Imprisoned hacktivist Jeremy Alexander Hammond, a former WikiLeaks source once regarded as the FBI’s most-wanted cybercriminal, has been called to testify before a federal grand jury in the Eastern District of Virginia in the US, Gizmodo has learned.
On Saturday, the Jeremy Hammond Support Committee announced that the 34-year-old Chicago hacker had been transferred from his medium-security prison in Memphis, in the US state of Tennessee, to a federal transfer centre in Oklahoma City. He is likely in transit, they said, to Virginia, where he’s expected to be questioned before a grand jury regarding his past ties with WikiLeaks, the anti-secrecy organisation whose founder, Julian Assange, is currently facing a slew of federal charges, including several under America's Espionage Act.
“Given the secrecy of grand jury proceedings, we don’t know the nature or scope of the grand jury’s investigation. However, our assumption is that this is the same grand jury that Chelsea Manning is currently being incarcerated for refusing to testify before,” Hammond’s support committee said.
Hammond’s transfer and potential testimony, which supporters say he’s unlikely to give, raises new questions about the scope of the US government’s criminal case against WikiLeaks. The charges against Assange have thus far been limited to events linked to the release of classified US government documents provided by former Army intelligence analyst Chelsea Manning, who is herself being held in a Virginia jail for refusing to give a grand jury her testimony.
In November, Gizmodo US reported that WikiLeaks had provided Hammond and his AntiSec hacking crew with access to a custom search engine tool in early 2012 in an effort to aid the hackers in rifling through a batch of more than 5 million emails, which AntiSec had plundered from the servers of a private intelligence firm the month before. That year, WikiLeaks would begin publishing and sharing with its worldwide media partners the same tranche of emails, which it named the “Global Intelligence Files.”
An anarchist who waged cyberwar against police departments, private security firms, and other institutions he deemed symbols of tyranny and social control, Hammond pleaded guilty in 2013 to attacking Stratfor, the global intelligence firm based in Austin, Texas. Among Stratfor’s clients at the time were the US Departments of Homeland Security and Defense, employees of the National Security Agency, countless police agency heads, and, among other notable figures, former Secretary of State Henry Kissinger.
After stealing some 60,000 credit cards from the company, Hammond and his “revolutionary comrades” carried out what they called an “act of loving egalitarian criminality,” using the cards to donate tens of thousands of dollars to charities, prisoner support groups, and digital rights organisations, including the Electronic Frontier Foundation, Greenpeace, and the American Red Cross. The hackers eventually totalled more than $700,000 (£572,000) in fraudulent charges, according to one FBI estimate.
To his downfall, Hammond counted among his closest comrades in arms, unknowingly, an informant for the FBI, whose every conversation with him online – including many instigating criminal acts – was closely monitored by federal agents in the bureau’s Manhattan field office.
“Jeremy pled guilty to put an end to the case against him,” his support group said in a statement. “He pled guilty because he had no interest in cooperating with the government. He was sentenced to 10 years – the maximum allowed under his plea agreement – and has been serving his time, counting down to the day that he will finally be free. That day was supposed to come in mid-December of 2019.”
Hammond, his supporters say, has been voluntarily enrolled in an intensive substance abuse programme known as RDAP, which studies have found, according to the Bureau of Prisons, to reduce drug relapse and recidivism in prisoners. Those who successfully complete the programme are eligible for a 12-month reduction of their sentence. His legal team now believes, however, that because he was called to testify in Virginia, he is no longer eligible for early release, flushing months of hard work down the drain.
“The government’s effort to try to compel Jeremy to testify is punitive and mean-spirited,” his supporters said, adding: “In bringing him against his will to the Eastern District of Virginia, the government has put an end to his participation in the RDAP drug programme, effectively adding a year to his sentence.”
AntiSec: Anarchists of Anonymous
Under the flag of Anonymous, Hammond and his team spent most of 2011 laying waste to government websites, with a particular focus on law enforcement. While the group’s chosen name, AntiSec, was derived from the anti-security movement founded over a decade before, in reality, they had little in common with the movement, the chief focus of which was waging war on the security industry. Hammond’s AntiSec was instead primarily virulent towards capitalists, prisons, and police.
Unlike LulzSec and most of the other groups who had claimed the Anonymous name for their own, AntiSec, like Hammond, who had once placed on a terrorist watchlist, was purely anarchistic.
Citing coordinated crackdowns on Occupy Wall Street protesters in 2011, AntiSec pilfered the emails, passwords, and credit card information of the New York State Association of Chiefs of Police and the California Statewide Law Enforcement Association. They also attacked what Hammond called the police “supply chain,” breaking into the website of a military and law enforcement equipment supplier and then gleefully publishing the home addresses of thousands of its military and police customers.
“While we attacked the institutions of capitalism, it would only make sense to attack those who enforce it, the inherently oppressive protectors of property and purveyors of social control; the pigs, the fuzz... the police,” Hammond wrote in a press release announcing the attacks.
A leaked photo of Jeremy Hammond’s laptop taken at an FBI forensics lab shortly after his arrest. (Photo: FBI)
In another post touting the defacement and destruction of some 70 law enforcement websites, which had been carried out in the names of Anonymous hackers arrested by police, AntiSec wrote: “We have no sympathy for any of the officers or informants who may be endangered by the release of their personal information.” For too long, the hackers said, police had spied on them and abused their own personal information. “Retribution,” they said, “was at hand.”
Prior to breaking away from the mostly Britain-based hackers who merely did hacks “for the lulz,” AntiSec published private emails, addresses, and passwords belonging to the Arizona Department of Public Safety. In a statement titled “Chinga La Migra” (“fuck immigration enforcement”), AntiSec cited as justification SB 1070, an Arizona law that made it a misdemeanour for legal immigrants to be caught without a government ID card.
The ASCII art that accompanied the post, released in the name of LulzSec (even though its core members were not directly involved) included a crudely drawn assault rifle with the phrase “off the pigs” written on the stock.
A LulzSec press release that included emails, phone numbers, passwords and home addresses stolen by AntiSec hackers from the Arizona Department of Public Safety in June 2011.
While under interrogation by British police the following month, one core LulzSec member would tell two detectives that he thought the attack “was too extreme.” The cops played dumb. “What does it mean, sorry?” one asked.
It means, the underage hacker said while explaining he’d had to Google the phrase himself, “Kill the police.”
FBI’s Misleading Stratfor Story
In early March 2012, the week of Hammond’s arrest, the FBI began to paint a picture for the press of how the hack on Stratfor went down. It rarely resembled reality.
In a story titled “Inside the Stratfor Attack,” a New York Times reporter labelled as “conspiracy theorists” anyone who believed the FBI had simply allowed the attack to occur. The story included a timeline offered by FBI officials that suggested Hammond had first hacked Stratfor and then notified one of the bureau’s informants, Hector Monsegur, a 28-year-old foster parent living in Manhattan’s Alphabet City neighbourhood who went by the name Sabu.
The FBI, the Times reported, had not learned of the breach until 6 December 2011, “after the hackers had already infiltrated the company’s network.” But FBI surveillance records leaked to journalists in 2014 told a radically different story.
An unknown hacker named “Hyrriiya” announces he’s hacked Stratfor on 4 December 2011.
The files, which remain under seal at the time of writing, revealed that Monsegur had been informed that Stratfor was already compromised two days earlier, on 4 December, when another hacker – whom the FBI has yet to charge or even publicly acknowledge – provided him with stolen credit cards belonging to several Stratfor customers. The list included employees of the North Atlantic Treaty Organization (NATO), the defence contractor Raytheon, and the US National Security Agency (NSA), among others.
“[W]e would love to penetrate their users/network for #antisec,” Monsegur told the hacker, who went by the handle Hyrriiya, “definitely get me details so I can begin working ;)“
On 4 December 2011, “Sabu,” whose computer was being keylogged by FBI, learns that Stratfor has been hacked. (Photo: FBI (Leaked))
Hammond would not learn about the breach for a full day, records reveal. On 5 December, he was pinged by Monsegur, who showed him the stolen credit card data and said another hacker had offered AntiSec “complete control” of a “big intelligence company.” Within a few hours, Monsegur introduced Hammond to Hyrriiya, warning both to keep the conversations in a single private room. The FBI was recording everything.
The idea that the FBI was not aware of the events runs contrary to the government’s claims in federal court. Monsegur’s relationship with the bureau was described by the judge overseeing the case as “virtual around-the-clock cooperation.” Monsegur’s own attorney announced in court that the FBI was tracking “everything he typed with a key-logging program.” By that time, logs of the conversations that showed Hammond had been encouraged to attack Stratfor were already in the hands of his defence team. But rather than fight the case, he agreed to a deal, which limited his sentence to 10 years behind bars.
FBI-logged chats show Monsegur (Sabu), at the time an FBI informant, introducing Hammond (@sup_g) to an unknown hacker who to help AntiSec breach Stratfor’s servers. (Photo: FBI (Leaked))
The FBI would have good reason to exclude these details, however, when it granted an interview to the New York Times and other reporters. Even informants permitted to engage in criminal activity under the US Attorney General’s guidelines are forbidden to “initiate or instigate a plan or strategy to commit a federal, state, or local offence.”
In May 2012, a letter surfaced attributed to “Hyrriiya” and addressed to Hammond’s defence team. “I am stating and admitting, AS FACT,” it said, “that I was the person who hacked Stratfor.” The letter pointed to specific private conversations between Hyrriiya and Monsegur that could not have been known by anyone else – other than the FBI.
A leaked confidential forensics report would later show that Stratfor was at least partly to blame for the disaster (or at least would be in the post-Equifax era in which corporations are scrutinised over flawed security practices). The investigation, conducted by a security team from American telecommunications company Verizon, found that Stratfor had failed to implement proper controls over vital systems, which were not protected by a firewall and lacked proper file integrity-monitoring. The report explicitly states, in fact, that “several distinct vulnerabilities and network configurations existed” that enabled the hackers to easily slip in.
Stratfor’s network was “wide open,” it said. Attaining root access to its servers was so easy it didn’t even require a password. A leaked internal memo would later calculate the total cost of the breach at $3.78 million (£3.09 million), some of which Texas journalist Barrett Brown was later ordered to pay in the form of restitution, though he took no part in the attack.
Enter WikiLeaks, After the Hack
FBI surveillance records reveal much about the nature of WikiLeaks’ involvement in the Stratfor attack, all of it occurring well after the fact. AntiSec members, including Hammond and Monsegur, both claimed at different times to be in contact with Assange – or, at least, a person whom they believed to be him. It’s impossible to know for certain the identity of the person with whom they were corresponding. (At one point, the hackers even thought that maybe they were talking to Assange while he was pretending to be someone else.)
Nevertheless, the FBI-captured conversations indicate that WikiLeaks did not formally request access to the emails until after AntiSec had gone public about the attack on 25 December 2011, a day the hacking group referred to as “LulzXMas.”
Hammond (@sup_g) discussing the release of Stratfor emails to WikiLeaks with other AntiSec members on 29 December 2011. (Screenshot: FBI (Leaked))
On 26 December of that year, as AntiSec released some 30,000 Stratfor credit cards to the public, Monsegur informed Hammond that Assange had reached out. “I think wikileaks wants the emails,” he said. “JA says he wants to look at emails first, see if they can do something with it,” he added. “[I]f the mails are in fact juicy to the point wikileaks will accept it then its a wrap.”
Being a part of a major WikiLeaks release, Hammond believed, would be “groundbreaking.”
Close to midnight on 29 December, Hammond announced that Assange was “almost done copying the files.” Other hackers in the chatroom, most of whom had been tasked with running up fraudulent charges with credit cards stolen from Stratfor, were warned to keep the partnership under wraps. Hammond wondered aloud: “I wonder how criminally liable JA and folks could be by admitting having received hacked stolen and controversial files from us.”
Another hacker replied, “Well, NPR wanted them.”
Hammond (yohoho) and Monsegur (leondavidson) discussing contact with WikiLeaks on 12 January 2012, two months before Hammond was arrested. (Screenshot: FBI (Leaked))
Two weeks later, Hammond reported that he was back in contact with Assange. The hackers were growing restless and wondered when their partnership with WikiLeaks would be announced.
“[H]e gave me access to a search engine script for these [S]tratfor emails,” Hammond said. Asked whether the script worked, Hammond said it was “pretty primitive but it works,” adding that “JA” had also offered to share access with anyone on AntiSec’s team, and that he’d asked WikiLeaks to give Monsegur access. Monsegur, meanwhile, was also secretly hosting the emails on an FBI server.
“Just wait for him to hit me up,” Monsegur said back, “these wikileaks are bitches about things. they asked me to hack [the] icelandic government. I did it and they stopped talking to me.”
“I felt like a whore,” he said.
Featured image: Federal Bureau of Investigation (Leaked)