile form of censorship.
Read the rest of the Jeremy Hammond’s powerfully eloquent sentencing statement here.