FBI provided Anonymous with targets, new leaks show

5 Jun, 2014 15:13 / Updated 10 years ago

Leaked documents pertaining to the case against an American computer hacker currently serving a 10-year prison sentence have exposed discrepancies concerning the government's prosecution and raise further questions about the role of a federal informant.

The documents — evidence currently under seal by order of a United States District Court judge and not made public until now — shines light on several aspects of the case against Jeremy Hammond, a 29-year-old hacktivist from Chicago, Illinois who was arrested in March 2012 with the help of an online acquaintance-turned-government informant. Last May, Hammond entered a plea deal in which he acknowledged his role in a number of cyberattacks waged by the hacktivist group Anonymous and various offshoots; had his case gone to trial, Hammond would have faced a maximum of life behind bars if found guilty by jury.

Articles published in tandem by The Daily Dot and Motherboard on Thursday this week pull back the curtain on the government's investigation into Hammond and reveal the role that Hector Monsegur, a hacker who agreed to cooperate with authorities in exchange for leniency with regards to his own criminal matters, played in directing others towards vulnerable targets and orchestrating cyberattacks against the websites of foreign governments, all while under the constant watch of the US government.

Two-and-a-half years before Hammond pleaded guilty, Monsegur did the same upon being nailed with hacking charges himself. In lieu of risking a hefty sentence, however, Monsegur immediately agreed to aid the authorities and serve as an informant for the Federal Bureau of Investigation, eventually helping law enforcement nab Hammond and others. Last week, Monsegur was finally sentenced for the crimes he pleaded guilty to back in 2012 and was spared further jail time by the same judge who in November sent Hammond away for a decade.

According to this week's revelations, Monsegur did more than just inform for the FBI after his arrest. The articles suggest rather that from behind his internet handle “Sabu,” Monsegur solicited vulnerabilities and targets from a wide range of hackers and then handed them off to other online acquaintances, including Hammond, in order to pilfer, plunder and otherwise ravage the websites and networks of foreign entities and at least one major American corporation.

Combined, the articles and the evidence contained therein corroborate very serious allegations concerning the Justice Department's conduct in the case against Hammond and numerous other hacktivists, while raising numerous questions surrounding the FBI's knowledge in hundreds of cyberattacks and its documented efforts to coordinate those campaigns using their informant.

Excerpts from previously unpublished chat logs and other evidence used in the Hammond case and obtained by the Dot and Motherboard are cited to provide a new point-of-view concerning two matters in particular: the December 2011 hacking of Strategic Forecasting, or Stratfor; and a January 2012 campaign led by Anonymous against government websites in Brazil and the US.

Contrary to the government's claims, the Dot article alleges that Hammond did not mastermind the hack against Stratfor, but was rather told to target the Texas-based intelligence firm after Monsegur was made aware of a vulnerability in its network by a mysterious hacker who used the handle “Hyrriiya.” Weeks’ worth of private chats and group messages logged by Monsegur for the FBI after his arrest confirm that Hyrriiya breached Stratfor first, then sent details to the hacker he knew as “Sabu,” who in turn personally recruited Hammond to take the attack to the next level. For the first time, a clear timeline now exists to show exactly how the hack was hatched first by Hyrriiya, then Monsegur. A claim made ahead of Hammond's sentencing hearing in which he claimed to have never even heard of Stratfor until he was fed the target by Sabu is authenticated with the logs.

Motherboard's report focuses on a span of time only weeks after the Stratfor hack earned Anonymous headlines around the globe. Monsegur at that time was maintaining a list of targets in Brazil that would then be dispersed among members of Anonymous and other hackers to be defaced en masse as part of at least two concurrent cyber operations carried out in early 2012: an anti-corruption campaign against the Brazilian government; and another op in response to the shutdown of file-sharing site Megaupload.

"Sabu would say he wanted so-and-so, that another hacking team wanted this particular target," Hammond told Motherboard from prison last month. "Some Brazilian was looking for people to hack them once I gave him the keys."

Previously, Hammond said that Monsegur directed Anonymous to target websites belonging to no fewer than eight foreign governments while he was fully cooperating with the FBI. Only now, however, has documentation surfaced to verify that claim and others about alleged acts of cyberwar carried out by the the government by proxy.

"It's completely outrageous that they made Sabu into this informant and then, it appears, requested him to then get other hackers to invade sites and look for vulnerabilities in those sites," Michael Ratner, an attorney for WikILeaks, told Motherboard. "What that tells you is that this federal government is really — it's really the major cybercriminal out there."

The articles were first published Thursday morning and were a joint effort by journalists Dell Cameron of the Dot, Daniel Stuckey of Motherboard and RT's Andrew Blake