Imprisoned hacktivist Jeremy Alexander Hammond, a former WikiLeaks source once regarded as the FBI’s most-wanted cybercriminal, has been called to testify before a federal grand jury in the Eastern District of Virginia, Gizmodo has learned.
On Saturday, the Jeremy Hammond Support Committee announced that the 34-year-old Chicago hacker had been transferred from his medium-security prison in Memphis, Tennessee, to a federal transfer center in Oklahoma City. But on Tuesday he arrived in Virginia, where he’s expected to be questioned before a grand jury regarding his past ties with WikiLeaks, the anti-secrecy organization whose founder, Julian Assange, currently faces a slew of federal charges, including several under the Espionage Act.
“Given the secrecy of grand jury proceedings, we don’t know the nature or scope of the grand jury’s investigation. However, our assumption is that this is the same grand jury that Chelsea Manning is currently being incarcerated for refusing to testify before,” his supporters said in a statement.
Hammond’s transfer and potential testimony, which supporters say he’s unlikely to give, raises new questions about the scope of the government’s criminal case against WikiLeaks. The charges against Assange have thus far been limited to events linked to the release of classified U.S. government documents provided by former Army intelligence analyst Chelsea Manning, who has herself being held in a Virginia jail for refusing to give a grand jury her testimony.
In November, Gizmodo reported that WikiLeaks had provided Hammond and his AntiSec hacking crew with access to a custom search engine tool in early 2012 in an effort to aid the hackers in rifling through a batch of more than 5 million emails, which AntiSec had plundered from the servers of a private intelligence firm the month before. That year, WikiLeaks would begin publishing and sharing with its worldwide media partners the same tranche of emails, which it named the “Global Intelligence Files.”
An anarchist who waged cyberwar against police departments, private security firms, and other institutions he deemed symbols of tyranny and social control, Hammond pleaded guilty in 2013 to attacking Stratfor, the global intelligence firm based in Austin, Texas. Among Stratfor’s clients at the time were the Departments of Homeland Security and Defense, employees of the National Security Agency, countless police agency heads, and, among other notable figures, former Secretary of State Henry Kissinger.
After stealing some 60,000 credit cards from the company, Hammond and his “revolutionary comrades” carried out what they called an “act of loving egalitarian criminality,” using the cards to donate tens of thousands of dollars to charities, prisoner support groups, and digital rights organizations, including the Electronic Frontier Foundation, Greenpeace, and the American Red Cross. The hackers’ eventually totaled more than $700,000 in fraudulent charges, according to one FBI estimate.
To his downfall, Hammond counted among his closest comrades in arms, unknowingly, an informant for the FBI, whose every conversation with him online—including many instigating criminal acts—was closely monitored by federal agents in the bureau’s Manhattan field office.
“Jeremy pled guilty to put an end to the case against him,” his supporters said. “He pled guilty because he had no interest in cooperating with the government. He was sentenced to 10 years—the maximum allowed under his plea agreement—and has been serving his time, counting down to the day that he will finally be free. That day was supposed to come in mid-December of 2019.”
Hammond, his supporters say, has been voluntarily enrolled in an intensive substance abuse program known as RDAP, which studies have found, according to the Bureau of Prisons, to reduce drug relapse and recidivism in prisoners. Those who successfully complete the program are eligible for a 12-month reduction of their sentence. His legal team now believes, however, that because he was called to testify in Virginia, he is no longer eligible for early release, flushing months of hard work down the drain.
“The government’s effort to try to compel Jeremy to testify is punitive and mean-spirited,” his supporters said, adding: “In bringing him against his will to the Eastern District of Virginia, the government has put an end to his participation in the RDAP drug program, effectively adding a year to his sentence.”
Under the flag of Anonymous, Hammond and his team spent most of 2011 laying waste to government websites, with a particular focus on law enforcement. While the group’s chosen name, AntiSec, was derived from the anti-security movement founded over a decade before, in reality, they had little in common with the movement, the chief focus of which was waging war on the security industry. Hammond’s AntiSec was instead primarily virulent towards capitalists, prisons, and police.
Unlike LulzSec and most of the other groups who had claimed the Anonymous name for their own, AntiSec, like Hammond, who had once placed on a terrorist watchlist, was purely anarchistic.
Citing coordinated crackdowns on Occupy Wall Street protesters in 2011, AntiSec pilfered the emails, passwords, and credit card information of the New York State Association of Chiefs of Police and the California Statewide Law Enforcement Association. They also attacked what Hammond called the police “supply chain,” breaking into the website of a military and law enforcement equipment supplier and then gleefully publishing the home addresses of thousands of its military and police customers.
“While we attacked the institutions of capitalism, it would only make sense to attack those who enforce it, the inherently oppressive protectors of property and purveyors of social control; the pigs, the fuzz... the police,” Hammond wrote in a press release announcing the attacks.
In another post touting the defacement and destruction of some 70 law enforcement websites, which had been carried out in the names of Anonymous hackers arrested by police, AntiSec wrote: “We have no sympathy for any of the officers or informants who may be endangered by the release of their personal information.” For too long, the hackers said, police had spied on them and abused their own personal information. “Retribution,” the hackers declared, “was at hand.”
Prior to breaking away from the mostly Britain-based hackers who merely did hacks “for the lulz,” AntiSec published private emails, addresses, and passwords belonging to the Arizona Department of Public Safety. In a statement titled “Chinga La Migra” (fuck immigration enforcement), AntiSec cited as justification SB 1070, an Arizona law that made it a misdemeanor for legal immigrants to be caught without a government ID card.
The ASCII art that accompanied the post, released in the name of LulzSec (even though its core members were not directly involved) included a crudely drawn assault rifle with the phrase “off the pigs” written on the stock.
While under interrogation by British police the following month, one core LulzSec member would tell two detectives that he thought the attack “was too extreme.” The cops played dumb. “What does it mean, sorry?” one asked.
It means, the underage hacker said while explaining he’d had to Google the phrase himself, “Kill the police.”
In early March 2012, the week of Hammond’s arrest, the FBI began to paint a picture for the press of how the Stratfor hack went down. It rarely resembled reality.
In a story titled “Inside the Stratfor Attack,” a New York Times reporter labeled as “conspiracy theorists” anyone who believed the FBI had simply allowed the attack to occur. The story included a timeline offered by FBI officials that suggested Hammond had first hacked Stratfor and then notified one of the bureau’s informants, Hector Monsegur, a 28-year-old foster parent living in Manhattan’s Alphabet City neighborhood who hacked under the handle Sabu.
The FBI, the Times reported, had not learned of the breach until Dec. 6, 2011, “after the hackers had already infiltrated the company’s network.” But FBI surveillance records leaked to journalists in 2014 told a radically different story.
The files, which remain under seal at the time of writing, revealed that Monsegur had been informed that Stratfor was already compromised two days earlier, on Dec. 4, when another hacker—whom the FBI has yet to charge or even publicly acknowledge—provided him with stolen credit cards belonging to several Stratfor customers. The list included employees of the North Atlantic Treaty Organization (NATO), the defense contractor Raytheon, and the U.S. National Security Agency (NSA), among others.
“[W]e would love to penetrate their users/network for #antisec,” Monsegur told the hacker, who went by the handle Hyrriiya, “definitely get me details so I can begin working ;)“
Hammond would not learn about the breach for a full day, records reveal. On Dec. 5, he was pinged by Monsegur, who showed him the stolen credit card data and said another hacker had offered AntiSec “complete control” of a “big intelligence company.” Within a few hours, Monsegur introduced Hammond to Hyrriiya, warning both not to discuss the attack outside a single private room. The FBI was recording everything.
The notion that the FBI was not aware of the events would contradict its claims about its monitoring made later in federal court. Monsegur’s relationship with the bureau was even described by the judge overseeing the case as “virtual around-the-clock cooperation where Mr. Monsegur was sitting with agents.” His own attorney said the FBI was tracking “everything he typed with a key-logging program.” A camera was installed in his home.
The FBI would have had reason to exclude much of this timeline back when it granted interviews to handpicked reporters about the case. Even informants permitted to engage in criminal activity under the Attorney General’s guidelines are forbidden to “initiate or instigate a plan or strategy to commit a federal, state, or local offense.”
Before Hammond was sentenced, logs of the conversations showing he’d been prompted to attack Stratfor were handed over to his defense team. But rather than fight the case, and face potentially 30 years in prison, he agreed to a deal limiting his sentence to 10 years instead.
“Now that I have pleaded guilty it is a relief to be able to say that I did work with Anonymous to hack Stratfor, among other websites,” he said after entering a guilty plea in May 2013. “Those others included military and police equipment suppliers, private intelligence and information security firms, and law enforcement agencies. I did this because I believe people have a right to know what governments and corporations are doing behind closed doors. I did what I believe is right.”
About a year before, a letter had surfaced to Hammond’s attorneys signed by someone named Hyrriiya. “I am stating and admitting, AS FACT,” it said, “that I was the person who hacked Stratfor.” The letter also pointed to specific private conversations that occurred between Hyrriiya and Monsegur that could not have been known by anyone else—other than, perhaps, the FBI. Reporters with access to leaked FBI surveillance records have since assessed with high confidence the letter is real.
A leaked confidential forensics report would later show that Stratfor was at least partly to blame for the disaster (or at least would be in the post-Equifax era in which corporations are scrutinized over flawed security practices). The investigation, conducted by a Verizon security team, found that Stratfor had failed to implement proper controls over vital systems, which were not protected by a firewall and lacked proper file integrity-monitoring. The report explicitly states that “several distinct vulnerabilities and network configurations existed” enabling the hackers to easily slip in.
Stratfor’s network was “wide open.” In fact, attaining root access to its servers was so easy it didn’t require a password. A leaked internal memo would later calculate the total cost of the breach at $3.78 million, some of which Texas journalist Barrett Brown was later ordered to pay in the form of restitution, even though he had no part in the attack.
FBI surveillance records reveal much about the nature of WikiLeaks’ involvement in the Stratfor attack, all of it occurring well after the fact. AntiSec members, including Hammond and Monsegur, both claimed at different times to be in contact with Assange—or, at least, a person whom they believed to be him. It’s impossible to know for certain the identity of the person with whom they were corresponding. (At one point, the hackers even thought that maybe they were talking to Assange while he was pretending to be someone else.)
Nevertheless, the FBI-captured conversations indicate that WikiLeaks did not formally request access to the emails until after AntiSec had gone public about the attack on Dec. 25, 2011, a day the hacking group referred to as “LulzXMas.”
On Dec. 26 of that year, as AntiSec released some 30,000 Stratfor credit cards to the public, Monsegur informed Hammond that Assange had reached out. “I think wikileaks wants the emails,” he said. “JA says he wants to look at emails first, see if they can do something with it,” he added. “[I]f the mails are in fact juicy to the point wikileaks will accept it then its a wrap.”
Being a part of a major WikiLeaks release, Hammond believed, would be “groundbreaking.”
Close to midnight on Dec. 29, Hammond announced that Assange was “almost done copying the files.” Other hackers in the chatroom, most of whom had been tasked with running up fraudulent charges with credit cards stolen from Stratfor, were warned to keep the partnership under wraps. Hammond wondered aloud: “I wonder how criminally liable JA and folks could be by admitting having received hacked stolen and controversial files from us.”
Another hacker replied, “Well, NPR wanted them.”
Two weeks later, Hammond reported that he was back in contact with Assange. The hackers were growing restless and wondered when their partnership with WikiLeaks would be announced.
“[H]e gave me access to a search engine script for these [S]tratfor emails,” Hammond said. Asked whether the script worked, Hammond said it was “pretty primitive but it works,” adding that “JA” had also offered to share access with anyone on AntiSec’s team, and that he’d asked WikiLeaks to give Monsegur access. Monsegur, meanwhile, was also secretly hosting the emails on an FBI server.
“Just wait for him to hit me up,” Monsegur said back, “these wikileaks are bitches about things. they asked me to hack [the] icelandic government. I did it and they stopped talking to me.”
“I felt like a whore,” he said.