Attacks/Breaches
5/29/2013
11:38 AM
50%
50%

Anonymous Hacker Jeremy Hammond Pleads Guilty

Hammond faces up to 10 years in prison and $2.5 million restitution for Stratfor, law enforcement hacks committed under the banners of Anonymous, AntiSec and LulzSec.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
A hacktivist with ties to Anonymous, LulzSec and AntiSec has pleaded guilty to hacking charges.

Jeremy Hammond, 28, pleaded guilty Tuesday to one count of conspiracy to engage in computer hacking, for which he'll face up to 10 years in prison. Hammond, who's agreed to pay up to $2.5 million in restitution, is due to be sentenced in September.

As part of his guilty plea, Hammond admitted to masterminding an attack against private intelligence agency Stratfor (aka Strategic Forecasting) in December 2011 that resulted in the compromise of account information for approximately 860,000 Stratfor users. Hammond and his fellow attackers also published emails and stolen data relating to approximately 60,000 credit cards, with which over $700,000 in unauthorized charges were made.

Hammond also admitted to participating in numerous other hack attacks, including the FBI's Virtual Academy (June 2011), the Arizona Department of Public Safety (June 2011), Brooks-Jeffrey Marketing (June 2011), Special Forces Gear (August 2011), Vanguard Defense Industries (August 2011), the Jefferson County Sheriff's Office in Alabama (October 2011), the Boston Police Patrolmen's Association (October 2011) and Combined Systems (February 2012).

[ Multiple arrests have slowed but not stopped Anonymous. Read Anonymous Threatens Gitmo, U.S. Locks Down Wi-Fi. ]

"While he billed himself as fighting for an anarchist cause, in reality, Jeremy Hammond caused personal and financial chaos for individuals whose identities and money he took and for companies whose businesses he decided he didn't like," said Manhattan U.S. Attorney Preet Bharara in a statement. "He was nothing more than a repeat offender cybercriminal who thought that because of his computer savvy he was above the law that binds and protects all of us -- the same law that assured his rights in a court of law and allowed him to decide whether to admit his guilt or assert his innocence."

"Now that I have pleaded guilty it is a relief to be able to say that I did work with Anonymous to hack Stratfor, among other websites," according to a statement released by Hammond on Tuesday. "Those others included military and police equipment suppliers, private intelligence and information security firms, and law enforcement agencies. I did this because I believe people have a right to know what governments and corporations are doing behind closed doors. I did what I believe is right."

Hammond was first charged in a superseding indictment in May 2012. The indictment was prepared using evidence gathered in part through the efforts of the LulzSec leader known as Sabu -- real name: Hector Xavier Monsegur -- who turned informant after being quietly arrested by the FBI in June 2011.

In May 2012, Hammond pleaded not guilty to all of the charges filed against him. If found guilty of all charges filed against him, Hammond faced a potential prison sentence of more than 30 years. That fact, relayed by a judge to Hammond during a Nov. 2012 bail hearing, triggered a sharp debate about sentencing guidelines for computer crimes.

That debate intensified again in January 2013, after activist and Reddit founder Aaron Swartz committed suicide. Swartz downloaded millions of academic articles from the JSTOR academic database, which he ultimately returned to JSTOR and promised to not distribute. But federal prosecutors still charged Swartz with 13 felony violations, including wire fraud, computer fraud, "recklessly damaging" a computer and unauthorized access, which could have seen Swartz serve more than 35 years in prison.

Four other men were named in the May 2012 superseding indictment used to charge Hammond: Ryan Ackroyd (aka Kayla), Jake Davis (aka topiary), Darren Martyn (aka pwnsauce) and Donncha O'Cearrbhail (aka Palladium). The other men were accused of such crimes as hacking the websites of Fox Broadcasting Company, Public Broadcasting Service (PBS) and Sony Pictures Entertainment.

Earlier this month, Ackroyd and Davis pleaded guilty to some related hacking charges filed against them by British authorities, and were respectively sentenced in a London courtroom to 30 months and 24 months in prison. Prosecutors in the United States haven't disclosed whether they'll seek either man's extradition to stand trial on the U.S. charges against them.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jries921
50%
50%
jries921,
User Rank: Apprentice
6/1/2013 | 8:45:34 PM
re: Anonymous Hacker Jeremy Hammond Pleads Guilty
If he really thinks his actions are morally justified, then the sentence is part of the cost which society must impose for violations of law. But perhaps while he's doing his time, he might think of better ways to establish the open society he wants. He might even come to realize that a society in which everybody lives in a glass house and is subject to harassment by whomever decides to take a disliking to him isn't all that great to live in after all.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2004-2771
Published: 2014-12-24
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

CVE-2014-3569
Published: 2014-12-24
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshak...

CVE-2014-4322
Published: 2014-12-24
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or c...

CVE-2014-6132
Published: 2014-12-24
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML vi...

CVE-2014-6153
Published: 2014-12-24
The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.