Today internet hacktivist Jeremy Hammond was sentenced to 10 years in prison for violating the archaic Computer Fraud and Abuse Act, the same law used against Aaron Swartz.
In his statement Hammond claimed FBI informant Hector Xavier Monsegur a.k.a. “Sabu” assisted and encouraged the use of “zero day exploits” against various governments. The presiding judge, Loretta Preska, had parts of Hammond’s statement redacted but copies of the alleged unredacted statement have surfaced online.
Sabu also supplied lists of targets that were vulnerable to “zero day exploits” used to break into systems, including a powerful remote root vulnerability effecting the popular Plesk software. At his request, these websites were broken into, their emails and databases were uploaded to Sabu’s FBI server, and the password information and the location of root backdoors were supplied. These intrusions took place in January/February of 2012 and affected over 2000 domains, including numerous foreign government websites in Brazil, Turkey, Syria, Puerto Rico, Colombia, Nigeria, Iran, Slovenia, Greece, Pakistan, and others. A few of the compromised websites that I recollect include the official website of the Governor of Puerto Rico, the Internal Affairs Division of the Military Police of Brazil, the Official Website of the Crown Prince of Kuwait, the Tax Department of Turkey, the Iranian Academic Center for Education and Cultural Research, the Polish Embassy in the UK, and the Ministry of Electricity of Iraq. Sabu also infiltrated a group of hackers that had access to hundreds of Syrian systems including government institutions, banks, and ISPs.
Should Hammond really be cited for hacking if the FBI put him up to it using their informant? What did the FBI do with the information Hammond gained access to? Was this all a setup to use someone to gain access to foreign governments?
The FBI has some explaining to do.
All of this happened under the control and supervision of the FBI and can be easily confirmed by chat logs the government provided to us pursuant to the government’s discovery obligations in the case against me. However, the full extent of the FBI’s abuses remains hidden. Because I pled guilty, I do not have access to many documents that might have been provided to me in advance of trial, such as Sabu’s communications with the FBI. In addition, the majority of the documents provided to me are under a “protective order” which insulates this material from public scrutiny. As government transparency is an issue at the heart of my case, I ask that this evidence be made public. I believe the documents will show that the government’s actions go way beyond catching hackers and stopping computer crimes.
Zero day exploits are sold by numerous contractors including Endgame Systems a company that is packed to the gills with NSA retirees. If what Hammond did was actually a violation of CFAA, why aren’t they in jail? And if Hammond was truly being directed and assisted by the FBI during his hacking how can he be guilty of any crime?
It would seem as though there is a lot more to this case than meets the eye.
Update: In response to the sentence Wikileaks has released all remaining Stratfor files.
Update 2: Jeremy’s legal team and support group have asked that only the redacted statement be published and refuse to verify any additional statements that may have been published on the internet or elsewhere.