The feds’ guide to bringing down a hacker from the inside

Earlier this month, Jeremy Hammond was sentenced to 10 years in prison for his role in the hack of security consultancy Stratfor Global Intelligence. Hammond is the biggest fish to be snared after the FBI managed to turn former top Anon Sabu into a confidential informant. His conviction is a dagger in the side of the struggling hacktivist movement.

Quinn Norton has a fascinating post on Medium called “How Antisec died.” It offers an almost-inside view of how the feds targeted and took down the most active members of Anonymous and its kin.

[ For a humorous take on the tech industry’s shenanigans, subscribe to Robert X. Cringely’s Notes from the Underground newsletter and follow Cringely on Twitter. | Check out InfoWorld TechBrief, your source for quick, smart views on the news you’ll be talking about — subscribe today. ]

Norton has reported extensively on the activities of the Anons. More than any reporter I am aware of, she managed to get inside that very secretive, very suspicious org and talk to them, even if she never knew more about them personally than the handles they liked to use in IRC conversations.

What she reveals about how Hammond was taken down, though, isn’t simply a tale of some arrested adolescent who let his hacking talents run amok. Too many details just don’t smell right.

The sting

When Hammond was sentenced, he gave an extended and impressively articulate statement about his role in the hack, his motivations for doing it, and how he got set up by Sabu (aka Hector Xavier Monsegur), a key member of the Anons turned FBI informant. He wrote:

I had never even heard of Stratfor until Sabu brought it to my attention. Sabu was encouraging people to invade systems, and helping to strategize and facilitate attacks. He even provided me with vulnerabilities of targets passed on by other hackers, so it came as a great surprise when I learned that Sabu had been working with the FBI the entire time.

On December 4, 2011, Sabu was approached by another hacker who had already broken into Stratfor’s credit card database. Sabu, under the watchful eye of his government handlers, then brought the hack to Antisec by inviting this hacker to our private chatroom, where he supplied download links to the full credit card database as well as the initial vulnerability access point to Stratfor’s systems.

On Dec. 6, the feds contacted Stratfor, informed the company it was being hacked, and asked it to do nothing to stop it. For three weeks, Hammond had his way with the systems — downloading millions of emails and thousands of customer credit card numbers, which were later used to generate bogus donations to various charities, and trashing the company servers — all while the FBI watched.

Foreign intrigue

But the Stratfor vulnerabilities weren’t the only ones Sabu shared with Hammond. At the FBI’s behest he provided Hammond with a laundry list of vulnerable targets for the hacker to crack, then uploaded all the information Hammond collected onto servers controlled by the FBI.

The names of the targets provided to Hammond were redacted in the statement released by the court. But somebody posted the unredacted list on Pastebin. It’s an eye-opener:

These intrusions took place in January/February of 2012 and affected over 2000 domains, including numerous foreign government websites in Brazil, Turkey, Syria, Puerto Rico, Colombia, Nigeria, Iran, Slovenia, Greece, Pakistan, and others. A few of the compromised websites that I recollect include the official website of the Governor of Puerto Rico, the Internal Affairs Division of the Military Police of Brazil, the Official Website of the Crown Prince of Kuwait, the Tax Department of Turkey, the Iranian Academic Center for Education and Cultural Research, the Polish Embassy in the UK, and the Ministry of Electricity of Iraq.

Hammond’s proof, he says, can be found in the chat logs maintained by the FBI, as well as other documents — all of them under a “protective order” that prohibits them from being made public.

In her Medium post, Norton wrote:

I believe this list, personally, though I can’t prove it. I remember the Brazil, Syria, and Colombia hacks, and some of the talk of Iraq and Puerto Rico. Some of the docs were even screenshot and included in the Lulzxmas video. Some of the Brazilian defacements gave thanks to Antisec and Sabu in particular. Some documents from these hacks appeared online on the now-defunct Anonymous leaks site, par-anoia.net.

For the record, I talked to someone with some 20 years of experience living in the shadows where the security world and federal government intersect. He is skeptical that the feds went to the trouble of targeting Hammond — using Stratfor like a goat tied out to a stake to lure a lion — when there are so many bigger bad guys to bag.

Domestic Web work

Still, the questions these accounts raise provide enough material for another three Jason Bourne movies. For example:

• Hacking foreign government sites, exposing backdoors, pawing through millions of emails — who does that sound like to you? Any three-letter agency that’s been in the news lately?
• Did the feds hand a talented hacker its wish list for places it wanted to break into but didn’t have the skilz? What happened after Hammond opened all those backdoors? Were these foreign entities ever notified about the vulnerabilities?
• How did that Stratfor vulnerability come into Sabu’s possession? According to Norton’s account, “ the vuln had come from outside the group, and that person was out of touch not long after turning it over.” That’s not suspicious or anything.
• Was it perhaps a friendly member of No Such Agency who provided it to the feds, in exchange for that list of foreign backdoors?
• Why did the top fed running the Hammond sting retire three days after the hacker’s arrest and become president of Crowdstrike, a security firm whose MO is to hack the hackers? Did Shawn Henry take the list of backdoors to his new job?
• If you handed a convicted bank robber a list of bank vault combinations, then sat back and watched him go on crime spree for three weeks, wouldn’t you be at least just a bit culpable yourself?
• Finally, why are the chat logs and other the evidence cited by Hammond being kept from the public? If the feds truly acted like the forthright upholders of truth and justice they claim to be, wouldn’t they clear them of such scurrilous suspicions?

Is Hammond guilty of breaking the law? Absolutely, though I’m sure he’d frame it as civil disobedience or political protest. But it also seems pretty clear he was lured into these particular crimes by the feds. If that’s not entrapment, then I don’t know what is.

More important, though, the crimes he committed pale in comparison to the allegedly legal and patently illegal activities undertaken by certain three-letter agencies. Where are the jury trials for those?

What’s worse: hacking a company or a country? Share your thoughts below or email me: cringe@infoworld.com.

This article, “The feds’ guide to bringing down a hacker from the inside,” was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringely’s Notes from the Field blog, follow Cringely on Twitter, and subscribe to Cringely’s Notes from the Underground newsletter.