Search Blog Posts

Saturday, June 7, 2014

FBI Informants using surrogates as hackers

Hey Ma, ain't it wunderful the left de-funded the House Un-American Activities Committee (HUAC)- we wouldn't have these billions if the congress still had Oversight!

How an FBI informant orchestrated the Stratfor hack

By Dell Cameron on June 05, 2014 
Sitting inside a medium-security federal prison in Kentucky, Jeremy Hammond looks defiant and frustrated. 

“[The FBI] could've stopped me,” he told the Daily Dot last month at the Federal Correctional Institution, Manchester. “They could've. They knew about it. They could’ve stopped dozens of sites I was breaking into.”

Hammond is currently serving the remainder of a 10-year prison sentence in part for his role in one of the most high-profile cyberattacks of the early 21st century. His 2011 breach of Strategic Forecasting, Inc. (Stratfor) left tens of thousands of Americans vulnerable to identity theft and irrevocably damaged the Texas-based intelligence firm's global reputation. He was also indicted for his role in the June 2011 hack of an Arizona state law enforcement agency's computer servers.
There's no question of his guilt: Hammond, 29, admittedly hacked into Stratfor’s network and exfiltrated an estimated 60,000 credit card numbers and associated data and millions of emails, information that was later shared with the whistleblower organization WikiLeaks and the hacker collective Anonymous.  

Sealed court documents obtained by the Daily Dot and Motherboard, however, reveal that the attack was instigated and orchestrated not by Hammond, but by an informant, with the full knowledge of the Federal Bureau of Investigation (FBI). 

In addition to directly facilitating the breach, the FBI left Stratfor and its customers—which included defense contractors, police chiefs, and National Security Agency employees—vulnerable to future attacks and fraud, and it requested knowledge of the data theft to be withheld from affected customers. This decision would ultimately allow for millions of dollars in damages.

The documents also confirm the integral role of a shadowy hacker, operating under the handle “Hyrriiya,” who provided key access for the now-infamous attack.
The FBI’s official version of the Stratfor hack, as reported by the New York Times, is that the bureau was made aware of the breach on Dec. 6, 2011, after hackers were already “knee-deep” in confidential files. The FBI claims Hammond informed hacker-turned-informant Hector Xavier Monsegur—also known by the online alias Sabu—of the vulnerability at Stratfor. In turn, the FBI immediately notified the intelligence company, though at that point it was already “too late.” 

During his trial, Hammond claimed that the roles were actually reversed: It was Monsegur—released last week on time served—who first introduced him to an anonymous hacker, now known as Hyrriiya, who “supplied download links to the full credit card database as well as the initial vulnerability access point to Stratfor’s systems." 

“I had never even heard of Stratfor until Sabu brought it to my attention,” Hammond said.

His statement echoed a May 2012 letter ostensibly written by Hyrriiya and provided to Hammond’s legal defense team. “I am stating and admitting, AS FACT, that I was the person who hacked Stratfor,” wrote Hyrriiya, a skilled hacker, who's known primarily for his involvement in hacks of Syrian government websites for Anonymous, two months after Hammond was charged.

Previously, however, no public records have substantiated Hammond’s and Hyrriiya’s claims.

New information, obtained by the Daily Dot and Motherboard in April, not only affirms Hammond's version of events, but also longstanding accusations that federal investigators allowed an informant to repeatedly break computer-crime laws while in pursuit of Hammond and other Anonymous figures. Further, contrary to its prior statements, the FBI, through its surveillance of Monsegur, was aware of a security breach in the network of the private intelligence company well before it was “too late.”

The evidence on which the Daily Dot-Motherboard investigation is based was collected by Monsegur and his FBI monitors during his time as an informant from June 2011 to March 2012. The cache of court documents includes thousands of previously unseen chat logs, surveillance photos, and government documents, all currently sealed under a protective order upheld by a federal judge in the Southern District of New York. 

According to the chat logs, on Dec. 4, 2011, Hyrriiya informed Monsegur that he’d compromised the company’s systems. Monsegur responded, “That’s perfect for #antisec.” (“AntiSec” refers to hacking group that formed in the summer of 2011 as an offshoot of LulzSec, which was cofounded by Monsegur. The term itself comes from the Anti Security Movement of the early 2000s.) 

Hammond was not present during this initial conversation about Stratfor, which took place in an Internet Relay Chat (IRC) room called “#Revolusec.” After Hyrriiya provided Monsegur with the names of several Stratfor clients—Cisco, Monsanto, Microsoft, and Oracle—Monsegur, as Sabu, told Hyrriiya to contact him through private messaging.

These time-stamped chat logs were retained by the FBI for the investigation of Hammond:

Monsegur first learns about the Stratfor breach from Hyrriiya on Dec. 4, in a chatroom called #RevoluSec.
In short order, Hyrriiya promised Monsegur access to Stratfor and delivered the details for eight credit cards from Stratfor's database as further proof that he’d infiltrated its systems. The private data belonged to employees of the National Security Agency (NSA); the North Atlantic Treaty Organization (NATO); the International Association of Chiefs of Police (IACP); and Booz Allen Hamilton, the former employer of NSA whistleblower Edward Snowden; among others. The data included names, credit card numbers, expiration dates, credit card security codes, billing addresses, and other contact information. (Editors’ note: For the purpose of protecting the victims’ identities and financial information, that portion of the conversation has been intentionally withheld from this report.)
Read more>>