Accused LulzSec Member Pleads Not Guilty

Alleged LulzSec lieutenant accused of masterminding Stratfor hack, along with numerous other charges. Jeremy Hammond, a.k.a. Anarchaos, served prison time for previous hacking incident.
Alleged LulzSec lieutenant Jeremy Hammond, 27, who's been indicted on computer hacking and other charges, entered a not guilty plea Monday in a New York federal courtroom.

Hammond also entered no bail request at his arraignment, reported AP. He's been held at a Manhattan lockup since his arrest in early March and an initial court hearing in Chicago. He's next due to appear in court on July 23, 2012.

A federal indictment revised earlier this month accused Chicago-based Hammond (a.k.a. Anarchaos, burn, POW, ghost, and anarchaker, among other aliases) of being involved in numerous exploits. Those include hacks of the websites of the Arizona Department of Public Safety (DPS) and global intelligence firm Stratfor (a.k.a. Strategic Forecasting), and other attacks that were launched under the banner of Internet Feds, Anonymous, LulzSec, and AntiSec.

[ Not surprisingly, cybercrime is on the rise. See ID Theft, Online Fraud Rose Slightly In 2011. ]

The federal indictment also charged four other men--Ryan Ackroyd (a.k.a. kayla, lol, lolspoon), Jake Davis (a.k.a. topiary, atopiary), Darren Martyn (a.k.a. pwnsauce, raepsauce, networkkitten), and Donncha O'Cearrbhail (a.k.a. Palladium) with having participated in hacking attacks against InfraGard Atlanta, the Fox Broadcasting Company's X-Factor participant database, Sony Pictures Entertainment, HBGary Federal, and the Public Broadcasting Service (PBS), among other sites.

Federal prosecutors have accused Hammond of masterminding the Stratfor exploits, which were carried out between December 2011 and March 2012 and involved the theft of credit card data. The criminal complaint also charged Hammond and multiple co-conspirators with using "some of the stolen credit card data to make at least $700,000 worth of unauthorized charges" and publicly disclosing confidential information, including Stratfor employees' emails and its customers' names, email addresses, and credit card numbers.

According to the indictment, Hammond exchanged chat messages with two unnamed co-conspirators on December 26, 2011, in which he boasted of decrypting 4,500 Stratfor clients' passwords and they "discussed exploiting credit card information that had been stolen from Stratfor's computer servers."

According to the court documents, unnamed co-conspirators of Hammond uploaded the stolen Stratfor data "onto a server located in the Southern District of New York." Authorities have said that admitted Lulzsec Leader Hector Xavier Monsegur (a.k.a. Sabu), who was arrested in June 2011 and was working as a government informant at the time of the Stratfor hacks, had provided the server onto which the exfiltrated Stratfor data was copied.

Hammond's supporters have created a website,, seeking donations to help Hammond, who they've dubbed a "crusader for information liberation and WikiLeaks."

Hammond's defense attorney, Jim Fennerty, told AP that his client is an activist who's protested neo-Nazi groups. He also opposes Chicago's bid to host the 2016 Olympics, saying that it would disadvantage low-income residents. Hammond has been arrested numerous times on disorderly conduct and property damage charges--all related to protests--and for marijuana possession.

By many accounts, Hammond is a skilled programmer and penetration tester. Hammond has said that he began programming video games in QBasic at the age of nine, and after graduating high school, created, which is billed as "a free, safe and legal training ground for hackers to test and expand their hacking skills."

Hammond's March arrest wasn't his first brush with authorities investigating hack attacks. In 2005, the Chicago Reader reported that Hammond, then 20 years old and a self-described "hacktivist," had been accused of hacking into ProtestWarrior, a politically conservative website with the tagline "Fighting the left ... doing it right." His alleged goal was to prank the website by obtaining donors' credit card numbers, then using them to make donations to more left-leaning organizations, including the American Civil Liberties Union and the Communist Party USA. Hammond ultimately served two years in prison and a three-year probation. Under the terms of his probation, he was prohibited from being a part of activist or hacking groups until 2011.

Put an end to insider theft and accidental data disclosure with network and host controls--and don't forget to keep employees on their toes. Also in the new, all-digital Stop Data Leaks issue of Dark Reading: Why security must be everyone's concern, and lessons learned from the Global Payments breach. (Free registration required.)