Stratfor email, credit-card hacker Hammond thrown in cooler for 10 YEARS
Max sentence after Anonymous went on $700,000 spree with swiped cards
Jeremy Hammond, the hacker who cracked open the database of intelligence organization Stratfor, had hoped for some leniency when he pleaded guilty to one charge of violating the Computer Fraud and Abuse Act.
But instead a judge in New York today gave him the maximum sentence, 10 years, and three years' post-imprisonment probation with severe limits on his internet access.
"They have made it clear they are trying to send a message to others who come after me. A lot of it is because they got slapped around, they were embarrassed by Anonymous and they feel that they need to save face," Hammond told The Guardian the day before his sentencing in anticipation of a "vengeful, spiteful" punishment.
Hammond, acting with the LulzSec hacking crew offshoot of Anonymous, cracked Stratfor's servers in December 2011 and harvested a trove of emails and credit card numbers. The 200GB of emails went to WikiLeaks, and LulzSec dumped 60,000 credit card numbers online after claiming to use them for making millions in charitable donations (although that figure turned out to be a not-insignificant $700,000).
Hammond was arrested in March 2012 after the head of LulzSec Hector Monsegur aka Sabu, told the FBI who had compromised Stratfor's network. Sabu was pinched by the Feds in June 2011, and had agreed to act as a stool pigeon in exchange for a lesser sentence; his evidence has put the core members of LulzSec behind bars.
According to Hammond, Sabu approached him to carry out the Stratfor attack because he'd heard Hammond had a hacking tool that could crack its break into the company's systems. Hammond said he had never even heard of Stratfor before the hack, but that Sabu gave him details of how and where to attack.
"I felt betrayed, obviously. Though I knew these things happen," Hammond said. "What surprised me was that Sabu was involved in so much strategic targeting, in actually identifying targets. He gave me the information on targets."
Hammond said he didn’t personally profit from the Stratfor hack, and carried it out for ideological reasons; saying people had a right to know what was going on in these intelligence-gathering companies. He said he was inspired by whistleblower Chelsea Manning and by the Occupy movement.
However, sentencing judge Loretta Preska disagreed, branding the aim of the Stratfor campaign as “destroying the target, hoping for bankruptcy, collapse.”
“These are not the actions of Martin Luther King, Nelson Mandela … or even Daniel Ellsberg,” she said. “There’s nothing high minded or public-spirited about causing mayhem.”
It seems unlikely that any of the stolen credit cards will have cost their owners much in the way of costs, given the obviously fraudulent use. But the hack did cost Stratfor $1.75m in free subscriptions after customers who had their personal data swiped brought a class-action suit against the firm.
The emails Hammond lifted were published by WikiLeaks in February last year under the title "Global Intelligence Files," and revealed names of some of Stratfor's governmental, military and commercial contacts.
One email reference the existence of a sealed indictment that had been prepared for Wikileaker-in-chief Julian Assange, while another said Osama Bin Laden's body hadn't been buried at sea but delivered to Dover Air Force Base. Stratfor CEO George Friedman said some of the emails were accurate, while others had been tampered with, while declining to say which were which.
As for Hammond, he has served 20 months in prison already and has at least another four years to spend in the big house before he is eligible for parole – during which his use of encrypted communications will be banned. He said he will spend his time inside "reading, writing, working out and playing sports – training myself to become more disciplined so I can be more effective on my release."
"I think my days of hacking are done. That's a role for somebody else now," he explained. ®
Sponsored: Data Loss Prevention & Data Theft Prevention