Tag Archives: hacktivists

The U.S. Punishment for Civil Disobedience and Direct Action: the Jeremy Hammond case

Jeremy Hammond Left with his twin brother.  Image from wikipedia

Cyber-activist Jeremy Hammond was sentenced to 10 years in federal prison on November 15, 2013 by Judge Loretta A. Preska in a federal courtroom in lower Manhattan for hacking the private intelligence firm Stratfor. When released, Hammond will be placed under supervised control, the terms of which include a prohibition on encryption or attempting to anonymize his identity online.Hammond has shown a “total lack of respect for the law,” Judge Preska said in her ruling, citing Hammond’s criminal record – which includes a felony conviction for hacking from when he was 19 – and what she called “unrepentant recidivism.” There is a “desperate need to promote respect for the law,” she said, as well as a “need for adequate public deterrence.”

Prior to the verdict, [Hammond] read from a prepared statement and said it was time for him to step away from hacking as a form of activism, but recognized that tactic’s continuing importance. “Those in power do not want the truth exposed,” Hammond said from the podium, wearing black prison garb. He later stated that the injustices he has fought against “cannot be cured by reform, but by civil disobedience and direct action.” He spoke out against capitalism and a wide range of other social ills, including mass incarceration and crackdowns on protest movements.

The Stratfor hack exposed previously unknown corporate spying on activists and organizers, including PETA and the Yes Men, and was largely constructed by the FBI using an informant named Hector Monsegur, better known by his online alias Sabu. Co-defendants in the U.K. were previously sentenced to relatively lighter terms. Citing Hammond’s record, Judge Preska said “there will not be any unwarranted sentencing disparity” between her ruling and the U.K. court’s decision.

Hammond’s supporters and attorneys had previously called on Judge Preska to recuse herself following the discovery that her husband was a victim of the hack she was charged with ruling on. That motion was denied….Hammond’s defense team repeatedly stressed that their client was motivated by charitable intentions, a fact they said was reflected in his off-line life as well. Hammond has previously volunteered at Chicago soup kitchens, and has tutored fellow inmates in GED training during his incarceration.

Rosemary Nidiry, speaking for the prosecution, painted a picture of a malicious criminal motivated by a desire to create “maximum mayhem,” a phrase Hammond used in a chat log to describe what he hoped would come from the Stratfor hack. Thousands of private credit card numbers were released as a result of the Stratfor hack, which the government argued served no public good.

Sarah Kunstler, a defense attorney for Hammond, takes issue with both the prosecution and judge’s emphasis on the phrase “maximum mayhem” to the exclusion of Hammond’s broader philosophy shows an incomplete picture. “Political change can be disruptive and destructive,” Kunstler says. “That those words exclude political action is inaccurate.”

Many supporters see Hammond’s case as part of a broader trend of the government seeking what they say are disproportionately long sentences for acts that are better understood as civil disobedience than rampant criminality. Aaron Swartz, who faced prosecution under the Computer Fraud and Abuse Act – the same statute used to prosecute Hammond – took his own life last year, after facing possible decades in prison for downloading academic journals from an MIT server. “The tech industry promised open access and democratization,” says Roy Singham, Swartz’s old boss and executive chairman of ThoughtWorks, a software company that advocates for social justice. “What we’ve given the world is surveillance and spying.” Singham says it’s “shameful” that “titans of the tech world” have not supported Hammond.

Following his first conviction for hacking, Hammond said, he struggled with returning to that life, but felt it was his responsibility. That decision ultimately lead to the Stratfor hack. “I had to ask myself, if Chelsea Manning fell into the abysmal nightmare of prison fighting for the truth, could I in good conscience do any less, if I was able?” he said, addressing the court. “I thought the best way to demonstrate solidarity was to continue the work of exposing and confronting corruption.”

Cyber-Activist Jeremy Hammond Sentenced to 10 Years In Prison, Rolling Stone, Nov. 15, 2013

How to Get Rid of Hacktivists: the approach of the United States

operation payback tweet

Thirteen members of a hacking collective that calls itself Anonymous were indicted on Thursday (October 3, 2013) on charges that they conspired to coordinate attacks against prominent Web sites.The 13 are accused of bringing down at least six Web sites, including those belonging to the Recording Industry Association of America, Visa and MasterCard.  The attacks caused “significant damage to the victims,” the indictment said.

The attacks, carried out from September 2010 to January 2011, were part of campaign called Operation Payback, which started as an effort to support file-sharing sites but later rallied around WikiLeaks and its founder, Julian Assange.  Hackers took down the sites by inflicting a denial of service, or DDoS, attack, in which they fired Web traffic at a site until it collapsed under the load. Though the indictment mentions 13 hackers, thousands more participated in the attack by clicking on Web links that temporarily turned their computers into a digital fire hose aimed [at the websites of the companies].

According to the indictment, which was handed up at Federal District Court in Alexandria, Va., the hackers’ tool of choice was a simple open-source application known as Low Orbit Ion Cannon, which requires very little technical know-how.  Hackers simply posted a Web link online that allowed volunteers to download an application that turned their computer into a “botnet,” or network of computers, that flooded targets like Visa.com and MasterCard.com with traffic until they crashed…

By BRIAN X. CHEN and NICOLE PERLROT, U.S. Accuses 13 Hackers in Web Attacks, New York Times, October 3, 2013

Excerpt from indictment

“In connection with planning various DDoS cyber-attacks, members of the conspiracy posted fliers captioned “OPERATION PAYBACK” and claimed that: “We sick and tired of these corporations seeking to control the internet in their pursuit of profit. Anonymous cannot sit by and do nothing while these organizations stifle the spread of ideas and attack those who wish to exercise their rights to share with others.”

PDF of Indictment on Scribd

Persecuting Hackers in the United States: the case of Barrett Brown

Truth-Warner-Highsmith

A federal court in Dallas, Texas has imposed a gag order on the jailed activist-journalist Barrett Brown [pdf] and his legal team that prevents them from talking to the media about his prosecution in which he faces up to 100 years in prison for alleged offences relating to his work exposing online surveillance.

The court order, imposed by the district court for the northern district of Texas at the request of the US government, prohibits the defendant and his defence team, as well as prosecutors, from making “any statement to members of any television, radio, newspaper, magazine, internet (including, but not limited to, bloggers), or other media organization about this case, other than matters of public interest.”  It goes on to warn Brown and his lawyers that “no person covered by this order shall circumvent its effect by actions that indirectly, but deliberately, bring about a violation of this order”…

But media observers seen the hearing in the opposite light: as the latest in a succession of prosecutorial moves under the Obama administration to crack-down on investigative journalism, official leaking, hacking and online activism.Brown’s lead defence attorney, Ahmed Ghappour, has countered in court filings, the most recent of which was lodged with the court Wednesday, that the government’s request for a gag order is unfounded as it is based on false accusations and misrepresentations.

The lawyer says the gagging order is a breach of Brown’s first amendment rights as an author who continues to write from his prison cell on issues unconnected to his own case for the Guardian and other media outlets.In his memo to the court for today’s hearing, Ghappour writes that Brown’s July article for the Guardian “contains no statements whatsoever about this trial, the charges underlying the indictment, the alleged acts underlying the three indictments against Mr Brown, or even facts arguably related to this prosecution.”

Brown, 32, was arrested in Dallas on 12 September last year and has been in prison ever since, charged with 17 counts that include threatening a federal agent, concealing evidence and disseminating stolen information. He faces a possible maximum sentence of 100 years in custody.  Before his arrest, Brown became known as a specialist writer on the US government’s use of private military contractors and cybersecurity firms to conduct online snooping on the public. He was regularly quoted by the media as an expert on Anonymous, the loose affiliation of hackers that caused headaches for the US government and several corporate giants, and was frequently referred to as the group’s spokesperson, though he says the connection was overblown.

In 2011, through the research site he set up called Project PM, he investigated thousands of emails that had been hacked by Anonymous from the computer system of a private security firm, HB Gary Federal. His work helped to reveal that the firm had proposed a dark arts effort to besmirch the reputations of WikiLeaks supporters and prominent liberal journalists and activists including the Guardian’s Glenn Greenwald.

In 2012, Brown similarly pored over millions of emails hacked by Anonymous from the private intelligence company Stratfor. It was during his work on the Stratfor hack that Brown committed his most serious offence, according to US prosecutors – he posted a link in a chat room that connected users to Stratfor documents that had been released online. The released documents included a list of email addresses and credit card numbers belonging to Stratfor subscribers. For posting that link, Brown is accused of disseminating stolen information – a charge with media commentators have warned criminalises the very act of linking.

As Geoffrey King, Internet Advocacy Coordinator for the Committee to Protect Journalists, has put it, the Barrett Brown case “could criminalize the routine journalistic practice of linking to documents publicly available on the internet, which would seem to be protected by the first amendment to the US constitution under current doctrine”.

Excerpt, Ed Pilkington, US stops jailed activist Barrett Brown from discussing leaks prosecution, Guardian, Sept. 4, 2014

See also Persecuting the Hactivists

How the United States is Persecuting the Hacktivists

hacktivism

The government is treating hackers who try to make a political point as serious threats.   [T]he state has come down on them with remarkable force. This is in large measure evidence of how poignant, and troubling, their message has been.

Hacktivists, roughly speaking, are individuals who redeploy and repurpose technology for social causes. In this sense they are different from garden-variety hackers out to enrich only themselves. People like Steve Jobs, Steve Wozniak and Bill Gates began their careers as hackers — they repurposed technology, but without any particular political agenda. In the case of Mr. Jobs and Mr. Wozniak, they built and sold “blue boxes,” devices that allowed users to defraud the phone company. Today, of course, these people are establishment heroes, and the contrast between their almost exalted state and the scorn being heaped upon hacktivists is instructive.

For some reason, it seems that the government considers hackers who are out to line their pockets less of a threat than those who are trying to make a political point. Consider the case of Andrew Auernheimer, better known as “Weev.” When Weev discovered in 2010 that AT&T had left private information about its customers vulnerable on the Internet, he and a colleague wrote a script to access it. Technically, he did not “hack” anything; he merely executed a simple version of what Google Web crawlers do every second of every day — sequentially walk through public URLs and extract the content. When he got the information (the e-mail addresses of 114,000 iPad users, including Mayor Michael Bloomberg and Rahm Emanuel, then the White House chief of staff), Weev did not try to profit from it; he notified the blog Gawker of the security hole.  For this service Weev might have asked for free dinners for life, but instead he was recently sentenced to 41 months in prison and ordered to pay a fine of more than $73,000 in damages to AT&T to cover the cost of notifying its customers of its own security failure.  When the federal judge Susan Wigenton sentenced Weev on March 18, she described him with prose that could have been lifted from the prosecutor Meletus in Plato’s “Apology.” “You consider yourself a hero of sorts,” she said, and noted that Weev’s “special skills” in computer coding called for a more draconian sentence. I was reminded of a line from an essay written in 1986 by a hacker called the Mentor: “My crime is that of outsmarting you, something that you will never forgive me for.”  When offered the chance to speak, Weev, like Socrates, did not back down: “I don’t come here today to ask for forgiveness. I’m here to tell this court, if it has any foresight at all, that it should be thinking about what it can do to make amends to me for the harm and the violence that has been inflicted upon my life.”  He then went on to heap scorn upon the law being used to put him away — the Computer Fraud and Abuse Act, the same law that prosecutors used to go after the 26-year-old Internet activist Aaron Swartz, who committed suicide in January.  The law, as interpreted by the prosecutors, makes it a felony to use a computer system for “unintended” applications, or even violate a terms-of-service agreement. That would theoretically make a felon out of anyone who lied about their age or weight on Match.com.

The case of Weev is not an isolated one. Barrett Brown, a journalist who had achieved some level of notoriety as the “the former unofficial not-spokesman for Anonymous,” the hacktivist group, now sits in federal custody in Texas. Mr. Brown came under the scrutiny of the authorities when he began poring over documents that had been released in the hack of two private security companies, HBGary Federal and Stratfor. Mr. Brown did not take part in the hacks, but he did become obsessed with the contents that emerged from them — in particular the extracted documents showed that private security contractors were being hired by the United States government to develop strategies for undermining protesters and journalists, including Glenn Greenwald, a columnist for Salon. Since the cache was enormous, Mr. Brown thought he might crowdsource the effort and copied and pasted the URL from an Anonymous chat server to a Web site called Project PM, which was under his control…..

Other hacktivists have felt the force of the United States government in recent months, and all reflect an alarming contrast between the severity of the punishment and the flimsiness of the actual charges. The case of Aaron Swartz has been well documented. Jeremy Hammond, who reportedly played a direct role in the Stratfor and HBGary hacks, has been in jail for more than a year awaiting trial. Mercedes Haefer, a journalism student at the University of Nevada, Las Vegas, faces charges for hosting an Internet Relay Chat channel where an Anonymous denial of service attack was planned. Most recently, Matthew Keys, a 26-year-old social-media editor at Reuters, who allegedly assisted hackers associated with Anonymous (who reportedly then made a prank change to a Los Angeles Times headline), was indicted on federal charges that could result in more than $750,000 in fines and prison time, inciting a new outcry against the law and its overly harsh enforcement. The list goes on.

In a world in which nearly everyone is technically a felon, we rely on the good judgment of prosecutors to decide who should be targets and how hard the law should come down on them. We have thus entered a legal reality not so different from that faced by Socrates when the Thirty Tyrants ruled Athens, and it is a dangerous one. When everyone is guilty of something, those most harshly prosecuted tend to be the ones that are challenging the established order, poking fun at the authorities, speaking truth to power — in other words, the gadflies of our society.

Excerpts, By PETER LUDLOW, Hacktivists as Gadflies, NY Times, April 13, 2013

Not Anonymous Anymore, internet and the street

The rise of groups of geeks and hackers organized — however loosely — around a political agenda is a fairly new phenomenon, experts say. And combining such activism with more traditional forms of protest is perhaps a natural evolution.  “One of the big errors of our time is believing that what happens online is separate from what happens offline,” says Paul Levinson, author of New New Media and professor of communications and media studies at Fordham University in New York.  He says there’s a long tradition of disrupting the activities of the establishment to make a point, and that Anonymous is drawing on that tradition on multiple fronts.

What Anonymous has done by joining its online and offline presence comes out of the flash-mob craze that started in 2003, says Virag Molnar, a sociology professor at the New School for Liberal Arts in New York.  “We’ve seen a huge evolution in the purposes that flash mobs have been used,” she says. “Some can be used for progressive purposes, but they can also be used for rioting, hooliganism or gang activity.”Flash mobs set up via Twitter and Facebook have appeared at BP gas stations to demonstrate against the company’s handling of the Gulf oil spill. In Switzerland, Greenpeace organized a flash mob in which more than 100 people pretended to drop dead to protest nuclear power.  Social media tools also were linked to riots this summer in Vancouver and across Britain.

Anonymous claimed responsibility last month for hacking into some 70 law enforcement websites, garnering “a massive amount of confidential information,” including emails and credit card numbers. The move was in retaliation for the FBI arrest of 16 suspects for their alleged involvement in the PayPal denial of service attack…

History of Anonymous operations:

2006: The loosely organized collective carries out some of its first major acts of online mayhem, including a distributed denial of service [DDoS] attack that disables the website of radio host Hal Turner, known for racially charged remarks.

2008: Anonymous launches Project Chanology in retaliation for the Church of Scientology’s demand that YouTube remove a church video interview of actor and Scientologist Tom Cruise. In addition to launching DDoS attacks against Scientology websites, followers wearing masks of Guy Fawkes turn out for street protests at church centers mostly in the U.S. and Europe.

2009: Following the Iranian presidential election, with its widespread accusations of vote-rigging, Anonymous launches a website supporting the Iranian Green Party with the aim of skirting official censorship.

2010: Anonymous launches a DDoS attack against Australian government websites in retaliation for Canberra’s plan to implement anti-child-pornography Internet filtering software.  The group launches Operation Payback in support of WikiLeaks and its embattled chief, Julian Assange. Denial of service attacks hit the websites of PayPal, MasterCard, Visa and Amazon.

2011: Anonymous launches various operations in support of the Arab Spring, including denial of service attacks and hacks against government websites in Tunisia, Egypt, Bahrain, Jordon and Morocco.

Operation BART draws followers into San Francisco train stations to protest the Bay Area Rapid Transit system’s decision to shut down cell phone service on the trains in an effort to quash an anti-police protest. Anonymous also hacks a BART website.

It has also spawned splinter groups such as Lulz Security (recently disbanded) and the Anti-Security Movement (still active) that have gone on to launch their own hacktivist attacks.   As the group’s name suggests, anonymity — particularly the kind that can be found in cyberspace — is important to many of its followers. Giving it up doesn’t come lightly. Members typically show up at protests sporting a mask in the likeness of the 16th century English radical Guy Fawkes.   Many Anons are in their 20s and 30s, but a few are in their 60s — the “grandfathers” of the movement….”  There is a sort of across-the-board free-speech sensibility that many Anons share, which many geeks and hackers share,” she says. “The libertarian label, though, ends at, ‘We believe in free speech.’ ”   While free speech and anti-censorship is a key part of the group’s ideology, there’s also a definite leftist and anti-capitalist strain in some Anons. “Beyond that,” she says, “it’s a pretty diverse lot.”…

Excerpt, Scott Neuman, Anonymous Comes Out In The Open, NPR, Sept. 16, 2011

Lutz Security and Lack of Transparency: the AntiSec Movement

Only a little more than a month and a half ago, the merry pranksters of Lulz Security began their quest to wreak havoc on the computer systems of the world, all in the name of lulz. Today, that anarchic campaign has come to an abrupt end. The group announced via a statement posted to Pastebin that it will permanently disband, dropping the Lulz Boat anchor for good. As a parting gift, LulzSec also released a trove of data stolen from companies like AOL and AT&T, evidence that the group hacked the website of the US Navy, plus a variety of other illicit goodies.

“For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could,” writes LulzSec. “All to selflessly entertain others – vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy.”

The group confirmed its retirement on the LulzSec Twitter feed, which managed to amass 277,540 followers during its short stint online.

During its 50-day reign of digital terror, LulzSec hacked PBS.org, a variety of websites owned by Sony, Nintendo, FBI affiliate Infragard Atlanta, 50+ porn sites, Bethesda software, 4Chan.org, CIA.gov, Senate.gov and a variety of law enforcement agencies in Arizona….

While the group says that the brief duration of its existence was planned from the beginning, some have already begun to argue that the pressure on LulzSec simply became too much for them to handle. And they might have a point. In the past two weeks alone, Scotland Yard arrested a 19-year-old with ties to the group; hacker group Web Ninjas published names, photos and other personal data related to people it claims are members of LulzSec; and another hacker group, TeaMp0isoN, defaced the website of an alleged LulzSec member.

Excerpt, LulzSec calls it quits after 50 days of hacks, Yahoo News, June 27, 2011

Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we’ve gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don’t stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.”  From the Press Release of Lutz Security