Hammond faces up to 10 years in prison and $2.5 million restitution for Stratfor, law enforcement hacks committed under the banners of Anonymous, AntiSec and LulzSec.

Mathew J. Schwartz, Contributor

May 29, 2013

4 Min Read

The Syrian Electronic Army: 9 Things We Know

The Syrian Electronic Army: 9 Things We Know


(click image for larger view)
The Syrian Electronic Army: 9 Things We Know

A hacktivist with ties to Anonymous, LulzSec and AntiSec has pleaded guilty to hacking charges.

Jeremy Hammond, 28, pleaded guilty Tuesday to one count of conspiracy to engage in computer hacking, for which he'll face up to 10 years in prison. Hammond, who's agreed to pay up to $2.5 million in restitution, is due to be sentenced in September.

As part of his guilty plea, Hammond admitted to masterminding an attack against private intelligence agency Stratfor (aka Strategic Forecasting) in December 2011 that resulted in the compromise of account information for approximately 860,000 Stratfor users. Hammond and his fellow attackers also published emails and stolen data relating to approximately 60,000 credit cards, with which over $700,000 in unauthorized charges were made.

Hammond also admitted to participating in numerous other hack attacks, including the FBI's Virtual Academy (June 2011), the Arizona Department of Public Safety (June 2011), Brooks-Jeffrey Marketing (June 2011), Special Forces Gear (August 2011), Vanguard Defense Industries (August 2011), the Jefferson County Sheriff's Office in Alabama (October 2011), the Boston Police Patrolmen's Association (October 2011) and Combined Systems (February 2012).

[ Multiple arrests have slowed but not stopped Anonymous. Read Anonymous Threatens Gitmo, U.S. Locks Down Wi-Fi. ]

"While he billed himself as fighting for an anarchist cause, in reality, Jeremy Hammond caused personal and financial chaos for individuals whose identities and money he took and for companies whose businesses he decided he didn't like," said Manhattan U.S. Attorney Preet Bharara in a statement. "He was nothing more than a repeat offender cybercriminal who thought that because of his computer savvy he was above the law that binds and protects all of us -- the same law that assured his rights in a court of law and allowed him to decide whether to admit his guilt or assert his innocence."

"Now that I have pleaded guilty it is a relief to be able to say that I did work with Anonymous to hack Stratfor, among other websites," according to a statement released by Hammond on Tuesday. "Those others included military and police equipment suppliers, private intelligence and information security firms, and law enforcement agencies. I did this because I believe people have a right to know what governments and corporations are doing behind closed doors. I did what I believe is right."

Hammond was first charged in a superseding indictment in May 2012. The indictment was prepared using evidence gathered in part through the efforts of the LulzSec leader known as Sabu -- real name: Hector Xavier Monsegur -- who turned informant after being quietly arrested by the FBI in June 2011.

In May 2012, Hammond pleaded not guilty to all of the charges filed against him. If found guilty of all charges filed against him, Hammond faced a potential prison sentence of more than 30 years. That fact, relayed by a judge to Hammond during a Nov. 2012 bail hearing, triggered a sharp debate about sentencing guidelines for computer crimes.

That debate intensified again in January 2013, after activist and Reddit founder Aaron Swartz committed suicide. Swartz downloaded millions of academic articles from the JSTOR academic database, which he ultimately returned to JSTOR and promised to not distribute. But federal prosecutors still charged Swartz with 13 felony violations, including wire fraud, computer fraud, "recklessly damaging" a computer and unauthorized access, which could have seen Swartz serve more than 35 years in prison.

Four other men were named in the May 2012 superseding indictment used to charge Hammond: Ryan Ackroyd (aka Kayla), Jake Davis (aka topiary), Darren Martyn (aka pwnsauce) and Donncha O'Cearrbhail (aka Palladium). The other men were accused of such crimes as hacking the websites of Fox Broadcasting Company, Public Broadcasting Service (PBS) and Sony Pictures Entertainment.

Earlier this month, Ackroyd and Davis pleaded guilty to some related hacking charges filed against them by British authorities, and were respectively sentenced in a London courtroom to 30 months and 24 months in prison. Prosecutors in the United States haven't disclosed whether they'll seek either man's extradition to stand trial on the U.S. charges against them.

About the Author(s)

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights