icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
24 Apr, 2014 21:27

New leak exposes how the FBI directed Anonymous’ hacks

New leak exposes how the FBI directed Anonymous’ hacks

Dozens of pages of previously unreleased documents pertaining to the prosecution of hacktivist Jeremy Hammond have been released, further linking the United States government to a gamut of cyberattacks waged against foreign nations.

Hammond, 29, made waves last November when he defied a US federal judge’s order and told a packed New York City courtroom on the day of his sentencing that the Federal Bureau of Investigation had relied on an undercover informant to direct members of the amorphous hacking collective Anonymous to target the websites of adversarial nations.

The latest releases now lend credence to Hammond’s claims that the FBI guided Anonymous into conducting cyberattacks at their behest, regardless of the sheer illegality involved. The documents — a previously unpublished statement purported to be authored by Hammond and never-before-seen court files —now corroborate the role of the feds in these proxy cyberwars of sorts.

Using the internet alias “Sabu,” the turncoat — Hector Xavier Monsegur of New York — supplied Hammond with lists of vulnerable targets that were then compromised, Hammond said in his courtroom testimony on Nov. 15. Data and details were pillaged and exploited, Hammond said, and then shared with the informant and, ergo, the FBI.

“These intrusions, all of which were suggested by Sabu while cooperating with the FBI, affected thousands of domain names and consisted largely of foreign government websites, including those of Turkey, Brazil, Iran —,” Hammond managed to say before being silenced by US District Court Judge Loretta Preska. Moments later, Preska sentenced him to the maximum time behind bars allowable under a mutually agreed upon plea deal: 120 months.

Jeremy Hammond.(AFP Photo)

The hacktivist has managed to have his voice heard since, however, and on Wednesday this week the New York Times published an article focused on the FBI’s role with regards to spearheading hacks for Anonymous. Speaking from behind bars, Hammond told Times journalist Mark Mazzetti that “it was pretty much out of control in terms of targets we had access to” in the weeks after Anonymous compromised the computer system of Texas-based intelligence firm Stratfor in December 2011 and his arrest the following March.

Nevertheless, “Sabu wasn’t getting his hands dirty,” Hammond told the Times.

Mazzetti went on to acknowledge that an uncensored version of Hammond’s sentencing statement was published to the web concurrent with November’s hearing, and in it the hacker claimed to have been provided a list more than 2,000 internet domains to target by the FBI’s informant. That same document, though previously unverified, also contained the list of targeted countries that Hammond was ordered to refrain from saying at last year’s sentencing: “Brazil, Turkey, Syria, Puerto Rico, Colombia, Nigeria, Iran, Slovenia, Greece, Pakistan and others,” including “the Governor of Puerto Rico, the Internal Affairs Division of the Military Police of Brazil, the Official Website of the Crown Prince of Kuwait, the Tax Department of Turkey, the Iranian Academic Center for Education and Cultural Research, the Polish Embassy in the UK and the Ministry of Electricity of Iraq.”

Hours after the Times article was published on Wednesday, a wild leak appeared that is alleged to contain several paragraphs from Hammond that he authored last year for an article but were edited ahead of publication. The style of the writing in the document uploaded to the Pastebin website is on par with that of Hammond’s, and a source close to the case who asked to remain anonymous confirmed the authenticity of the excerpt to RT early Thursday.

"In view of NYT's reporting, we would like to add some additional context to this statement," the excerpts are prefaced.

“Sabu is not the real issue,” Hammond reportedly wrote. “What is important is how the FBI used him, and how they may still be using other hacktivists to gather intelligence and illegally break into websites without oversight, accountability or reprisal.”

“In my case, the FBI used Sabu to infiltrate and monitor hundreds of public and private hacker chatrooms where he was able to gain influence within Anonymous by claiming responsibility for hacks carried out by others, bragging to the media with hyperbolic quotes, accusing others of being sellouts and snitches and encouraging hacks into government and corporate websites,” it continued. “He enabled hackers and facilitated hacks by supplying several servers for storage of hacked emails and databases, cracking encrypted password lists, suggesting specific targets and offering step-by-step technical advice to people as they were breaking into systems. Impressionable and less experiences hackers, eager to please a visible Anonymous ‘leader’ would send him their half-finished vulnerability findings; Sabu would then pass this information along to skilled hackers to finish the job.”

Practically at the same time that Hammond’s alleged statement surfaced on Thursday, the online digital library Cryptome.org published a 94-page collection of court documents that seem to further show the extent of the FBI’s role in coercing Anonymous with the help of their undercover informant. [Notice: Upon initial publishing of this article, RT became aware that these documents were made available by the court on the PACER website on April 16. However, they were not reported on until now]

Included in that trove are letters to Judge Preska allegedly authorized by Hammond’s legal counsel, as well as dozens of pages of internet chat transcripts between web accounts purportedly registered to their client and the FBI’s informant. In one document, dated November 1, 2013, attorney Susan Kellman acknowledged that discovery in the case “further reveals that while cooperating with the government, Mr. Monsegur challenged Mr. Hammond to access many international government websites and servers.”

“Over the course of numerous chat logs, Mr. Monsegur, presumably under government direction, repeatedly asked Mr. Hammond to provide passwords or root backdoor information to access these sites,” Kellman continued.

“In some cases,” the attorney added, “…it appears as though the United States government was actively facilitating the hacking of foreign government websites.”

Also within the leaked cache is one document, a “discovery timeline pertaining to hacks of foreign websites,” in which the defense outlined no fewer than 26 times in which Monsegur supplied Hammond with information about those targets or provided assistance between January 23, 2012 and February 15.

Elsewhere, chat logs between the two hackers and sometimes other associates corroborated the defense’s claims. In one, for instance, Monsegur boasted that he helped other hackers “step by step into getting into the mail server” of a target. In another, he instructed Hammond to have other hackers “backdoor urls” of targeted sites, essentially providing unfettered access to anyone aware of the exploit — and, in this instance, the US government.

In the previously unpublished statement attributed to Hammond that surfaced this week, he wrote that “Manipulating hackers to break into international websites to steal emails and databases is a previously undisclosed aspect of the wide-ranging cyber and surveillance operations being carried out by the NSA and other agencies.” Indeed, a review group assembled by President Barack Obama said in December that the National Security Agency and other government organization must refrain from stockpiling so-called “zero day” exploits that, when executed, allow attackers to take advantage of vulnerabilities that have yet to be acknowledged, let alone patched.

“The single biggest problem in computational ethics right now is the perverse market incentives provided to software exploit developers,” Andrew Auernheimer, a formerly-convicted security hacker who was released from prison earlier this month, told RT on Thursday. Auernheimer, 28, was prosecuted by the federal government after disclosing a security flaw in the servers of AT&T’s computers that allowed him to access the email address of roughly 114,000 Apple iPad owners. He was found guilty by jury of computer fraud in late 2012, but last month his conviction was vacated by the Third Circuit Court of Appeals.

Since his release, Auernheimer — who is not affiliated with Anonymous — has said he plans on starting a hedge fund in order to further support endeavors that will help publicize flaws discovered on the systems of publically-traded companies. As evidenced by the newly released Hammond documents, however, exploits are hard to get a hold of unless you’re a either a well-funded government willing to write a check to ethically-bankrupt security experts or, in this case, coaxing hackers into doing the dirty work for you.

“The only way to make money is to sell them to government agencies and In-Q-Tel investments,” Auernheimer told journalist Andrew Blake for RT on Thursday, referring to the venture capital fund that was launched with the aid of Central Intelligence Agency backing.

According to the just-surfaced statement from Hammond, the former Anonymous hacktivist believes it’s high time that those governments change ways as well.

“The government hopes that my conviction will legitimize the abusive tactics and illegal objectives it sponsors,” he said, according to the document. “I took responsibility for my actions, now it is time for the government to answer for its own crimes.”

When reached by phone on Thursday afternoon, a person at the law office that represented Hammond during his trial said his counsel would “absolutely not” verify the authenticity of the leaked documents. A protective order filed in May 2012 — and amended after the defense was provided with the discovery documents leaked this week — prohibits sharing of those files.

Monsegur is next scheduled to be sentenced May 8 in New York, although his attorneys have requested and received adjournments no fewer than half-a-dozen times during the last two years. In each instance, Judge Preska agreed to postpone his sentencing on account of ongoing cooperation with federal investigators.