Feeds

Stratfor email, credit-card hacker Hammond thrown in cooler for 10 YEARS

Max sentence after Anonymous went on $700,000 spree with swiped cards

The Power of One eBook: Top reasons to choose HP BladeSystem

Jeremy Hammond, the hacker who cracked open the database of intelligence organization Stratfor, had hoped for some leniency when he pleaded guilty to one charge of violating the Computer Fraud and Abuse Act.

But instead a judge in New York today gave him the maximum sentence, 10 years, and three years' post-imprisonment probation with severe limits on his internet access.

"They have made it clear they are trying to send a message to others who come after me. A lot of it is because they got slapped around, they were embarrassed by Anonymous and they feel that they need to save face," Hammond told The Guardian the day before his sentencing in anticipation of a "vengeful, spiteful" punishment.

Hammond, acting with the LulzSec hacking crew offshoot of Anonymous, cracked Stratfor's servers in December 2011 and harvested a trove of emails and credit card numbers. The 200GB of emails went to WikiLeaks, and LulzSec dumped 60,000 credit card numbers online after claiming to use them for making millions in charitable donations (although that figure turned out to be a not-insignificant $700,000).

Hammond was arrested in March 2012 after the head of LulzSec Hector Monsegur aka Sabu, told the FBI who had compromised Stratfor's network. Sabu was pinched by the Feds in June 2011, and had agreed to act as a stool pigeon in exchange for a lesser sentence; his evidence has put the core members of LulzSec behind bars.

According to Hammond, Sabu approached him to carry out the Stratfor attack because he'd heard Hammond had a hacking tool that could crack its break into the company's systems. Hammond said he had never even heard of Stratfor before the hack, but that Sabu gave him details of how and where to attack.

"I felt betrayed, obviously. Though I knew these things happen," Hammond said. "What surprised me was that Sabu was involved in so much strategic targeting, in actually identifying targets. He gave me the information on targets."

Hammond said he didn’t personally profit from the Stratfor hack, and carried it out for ideological reasons; saying people had a right to know what was going on in these intelligence-gathering companies. He said he was inspired by whistleblower Chelsea Manning and by the Occupy movement.

However, sentencing judge Loretta Preska disagreed, branding the aim of the Stratfor campaign as “destroying the target, hoping for bankruptcy, collapse.”

“These are not the actions of Martin Luther King, Nelson Mandela … or even Daniel Ellsberg,” she said. “There’s nothing high minded or public-spirited about causing mayhem.”

It seems unlikely that any of the stolen credit cards will have cost their owners much in the way of costs, given the obviously fraudulent use. But the hack did cost Stratfor $1.75m in free subscriptions after customers who had their personal data swiped brought a class-action suit against the firm.

The emails Hammond lifted were published by WikiLeaks in February last year under the title "Global Intelligence Files," and revealed names of some of Stratfor's governmental, military and commercial contacts.

One email reference the existence of a sealed indictment that had been prepared for Wikileaker-in-chief Julian Assange, while another said Osama Bin Laden's body hadn't been buried at sea but delivered to Dover Air Force Base. Stratfor CEO George Friedman said some of the emails were accurate, while others had been tampered with, while declining to say which were which.

As for Hammond, he has served 20 months in prison already and has at least another four years to spend in the big house before he is eligible for parole – during which his use of encrypted communications will be banned. He said he will spend his time inside "reading, writing, working out and playing sports – training myself to become more disciplined so I can be more effective on my release."

"I think my days of hacking are done. That's a role for somebody else now," he explained. ®

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.