Attacks/Breaches
5/29/2013
11:38 AM
50%
50%

Anonymous Hacker Jeremy Hammond Pleads Guilty

Hammond faces up to 10 years in prison and $2.5 million restitution for Stratfor, law enforcement hacks committed under the banners of Anonymous, AntiSec and LulzSec.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
A hacktivist with ties to Anonymous, LulzSec and AntiSec has pleaded guilty to hacking charges.

Jeremy Hammond, 28, pleaded guilty Tuesday to one count of conspiracy to engage in computer hacking, for which he'll face up to 10 years in prison. Hammond, who's agreed to pay up to $2.5 million in restitution, is due to be sentenced in September.

As part of his guilty plea, Hammond admitted to masterminding an attack against private intelligence agency Stratfor (aka Strategic Forecasting) in December 2011 that resulted in the compromise of account information for approximately 860,000 Stratfor users. Hammond and his fellow attackers also published emails and stolen data relating to approximately 60,000 credit cards, with which over $700,000 in unauthorized charges were made.

Hammond also admitted to participating in numerous other hack attacks, including the FBI's Virtual Academy (June 2011), the Arizona Department of Public Safety (June 2011), Brooks-Jeffrey Marketing (June 2011), Special Forces Gear (August 2011), Vanguard Defense Industries (August 2011), the Jefferson County Sheriff's Office in Alabama (October 2011), the Boston Police Patrolmen's Association (October 2011) and Combined Systems (February 2012).

[ Multiple arrests have slowed but not stopped Anonymous. Read Anonymous Threatens Gitmo, U.S. Locks Down Wi-Fi. ]

"While he billed himself as fighting for an anarchist cause, in reality, Jeremy Hammond caused personal and financial chaos for individuals whose identities and money he took and for companies whose businesses he decided he didn't like," said Manhattan U.S. Attorney Preet Bharara in a statement. "He was nothing more than a repeat offender cybercriminal who thought that because of his computer savvy he was above the law that binds and protects all of us -- the same law that assured his rights in a court of law and allowed him to decide whether to admit his guilt or assert his innocence."

"Now that I have pleaded guilty it is a relief to be able to say that I did work with Anonymous to hack Stratfor, among other websites," according to a statement released by Hammond on Tuesday. "Those others included military and police equipment suppliers, private intelligence and information security firms, and law enforcement agencies. I did this because I believe people have a right to know what governments and corporations are doing behind closed doors. I did what I believe is right."

Hammond was first charged in a superseding indictment in May 2012. The indictment was prepared using evidence gathered in part through the efforts of the LulzSec leader known as Sabu -- real name: Hector Xavier Monsegur -- who turned informant after being quietly arrested by the FBI in June 2011.

In May 2012, Hammond pleaded not guilty to all of the charges filed against him. If found guilty of all charges filed against him, Hammond faced a potential prison sentence of more than 30 years. That fact, relayed by a judge to Hammond during a Nov. 2012 bail hearing, triggered a sharp debate about sentencing guidelines for computer crimes.

That debate intensified again in January 2013, after activist and Reddit founder Aaron Swartz committed suicide. Swartz downloaded millions of academic articles from the JSTOR academic database, which he ultimately returned to JSTOR and promised to not distribute. But federal prosecutors still charged Swartz with 13 felony violations, including wire fraud, computer fraud, "recklessly damaging" a computer and unauthorized access, which could have seen Swartz serve more than 35 years in prison.

Four other men were named in the May 2012 superseding indictment used to charge Hammond: Ryan Ackroyd (aka Kayla), Jake Davis (aka topiary), Darren Martyn (aka pwnsauce) and Donncha O'Cearrbhail (aka Palladium). The other men were accused of such crimes as hacking the websites of Fox Broadcasting Company, Public Broadcasting Service (PBS) and Sony Pictures Entertainment.

Earlier this month, Ackroyd and Davis pleaded guilty to some related hacking charges filed against them by British authorities, and were respectively sentenced in a London courtroom to 30 months and 24 months in prison. Prosecutors in the United States haven't disclosed whether they'll seek either man's extradition to stand trial on the U.S. charges against them.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jries921
50%
50%
jries921,
User Rank: Ninja
6/1/2013 | 8:45:34 PM
re: Anonymous Hacker Jeremy Hammond Pleads Guilty
If he really thinks his actions are morally justified, then the sentence is part of the cost which society must impose for violations of law. But perhaps while he's doing his time, he might think of better ways to establish the open society he wants. He might even come to realize that a society in which everybody lives in a glass house and is subject to harassment by whomever decides to take a disliking to him isn't all that great to live in after all.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.