Attacks/Breaches
5/29/2013
11:38 AM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Hacker Jeremy Hammond Pleads Guilty

Hammond faces up to 10 years in prison and $2.5 million restitution for Stratfor, law enforcement hacks committed under the banners of Anonymous, AntiSec and LulzSec.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
A hacktivist with ties to Anonymous, LulzSec and AntiSec has pleaded guilty to hacking charges.

Jeremy Hammond, 28, pleaded guilty Tuesday to one count of conspiracy to engage in computer hacking, for which he'll face up to 10 years in prison. Hammond, who's agreed to pay up to $2.5 million in restitution, is due to be sentenced in September.

As part of his guilty plea, Hammond admitted to masterminding an attack against private intelligence agency Stratfor (aka Strategic Forecasting) in December 2011 that resulted in the compromise of account information for approximately 860,000 Stratfor users. Hammond and his fellow attackers also published emails and stolen data relating to approximately 60,000 credit cards, with which over $700,000 in unauthorized charges were made.

Hammond also admitted to participating in numerous other hack attacks, including the FBI's Virtual Academy (June 2011), the Arizona Department of Public Safety (June 2011), Brooks-Jeffrey Marketing (June 2011), Special Forces Gear (August 2011), Vanguard Defense Industries (August 2011), the Jefferson County Sheriff's Office in Alabama (October 2011), the Boston Police Patrolmen's Association (October 2011) and Combined Systems (February 2012).

[ Multiple arrests have slowed but not stopped Anonymous. Read Anonymous Threatens Gitmo, U.S. Locks Down Wi-Fi. ]

"While he billed himself as fighting for an anarchist cause, in reality, Jeremy Hammond caused personal and financial chaos for individuals whose identities and money he took and for companies whose businesses he decided he didn't like," said Manhattan U.S. Attorney Preet Bharara in a statement. "He was nothing more than a repeat offender cybercriminal who thought that because of his computer savvy he was above the law that binds and protects all of us -- the same law that assured his rights in a court of law and allowed him to decide whether to admit his guilt or assert his innocence."

"Now that I have pleaded guilty it is a relief to be able to say that I did work with Anonymous to hack Stratfor, among other websites," according to a statement released by Hammond on Tuesday. "Those others included military and police equipment suppliers, private intelligence and information security firms, and law enforcement agencies. I did this because I believe people have a right to know what governments and corporations are doing behind closed doors. I did what I believe is right."

Hammond was first charged in a superseding indictment in May 2012. The indictment was prepared using evidence gathered in part through the efforts of the LulzSec leader known as Sabu -- real name: Hector Xavier Monsegur -- who turned informant after being quietly arrested by the FBI in June 2011.

In May 2012, Hammond pleaded not guilty to all of the charges filed against him. If found guilty of all charges filed against him, Hammond faced a potential prison sentence of more than 30 years. That fact, relayed by a judge to Hammond during a Nov. 2012 bail hearing, triggered a sharp debate about sentencing guidelines for computer crimes.

That debate intensified again in January 2013, after activist and Reddit founder Aaron Swartz committed suicide. Swartz downloaded millions of academic articles from the JSTOR academic database, which he ultimately returned to JSTOR and promised to not distribute. But federal prosecutors still charged Swartz with 13 felony violations, including wire fraud, computer fraud, "recklessly damaging" a computer and unauthorized access, which could have seen Swartz serve more than 35 years in prison.

Four other men were named in the May 2012 superseding indictment used to charge Hammond: Ryan Ackroyd (aka Kayla), Jake Davis (aka topiary), Darren Martyn (aka pwnsauce) and Donncha O'Cearrbhail (aka Palladium). The other men were accused of such crimes as hacking the websites of Fox Broadcasting Company, Public Broadcasting Service (PBS) and Sony Pictures Entertainment.

Earlier this month, Ackroyd and Davis pleaded guilty to some related hacking charges filed against them by British authorities, and were respectively sentenced in a London courtroom to 30 months and 24 months in prison. Prosecutors in the United States haven't disclosed whether they'll seek either man's extradition to stand trial on the U.S. charges against them.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jries921
50%
50%
jries921,
User Rank: Apprentice
6/1/2013 | 8:45:34 PM
re: Anonymous Hacker Jeremy Hammond Pleads Guilty
If he really thinks his actions are morally justified, then the sentence is part of the cost which society must impose for violations of law. But perhaps while he's doing his time, he might think of better ways to establish the open society he wants. He might even come to realize that a society in which everybody lives in a glass house and is subject to harassment by whomever decides to take a disliking to him isn't all that great to live in after all.
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

CVE-2014-7292
Published: 2014-10-23
Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx.

CVE-2014-8071
Published: 2014-10-23
Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to all...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.