Feeds

Stratfor email, credit-card hacker Hammond thrown in cooler for 10 YEARS

Max sentence after Anonymous went on $700,000 spree with swiped cards

Internet Security Threat Report 2014

Jeremy Hammond, the hacker who cracked open the database of intelligence organization Stratfor, had hoped for some leniency when he pleaded guilty to one charge of violating the Computer Fraud and Abuse Act.

But instead a judge in New York today gave him the maximum sentence, 10 years, and three years' post-imprisonment probation with severe limits on his internet access.

"They have made it clear they are trying to send a message to others who come after me. A lot of it is because they got slapped around, they were embarrassed by Anonymous and they feel that they need to save face," Hammond told The Guardian the day before his sentencing in anticipation of a "vengeful, spiteful" punishment.

Hammond, acting with the LulzSec hacking crew offshoot of Anonymous, cracked Stratfor's servers in December 2011 and harvested a trove of emails and credit card numbers. The 200GB of emails went to WikiLeaks, and LulzSec dumped 60,000 credit card numbers online after claiming to use them for making millions in charitable donations (although that figure turned out to be a not-insignificant $700,000).

Hammond was arrested in March 2012 after the head of LulzSec Hector Monsegur aka Sabu, told the FBI who had compromised Stratfor's network. Sabu was pinched by the Feds in June 2011, and had agreed to act as a stool pigeon in exchange for a lesser sentence; his evidence has put the core members of LulzSec behind bars.

According to Hammond, Sabu approached him to carry out the Stratfor attack because he'd heard Hammond had a hacking tool that could crack its break into the company's systems. Hammond said he had never even heard of Stratfor before the hack, but that Sabu gave him details of how and where to attack.

"I felt betrayed, obviously. Though I knew these things happen," Hammond said. "What surprised me was that Sabu was involved in so much strategic targeting, in actually identifying targets. He gave me the information on targets."

Hammond said he didn’t personally profit from the Stratfor hack, and carried it out for ideological reasons; saying people had a right to know what was going on in these intelligence-gathering companies. He said he was inspired by whistleblower Chelsea Manning and by the Occupy movement.

However, sentencing judge Loretta Preska disagreed, branding the aim of the Stratfor campaign as “destroying the target, hoping for bankruptcy, collapse.”

“These are not the actions of Martin Luther King, Nelson Mandela … or even Daniel Ellsberg,” she said. “There’s nothing high minded or public-spirited about causing mayhem.”

It seems unlikely that any of the stolen credit cards will have cost their owners much in the way of costs, given the obviously fraudulent use. But the hack did cost Stratfor $1.75m in free subscriptions after customers who had their personal data swiped brought a class-action suit against the firm.

The emails Hammond lifted were published by WikiLeaks in February last year under the title "Global Intelligence Files," and revealed names of some of Stratfor's governmental, military and commercial contacts.

One email reference the existence of a sealed indictment that had been prepared for Wikileaker-in-chief Julian Assange, while another said Osama Bin Laden's body hadn't been buried at sea but delivered to Dover Air Force Base. Stratfor CEO George Friedman said some of the emails were accurate, while others had been tampered with, while declining to say which were which.

As for Hammond, he has served 20 months in prison already and has at least another four years to spend in the big house before he is eligible for parole – during which his use of encrypted communications will be banned. He said he will spend his time inside "reading, writing, working out and playing sports – training myself to become more disciplined so I can be more effective on my release."

"I think my days of hacking are done. That's a role for somebody else now," he explained. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.