Feeds

Stratfor email, credit-card hacker Hammond thrown in cooler for 10 YEARS

Max sentence after Anonymous went on $700,000 spree with swiped cards

Website security in corporate America

Jeremy Hammond, the hacker who cracked open the database of intelligence organization Stratfor, had hoped for some leniency when he pleaded guilty to one charge of violating the Computer Fraud and Abuse Act.

But instead a judge in New York today gave him the maximum sentence, 10 years, and three years' post-imprisonment probation with severe limits on his internet access.

"They have made it clear they are trying to send a message to others who come after me. A lot of it is because they got slapped around, they were embarrassed by Anonymous and they feel that they need to save face," Hammond told The Guardian the day before his sentencing in anticipation of a "vengeful, spiteful" punishment.

Hammond, acting with the LulzSec hacking crew offshoot of Anonymous, cracked Stratfor's servers in December 2011 and harvested a trove of emails and credit card numbers. The 200GB of emails went to WikiLeaks, and LulzSec dumped 60,000 credit card numbers online after claiming to use them for making millions in charitable donations (although that figure turned out to be a not-insignificant $700,000).

Hammond was arrested in March 2012 after the head of LulzSec Hector Monsegur aka Sabu, told the FBI who had compromised Stratfor's network. Sabu was pinched by the Feds in June 2011, and had agreed to act as a stool pigeon in exchange for a lesser sentence; his evidence has put the core members of LulzSec behind bars.

According to Hammond, Sabu approached him to carry out the Stratfor attack because he'd heard Hammond had a hacking tool that could crack its break into the company's systems. Hammond said he had never even heard of Stratfor before the hack, but that Sabu gave him details of how and where to attack.

"I felt betrayed, obviously. Though I knew these things happen," Hammond said. "What surprised me was that Sabu was involved in so much strategic targeting, in actually identifying targets. He gave me the information on targets."

Hammond said he didn’t personally profit from the Stratfor hack, and carried it out for ideological reasons; saying people had a right to know what was going on in these intelligence-gathering companies. He said he was inspired by whistleblower Chelsea Manning and by the Occupy movement.

However, sentencing judge Loretta Preska disagreed, branding the aim of the Stratfor campaign as “destroying the target, hoping for bankruptcy, collapse.”

“These are not the actions of Martin Luther King, Nelson Mandela … or even Daniel Ellsberg,” she said. “There’s nothing high minded or public-spirited about causing mayhem.”

It seems unlikely that any of the stolen credit cards will have cost their owners much in the way of costs, given the obviously fraudulent use. But the hack did cost Stratfor $1.75m in free subscriptions after customers who had their personal data swiped brought a class-action suit against the firm.

The emails Hammond lifted were published by WikiLeaks in February last year under the title "Global Intelligence Files," and revealed names of some of Stratfor's governmental, military and commercial contacts.

One email reference the existence of a sealed indictment that had been prepared for Wikileaker-in-chief Julian Assange, while another said Osama Bin Laden's body hadn't been buried at sea but delivered to Dover Air Force Base. Stratfor CEO George Friedman said some of the emails were accurate, while others had been tampered with, while declining to say which were which.

As for Hammond, he has served 20 months in prison already and has at least another four years to spend in the big house before he is eligible for parole – during which his use of encrypted communications will be banned. He said he will spend his time inside "reading, writing, working out and playing sports – training myself to become more disciplined so I can be more effective on my release."

"I think my days of hacking are done. That's a role for somebody else now," he explained. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.