Jeremy Hammond, the Chicago activist and hacktivist (an activist who uses computer networks for political protests and other actions), was sentenced last week to 10 years in prison and three years of supervised release for hacking into the intelligence contractor Strategic Forcasting (or Stratfor) and other government, law enforcement and military suppliers' websites.
The Stratfor hack resulted in a cache of 5.2 million leaked emails and account information for approximately 860,000 Stratfor subscribers and clients, including information from 60,000 credit cards. To list a few of the many revelations, the emails revealed domestic spying on activists, including Occupy Wall Street; surveillance through persona management programs or fake online personas ("sock puppets"); and attempts to link American activist and journalist Alexa O'Brien to al-Qaeda. The Stratfor hack pullled back the curtain on the ofttimes illegal goings-on in the shadowy world of intelligence contractors.
Mr. Hammond's supervised release includes limited computer access and prohibits him using encryption and from associating with civil disobedience groups. The ban on encryption shows a fundamental misunderstanding of how the Internet works. Encryption is used in nearly every online transaction, such as email, social networking and online banking. The broad ban on freedom of association raises potential Constitutional issues. At the time of his arrest, Mr. Hammond was working under the banner of AntiSec, an offshoot of the hacktivist collective Anonymous.
The packed courtroom looked more like a church wedding than a sentencing, with dozens of Westpoint cadets on a field trip sitting on the left and Mr. Hammond's parents, friends and supporters -- who caravanned from all over the U.S. to show solidarity for their fallen comrade -- sitting on the right. Mr. Hammond, his attorneys, Sarah, Emily and Margaret Kunstler and Susan Kellman faced the stoic Judge Loretta Preska presiding over the solemn ceremony.
On September 10th I visited Jeremy Hammond at Manhattan Correctional Center where he had been incarcerated for 18 months. Mr. Hammond, who was denied bail, was also disallowed all visitors, including family members. I am the first journalist with whom Mr. Hammond met after his arrest in March 2012. This interview was held months before sentencing. At the request of Mr. Hammond's attorneys, who feared his words would be used at sentencing against him, I delayed publishing.
Vivien Lesnik Weisman: You are both a boots on the ground activist and a hacktivist. Can you explain hacktivisim, hacking for political purposes and off line activism?
Jeremy Hammond: Hackers are by nature critical of systems, hacking is activism. The very act of hacking is inherently activist and political.
VLW: How effective is activism without the added thread of technology, or hacktivism, in the modern world? Which is more effective?
JH: Hacking is never going to take the place of grassroots community organizing. They complement each other.
There is more to it of course than hacking. Hacktivism involves online social networking, sharing ideas. Protest is predictable; they know how to contain it. The government knows how to ignore it. Both direct action and civil disobedience are unpredictable. I'm all for it.
I see hacktivism as a direct action tool. Offensive hacking with political intent is really nothing more than one more direct action tool. What you do when you get the information is what determines its efficacy as a direct action tool.
And now because of the state of the world -- foreclosures, the wars -- hackers are becoming politicized. We break into systems and then movements like Occupy deliver the message. It all works together. There is street protest. There is direct action, and hacking is one more tool.
VLW: How did the decision to target the intelligence contractor, Stratfor, come about and what was your involvement?
JH: Another hacker, who has not been indicted and therefore I will not name, brought the vulnerability. He had the credit cards already, before I ever got involved, on the Dec 5th. He chose Stratfor and brought it to us. There were 12 of us in the IRC (chat room) at that time.
Stratfor was chosen by that hacker because Stratfor had targeted Anonymous and specifically #OpCartel (Anonymous action against Mexican drug cartels).
Then the 12 of us in a private IRC channel approved it on the merits, as a meritocracy, the Anon way.
None of the 12 in that chat room that included me and Sabu [hacker leader turned FBI informant] have ever been caught.
Amongst the 12 were not only hackers. Some were social media types who brought attention to the actions.
I did the Stratfor hack all by myself except for the original vulnerability. I was the main hacker in Anti-Sec.
Sabu refers to Hector Xavier Monsegur, hacker and leader of LulzSec, an offshoot of Anonymous. LulzSec was an elite hacker collective that obtained notoriety as much for their high profile targets as for their clever self-promotion. Sabu was arrested by the FBI and began working for them that day. The following day he announced the formation of AntiSec, "the biggest unified collective of hackers in history." Both in private IRC and through his various public Twitter accounts he encouraged hackers to join AntiSec and commit hacking crimes. Many hacktivists and rights organizations see these -- including the Statfor hack -- as government created crimes given that Sabu was working for his FBI handlers at the time he was inciting hackers to join AntiSec. After Sabu was turned, all of his actions can be seen as government actions. In essence, the name Sabu and the government can be used interchangeably in this context.
He is responsible for the arrests of many Anons including Jeremy Hammond.
VLW: Did you ever suspect that Sabu was a Fed (FBI informant) before that became public?
JH: I was in a chat room with 12 hackers. Chances are someone in there was a Fed. I don't work with anyone who has not taken risks alongside me. Sabu had taken risks and hacked himself. Still, I could have done this all on my own. I was the main hacker in Anti-Sec.
VLW: And that hacker who provided the exploits also came with the credit cards? And were the credit cards live?
JH: Yes. The credit cards were live. We all spoke on Dec 6th and planned a coordinated day of action when we would choose charities and use the credit cards to make donations for Christmas to these charities, Christmas donations.
Jeremy Hammond is often referred to as a digital Robin Hood for his participation in LulzXmas. Margaret Ratner Kunstler, Hammond's attorney, clarified that her client did not himself make any donations or use the credit cards. He also did not personally profit from the hacked credit cards.
JH: But our main focus was the emails, to reveal the spying. Stratfor was spying on the world. We revealed the anti-WikiLeaks actions by Stratfor. Stratfor was spying on Occupy Wall Street, WikiLeaks, and Anonymous.
We didn't even know about the Venezuelan coup discussions proving U.S. involvement in the attempted coup until we saw that in the Strafor emails later.
It was all revealed on WikLeaks but I had moved on. I'd rather be hacking.
VLW: There is speculation that the Stratfor hack was designed by the government and carried out by their informant Sabu as an attempt to entrap Julian Assange by getting him to solicit information or even sell him information. Were you aware of such a plan and if so did you make a conscious decision to foil that plan by dumping on the Pirate Bay before the transaction could be completed?
JH: No, that did not happen. Julian Assange and WikiLeaks was not a factor.
In fact, many hacktivists make the claim that the Stratfor hack was designed to entrap Julian Assange. Hammond is not necessarily in a position to know whether that was the case or not.
VLW: Stratfor was notified by the government that they had been penetrated and told to do nothing. Why did they allow Stratfor to be sacrificed?
JH: We do not know to what degree they notified Stratfor. Interesting question, but we don't know.
VLW: Why did the Stratfor hack take so long to complete? And why destroy the servers?
JH: I had to get to the mail servers. It takes time. We always destroy the servers.
First you deface, then you take the information, then you destroy the server, for the Lulz [for fun], and so they can't rebuild the system. We don't want them to rebuild. And to destroy forensic information that could be used to find out who did it and how it was done.
VLW: What are your preferred targets?
JH: My preferred targets are military contractors, military suppliers and law enforcement.
VLW: Intelligence contractors like Stratfor?
JH: Tech intelligence firms are a preferred target. Tech firms -- where white hat hackers are paid to target the 99% for their corporate overlord clients.
Those firms also contain the keys to their corporate clients so there is a big payoff -- Endgame Systems and Palantir, for example.
Endgame Systems is the subject of much discussion. Engame Systems is self-described as providing offensive and defensive vulnerability research, mitigation of cyber-threats and cyber operations platforms. It is in the business of selling "zero day exploits." That is, the vulnerabilities that have not yet been detected. According to a Business Week article, these zero day exploits are militarized and include entire blueprints of the computer systems of airports and other critical infrastructure including that of our western allies for example Paris's Charles De Gaulle Airport. It is difficult to see how the sale of these exploits makes us more secure.
A package of these zero day exploits can be purchased for 2.5 million dollars a year. The price list was revealed in a cache of emails in the HBGary hack, an earlier Anonymous operation. Endgame weaponry is sold by region -- China, the Middle East, Russia, Latin America, and Europe. There are even target packs for European and other allies. That raises the question of whether these exploits are being sold to foreign actors. Even if not sold directly to enemies of the U.S., cyber munitions like conventional arms have a way of showing up in unintended places. Once these exploits are out there they are vulnerable to rouge hackers and rogue states.
JH: White hat hackers are being paid to do supposedly defensive actions but they are offensive. White hat hackers are supposed to identify a vulnerability and then announce. But instead they sell the vulnerability, the exploits. So if you hack for the thrill it's not ok. But for money, like Endgames, then somehow it is. And instead of going to jail for hacking you get awarded a government contract.
At least, the NSA is supposed to -- and that is a big "supposed to" -- have some kind of government oversight and again that's overstated; these government contractors, intel firms and tech firms like Stratfor have no oversight whatsoever. They are not bound by any laws. They are above the law. No FOIA (request for classified or other non-public information from the government under the Freedom Of Information Act) can compel them to reveal what they do. Rogue hackers have better access to vulnerabilities than government hackers.
VLW: That reminds me of The Conscience of a Hacker by the Mentor. Did you read that?
Known as the Hacker Manifesto, it could just be Jeremy Hammond's ethos.
You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like.
My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.
JH: From the 90's? You hate me because I'm better than you are. Yeah, yeah.
VLW: What do you think about the new battlefield, or cyberwarfare?
JH: The government calls it cybersecurity, but it's really offensive hacking not just defensive.
The Department of Defense deals in war and aggression but it is not called Department of War is it? The government calls what they do mitigation of the threat of a cyber offensive. But these are offensive acts. They are acts of war. This is the new terrain. The new battlefield.
The war is on and it's for the Internet. They spy on us, they spy on others, intellectual property rights wars, censorship....
For example, when encryption first came out PGP (Pretty Good Privacy, the first publicly available encryption software) it was called a munition and they immediately tried to ban it.
Encryption is part of our arsenal. It trumps the surveillance state.
As Mr. Hammond was waiting to be handcuffed in order for me to be escorted out of the small room at Manhattan Correctional Center where Mr. Hammond and I had conversed for over 4 hours, I asked him one last question.
VLW: You want to challenge the political system in the US and the world with technology. Is technology your weapon in the same way rifles were weapons in the past? Are you willing to die for your cause?
Handcuffed and standing before me with the guard awaiting my exit he pondered the question. As the guard ushered me out he responded.
JH: Die for my cause? Yes.
Go to prison, die for my cause... or choose to live a life of submission.
Mr. Hammond's bold and principled stand is sure to inspire others to make a similar choice.
This is part one of a two part article.
I am currently working on The Reality Wars, a feature length documentary about the targeting of activists, hacktivists and journalists by the US government and the nexus between intelligence contractors and the surveillance state. Jeremy Hammond and the Stratfor hack are covered in my film.