Yesterday, former Anonymous, Lulzsec, and Antisec hacker Jeremy Hammond (Anarchaos) was sentenced to 10 years, after pleading guilty to the hacking of Strator, a global private intelligence company. Upon the objections of federal prosecutors, Jude Loretta Preska struck portions of Hammond's sentencing statement. These stricken portions later surfaced on the internet some time after the sentencing. In them, Hammond suggests the federal government supplied Hammond and other hackers with foreign government targets.
In his statement, Hammond claimed Sabu supplied 'lists of targets that were vulnerable to 'zero day exploits''-that is, previously unknown security holes. He also emphasized that pilfered files (including the Stratfor data) were stored on Sabu's server, which was operated by the FBI.
'At [Sabu's] request, these websites were broken into, their emails and databases were uploaded to Sabu's FBI server, and the password information and the location of root backdoors were supplied,' stated Hammond to the court. 'These intrusions took place in January/February of 2012 and affected over 2000 domains, including numerous foreign government websites in Brazil, Turkey, Syria, Puerto Rico, Colombia, Nigeria, Iran, Slovenia, Greece, Pakistan, and others.'
Looking at that list, all but Puerto Rico and perhaps Slovenia are strategic US targets for one reason or another. Brazil is increasingly become a rival economic competitor in the Western hemisphere; Turkey is a bulwark against Iran and other volatile Islamic dictatorships; hacking Syrian government websites is self-evident (more on that below); and so on.
Hammond recollected the compromised websites being 'the official website of the Governor of Puerto Rico, the Internal Affairs Division of the Military Police of Brazil, the Official Website of the Crown Prince of Kuwait, the Tax Department of Turkey, the Iranian Academic Center for Education and Cultural Research, the Polish Embassy in the UK, and the Ministry of Electricity of Iraq.'
Syria's inclusion on this list should raise eyebrows. It's easy to forget that with 2013 being a year of such escalating civil war bloodshed, Syria was already a target for hackers several years prior. And remember that in 2011 Anonymous made a lot of noise about hacking Syria's Ministry of Defense website.
'To the Syrian people: The world stands with you against the brutal regime of Bashar Al-Assad,' read Anonymous's message in both English and Arabic. ' ... To the Syrian military: You are responsible for protecting the Syrian people, and anyone who orders you to kill women, children, and the elderly deserves to be tried for treason. No outside enemy could do as much damage to Syria as Bashar Al-Assad has done. Defend your country - rise up against the regime!'
Free Hammond by Molly CrabappleAlso recall that the Syrian Electronic Army formed in 2011 in response to these hacks, and didn't really hit its stride until 2012. According to Hammond, the FBI gained access to Syrian systems and data through the puppeteering of Sabu.
'Sabu ... infiltrated a group of hackers that had access to hundreds of Syrian systems including government institutions, banks, and ISPs,' Hammond stated. 'He logged several relevant IRC channels persistently asking for live access to mail systems and bank transfer details. The FBI took advantage of hackers who wanted to help support the Syrian people against the Assad regime, who instead unwittingly provided the U.S. government access to Syrian systems, undoubtedly supplying useful intelligence to the military and their buildup for war.'
Hammond said that all of this can be 'easily confirmed by chat logs the government provided' to Anonymous; made possible, of course, by the federal government's discovery obligations in Hammond's case.
'However, the full extent of the FBI's abuses remains hidden,' stated Hammond, striking a rather ominous tone. 'Because I pled guilty, I do not have access to many documents that might have been provided to me in advance of trial, such as Sabu's communications with the FBI. In addition, the majority of the documents provided to me are under a 'protective order' which insulates this material from public scrutiny. As government transparency is an issue at the heart of my case, I ask that this evidence be made public. I believe the documents will show that the government's actions go way beyond catching hackers and stopping computer crimes.'
Read the rest of the Jeremy Hammond's powerfully eloquent sentencing statement here.
Elsewhere in his sentencing statement, Hammond admitted he didn't how other data supplied to Sabu was used by the government. The hacker suggested, however, that the government's collection and use of this data should be investigated. 'The government celebrates my conviction and imprisonment, hoping that it will close the door on the full story,' Hammond added. 'I took responsibility for my actions, by pleading guilty, but when will the government be made to answer for its crimes?'
If Hammond is right, then the FBI and, indeed, President Obama have some serious 'splaining to do. And the fact that portions of Hammond's statement were stricken by Judge Preska is also troubling. Even if Hammond were wrong about the FBI's feeding of targets to Sabu, the federal prosecutor's objections Hammond's accusations, allowed by Preska, is a vile form of censorship.