Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Anonymous Hacker Jeremy Hammond Pleads Guilty

Hammond faces up to 10 years in prison and $2.5 million restitution for Stratfor, law enforcement hacks committed under the banners of Anonymous, AntiSec and LulzSec.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
A hacktivist with ties to Anonymous, LulzSec and AntiSec has pleaded guilty to hacking charges.

Jeremy Hammond, 28, pleaded guilty Tuesday to one count of conspiracy to engage in computer hacking, for which he'll face up to 10 years in prison. Hammond, who's agreed to pay up to $2.5 million in restitution, is due to be sentenced in September.

As part of his guilty plea, Hammond admitted to masterminding an attack against private intelligence agency Stratfor (aka Strategic Forecasting) in December 2011 that resulted in the compromise of account information for approximately 860,000 Stratfor users. Hammond and his fellow attackers also published emails and stolen data relating to approximately 60,000 credit cards, with which over $700,000 in unauthorized charges were made.

Hammond also admitted to participating in numerous other hack attacks, including the FBI's Virtual Academy (June 2011), the Arizona Department of Public Safety (June 2011), Brooks-Jeffrey Marketing (June 2011), Special Forces Gear (August 2011), Vanguard Defense Industries (August 2011), the Jefferson County Sheriff's Office in Alabama (October 2011), the Boston Police Patrolmen's Association (October 2011) and Combined Systems (February 2012).

[ Multiple arrests have slowed but not stopped Anonymous. Read Anonymous Threatens Gitmo, U.S. Locks Down Wi-Fi. ]

"While he billed himself as fighting for an anarchist cause, in reality, Jeremy Hammond caused personal and financial chaos for individuals whose identities and money he took and for companies whose businesses he decided he didn't like," said Manhattan U.S. Attorney Preet Bharara in a statement. "He was nothing more than a repeat offender cybercriminal who thought that because of his computer savvy he was above the law that binds and protects all of us -- the same law that assured his rights in a court of law and allowed him to decide whether to admit his guilt or assert his innocence."

"Now that I have pleaded guilty it is a relief to be able to say that I did work with Anonymous to hack Stratfor, among other websites," according to a statement released by Hammond on Tuesday. "Those others included military and police equipment suppliers, private intelligence and information security firms, and law enforcement agencies. I did this because I believe people have a right to know what governments and corporations are doing behind closed doors. I did what I believe is right."

Hammond was first charged in a superseding indictment in May 2012. The indictment was prepared using evidence gathered in part through the efforts of the LulzSec leader known as Sabu -- real name: Hector Xavier Monsegur -- who turned informant after being quietly arrested by the FBI in June 2011.

In May 2012, Hammond pleaded not guilty to all of the charges filed against him. If found guilty of all charges filed against him, Hammond faced a potential prison sentence of more than 30 years. That fact, relayed by a judge to Hammond during a Nov. 2012 bail hearing, triggered a sharp debate about sentencing guidelines for computer crimes.

That debate intensified again in January 2013, after activist and Reddit founder Aaron Swartz committed suicide. Swartz downloaded millions of academic articles from the JSTOR academic database, which he ultimately returned to JSTOR and promised to not distribute. But federal prosecutors still charged Swartz with 13 felony violations, including wire fraud, computer fraud, "recklessly damaging" a computer and unauthorized access, which could have seen Swartz serve more than 35 years in prison.

Four other men were named in the May 2012 superseding indictment used to charge Hammond: Ryan Ackroyd (aka Kayla), Jake Davis (aka topiary), Darren Martyn (aka pwnsauce) and Donncha O'Cearrbhail (aka Palladium). The other men were accused of such crimes as hacking the websites of Fox Broadcasting Company, Public Broadcasting Service (PBS) and Sony Pictures Entertainment.

Earlier this month, Ackroyd and Davis pleaded guilty to some related hacking charges filed against them by British authorities, and were respectively sentenced in a London courtroom to 30 months and 24 months in prison. Prosecutors in the United States haven't disclosed whether they'll seek either man's extradition to stand trial on the U.S. charges against them.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jries921
50%
50%
jries921,
User Rank: Ninja
6/1/2013 | 8:45:34 PM
re: Anonymous Hacker Jeremy Hammond Pleads Guilty
If he really thinks his actions are morally justified, then the sentence is part of the cost which society must impose for violations of law. But perhaps while he's doing his time, he might think of better ways to establish the open society he wants. He might even come to realize that a society in which everybody lives in a glass house and is subject to harassment by whomever decides to take a disliking to him isn't all that great to live in after all.
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32823
PUBLISHED: 2021-06-24
In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with &lt...
CVE-2021-35041
PUBLISHED: 2021-06-24
The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainabl...
CVE-2021-2322
PUBLISHED: 2021-06-23
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 ...
CVE-2021-20019
PUBLISHED: 2021-06-23
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
CVE-2021-21809
PUBLISHED: 2021-06-23
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.