Feeds

Stratfor email, credit-card hacker Hammond thrown in cooler for 10 YEARS

Max sentence after Anonymous went on $700,000 spree with swiped cards

SANS - Survey on application security programs

Jeremy Hammond, the hacker who cracked open the database of intelligence organization Stratfor, had hoped for some leniency when he pleaded guilty to one charge of violating the Computer Fraud and Abuse Act.

But instead a judge in New York today gave him the maximum sentence, 10 years, and three years' post-imprisonment probation with severe limits on his internet access.

"They have made it clear they are trying to send a message to others who come after me. A lot of it is because they got slapped around, they were embarrassed by Anonymous and they feel that they need to save face," Hammond told The Guardian the day before his sentencing in anticipation of a "vengeful, spiteful" punishment.

Hammond, acting with the LulzSec hacking crew offshoot of Anonymous, cracked Stratfor's servers in December 2011 and harvested a trove of emails and credit card numbers. The 200GB of emails went to WikiLeaks, and LulzSec dumped 60,000 credit card numbers online after claiming to use them for making millions in charitable donations (although that figure turned out to be a not-insignificant $700,000).

Hammond was arrested in March 2012 after the head of LulzSec Hector Monsegur aka Sabu, told the FBI who had compromised Stratfor's network. Sabu was pinched by the Feds in June 2011, and had agreed to act as a stool pigeon in exchange for a lesser sentence; his evidence has put the core members of LulzSec behind bars.

According to Hammond, Sabu approached him to carry out the Stratfor attack because he'd heard Hammond had a hacking tool that could crack its break into the company's systems. Hammond said he had never even heard of Stratfor before the hack, but that Sabu gave him details of how and where to attack.

"I felt betrayed, obviously. Though I knew these things happen," Hammond said. "What surprised me was that Sabu was involved in so much strategic targeting, in actually identifying targets. He gave me the information on targets."

Hammond said he didn’t personally profit from the Stratfor hack, and carried it out for ideological reasons; saying people had a right to know what was going on in these intelligence-gathering companies. He said he was inspired by whistleblower Chelsea Manning and by the Occupy movement.

However, sentencing judge Loretta Preska disagreed, branding the aim of the Stratfor campaign as “destroying the target, hoping for bankruptcy, collapse.”

“These are not the actions of Martin Luther King, Nelson Mandela … or even Daniel Ellsberg,” she said. “There’s nothing high minded or public-spirited about causing mayhem.”

It seems unlikely that any of the stolen credit cards will have cost their owners much in the way of costs, given the obviously fraudulent use. But the hack did cost Stratfor $1.75m in free subscriptions after customers who had their personal data swiped brought a class-action suit against the firm.

The emails Hammond lifted were published by WikiLeaks in February last year under the title "Global Intelligence Files," and revealed names of some of Stratfor's governmental, military and commercial contacts.

One email reference the existence of a sealed indictment that had been prepared for Wikileaker-in-chief Julian Assange, while another said Osama Bin Laden's body hadn't been buried at sea but delivered to Dover Air Force Base. Stratfor CEO George Friedman said some of the emails were accurate, while others had been tampered with, while declining to say which were which.

As for Hammond, he has served 20 months in prison already and has at least another four years to spend in the big house before he is eligible for parole – during which his use of encrypted communications will be banned. He said he will spend his time inside "reading, writing, working out and playing sports – training myself to become more disciplined so I can be more effective on my release."

"I think my days of hacking are done. That's a role for somebody else now," he explained. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.