Hacker, Hoaxer, Whistleblower, Spy
Page 35
It was as if he started talking before even picking up the phone: “Fox is going to publish a story about me and the FBI.” Sabu explained that the story was slated to go live in just a few minutes. He said that he wanted to explain some things before I read it. Distraught, he said that Fox had “stooped so low” to get at him and his family, but he refused to tell me just what they had done. He said only, “It’s not what you think it is.” My head spun throughout it all; I grew dizzy. I remember being angry, and having difficulty verbalizing what I was feeling or remembering what he said. And then, somehow, the conversation ended.
As it turned out, there was not one but three stories about Hector Xavier Monsegur, each featuring a giant picture of his face as he sat in front of a computer. There it was: Sabu’s cooperation with the FBI. This is what he had been trying to tell me on the phone. I was dumbstruck. The news coincided with a string of indictments also detailed in the articles. In the US, the FBI had just arrested Jeremy Hammond, while in the UK and Ireland, Ryan Ackroyd (Kayla), Donncha O’Cearbhaill (Palladium), and Darren Martyn (pwnsauce) were each indicted on computer conspiracy charges.
The news rolled through the different IRC channels like a shock wave. The CabinCr3w channel hosted a number of people who were very close to Sabu (pseudonyms have been altered):
Nacho-King was right. While everyone felt the bitter sting of betrayal, a minority still supported Sabu. The Fox News article had, indeed, reported that the FBI dangled a time-honored ultimatum in front of Sabu: he could work for the G-men or have his adopted cousins forcibly removed from his care. Eventually, a number of former Anonymous participants—more hangers-on than hardcore hackers—told me that Sabu had been telling them back in the summer of 2011 “to get the fuck out.” It started to become clear why Sabu had been cozying up with the Anons who possessed the hacking skills to enter systems, and not bothering with those who weren’t breaking the law. He was targeting those of most interest to the FBI.
A few hours later, a dominant attitude was emerging on the channels, one which echoed the sentiment of an unnamed government official quoted in the Fox report: “You might be a messiah in the hacking community but you’re still a rat.”
By the end of the day, Sabu’s reputation within Anonymous was irrevocably tarnished. And as the news reverberated throughout the Inter-tubes, howls of anger and pangs of betrayal sounded. It took a month before my own anger had receded enough that I could have another conversation with him. He was at his most defiant, opening our conversation with the salvo that he was “disappointed that no one questioned the news report.” Then he growled in disbelief at being treated like a “biohazard.”
“I protected hundreds of people,” he insisted. “I saved a lot of asses. When you have kids, you have to choose. I did the right thing.” His only plea for sympathy concerned the fact that he himself faced penalties. He had been arrested, after all, and maintained his liberty only on bail—it remained likely that he would still face ten or fifteen years in prison. Not knowing one’s fate is “stressful,” he declared. When I asked him how much of what he did and said was directed by the FBI, he barked, “Everything I said on Twitter was my motherfucking point of view.” He added later, “I was genuine with my tweets, no one dictated what I wrote.” This directly contradicts statements made by one of his handlers as reported by Jana Winter for Fox News. “About 90 percent of what you see online is bulls—,”21 said the handler, in reference both to posts from Sabu’s Twitter account and also “interviews” he gave to the press. Whether this is the truth or an even more elaborate, recursive disinformation campaign, the implication is that Sabu parroted whatever the FBI wanted him to say. There were some tweets—“If god forbid I am arrested, I’ll admit to my crimes, and take myself down. I do not believe in bringing others down for my own sins. Thanks”—that we now know were unadulterated nuggets of FBI-influenced BS.22
I barely got a word in edgewise, but I did manage to ask Sabu whether he met me at the behest of the FBI. His voice became louder in dismissal. “Jesus Christ! You don’t need to ask permission to go to fucking Chipotle and get a burrito!” Unsatisfied, I asked him again why he reached out to me, and I asked a further question about the catalyst of our meeting—the hacker at the NYSEC meet-up. He began brushing this off, before suddenly stopping short. “I needed the truth out there one way or another,” he stated clearly. “The more time we spent, the more I felt I could confide in you. It is a shitty situation.”
He let loose one final deluge of vitriol: “I expected the nerds to expose my family, but not the media. For the media to post shit on my family!” He added: “There are many informants in Anonymous.” Then he wrapped up with some shout-outs, giving props to “Jeremy and Donncha”—two of the most technically savvy and hardworking hackers in Anonymous, who had themselves refused to offer anything to law enforcement (and whose capture had largely been the result of his actions). Then he offered a few parting words: “I still think the idea of Anonymous is beautiful. Decentralization is power.”
Law Breaking and Snitches
Around this time, Anonymous participants and some independent journalists like Nigel Parry began raising questions about the official story that had coalesced around the Stratfor hack. On March 25, 2012, Parry penned a detailed blog post titled “Sacrificing Stratfor: How the FBI Waited Three Weeks to Close the Stable Door.”23 He noted how bizarre it was that Stratfor’s thorough pwning could occur right under the FBI’s nose. After all, the FBI maintained—both in court documents and to the Fox reporter—that Monsegur was on the tightest of leashes the whole time. “The FBI,” wrote Jana Winter, “has had an agent watching his online activity twenty-four hours a day, officials said.”24
Monsegur provided the FBI with direct, real-time access to unfolding developments, and the FBI informed Stratfor of the intrusion almost immediately, in early December. AntiSec only had access to the customer database at this time. It took another ten days for Hammond to infiltrate the rest of the system; Hammond didn’t delete the data for another ten days, on Christmas Eve. Stratfor had ample opportunity to step up its security or, if nothing else, back up its data. But it did not. In the aftermath of this hacking blitz, George Friedman, Stratfor’s CEO, provided the following vague explanation: “We worked to improve our security infrastructure within the confines of time and the desire to protect the investigation by not letting the attackers know that we knew of their intrusion.
”25
By November 2013, publicly accessible court records had confirmed Hammond’s timeline. And yet, for over two years no other journalist had bothered to press Stratfor on its failure to take additional protective measures after the initial intrusion. Nor did they question why the FBI waited until December 24 to deliver Stratfor a second wave of bad tidings—that emails had been downloaded and data was being wiped—when it knew full well that AntiSec had gained wider access days earlier.
The FBI’s rationalization for its actions does little to clarify the situation. As Nicole Perlroth of the New York Times reported: “The F.B.I. said that it immediately notified Stratfor, but said that at that point it was too late. Over the next several weeks, hackers rummaged through Stratfor’s financial information, email correspondence and subscribers’ personal and financial information, occasionally deleting its most valuable data—all in full view of F.B.I. agents.”26
Then, in May 2014, an astonishing bevy of court documents—chat logs, surveillance photos, and government documents from Hammond’s court case—were leaked to journalists Dell Cameron and Daniel Stuckey. Armed with them, they were able to corroborate Hammond’s timeline at a more granular level. The chat logs in particular go a long way toward confirming, as Cameron wrote, “longstanding accusations that federal investigators allowed an informant to repeatedly break computer-crime laws while in pursuit of Hammond and other Anonymous figures.”27
Allegations that Sabu aided and abetted illegal activity (recall that it was Sabu who brought the Stratfor vulnerability to Hammond in the first place) were not limited to the Stratfor hack. During Hammond’s sentencing hearing in November 2014, he read a statement that included another explosive accusation:
After Stratfor, I continued to break into other targets, using a powerful “zero day exploit” allowing me administrator access to systems running the popular Plesk webhosting platform. Sabu asked me many times for access to this exploit, which I refused to give him. Without his own independent access, Sabu continued to supply me with lists of vulnerable targets. I broke into numerous websites he supplied, uploaded the stolen email accounts and databases onto Sabu’s FBI server, and handed over passwords and backdoors that enabled Sabu (and, by extension, his FBI handlers) to control these targets. These intrusions, all of which were suggested by Sabu while cooperating with the FBI, affected thousands of domain names and consisted largely of foreign government websites, including Brazil, Turkey, Syria.28
As Hammond was about to mention more government targets, Judge Preska implored him: “Mr. Hammond, we just spoke about those countries being redacted, I’d appreciate if you didn’t use them.” In his statement, Hammond also reminded the court of the existence of some evidence backing his claims:
All of this happened under the control and supervision of the FBI and can be easily confirmed by chat logs the government provided to us pursuant to the government’s discovery obligations in the case against me … Because I pled guilty, I do not have access to many documents that might have been provided to me in advance of trial, such as Sabu’s communications with the FBI. In addition, the majority of the documents provided to me are under a “protective order” which insulates this material from public scrutiny.
Hammond’s statement was republished online, with some websites redacting the names of the countries mentioned and others including them. Having been told about these hacks earlier during my first prison visit, I became intrigued about how much truth might lie behind Hammond’s claims. I raised these questions to some journalists and convinced one to track them down. Eventually, this culminated in a front-page New York Times story by Mark Mazzetti in late April 2014, entitled “F.B.I. Informant Is Tied to Cyberattacks Abroad.”29 Then, after the trove of court documents under protective order were leaked, journalists Daniel Stuckey and Blake wrote a detailed play-by-play of Sabu’s role in orchestrating hacks against the Brazilian government and various corporate websites. Although many of Sabu’s targets were threaded through Hammond, he also offered vulnerabilities to other hackers. In one documented case, he offered a valuable exploit which “opened backdoors to hundreds of Brazilian websites.”30 And all of this was performed under the FBI’s careful gaze.
The news that the FBI allowed—or at least abided—Sabu’s role in facilitating an illegal hacking spree struck many in Anonymous as a perverse abuse of power. Of course, we don’t know—and likely never will—whether Sabu’s services were loaned out by the FBI to other three-letter agencies for military ops or intelligence gathering, whether his actions furthered the governments own purposes in some roundabout way, or whether other factors were at work; but when this example is contextualized within the broader American informant system, it becomes clear that the scenario is far from unusual. Law professor Alexandra Natapoff argues that corrupt relations between informants and their handlers are not sporadic, exceptional activities—they are endemic. In her book Snitching: Criminal Informants and the Erosion of American Justice, she persuasively illustrates a twisted system that often results in increased cycles of crime and violence. The FBI routinely allows its informants to break the law, Natapoff argues, so long as they are otherwise cooperative. While informants are a necessary tool for the criminal justice system, she concludes that in the program’s present configuration, “informant use inflicts significant wounds on the integrity of the criminal process.”31
Natapoff and other journalists have documented numerous cases of abuse. For instance, in 2005, Yassine Ouassif, a part-time engineering student living in the Bay Area, was escorted off a plane in Paris headed for San Francisco. Despite holding a green card and not being under investigation, he was interrogated for hours in a US Customs and Border Protection facility. Ultimately, an FBI agent offered a choice: become an informant in the Muslim-American community or face deportation to his home country Morocco.32 A lawsuit filed in April 2014 on behalf of four Muslim men alleges that the FBI placed or kept them on a no-fly list after they refused to spy on Muslim communities in New York, New Jersey, and Nebraska.33 This sort of bullying aims to intervene directly into a community, changing its very nature without having formally established any wrongdoing.
The majority of cases involving informants never go to trial in the United States, so we only learn about this system—and are able to argue for its reform—thanks to occasional trials and leaks (a reminder of how the Hammond court case leak can serve the democratic process). The fact that Sabu was allowed to facilitate so many hacks under full view of the FBI is testament to the ongoing abuses of the informant system. It also serves as a painful reminder that the state will use methods both legal and illegal to dismantle a movement deemed threatening.
“Trust no one on IRC, ever”
As the news rumbled about Sabu’s informant status, it became apparent that while Monsegur’s cooperation had made a decisive difference, many participants had neglected to properly secure their information. Anonymous9 expressed it to me this way: “The fact that people got arrested because of him is partially because he was a traitor, and partially because those people were careless. If they hadn’t shared personal information with him they would have been fine. Sort of comes back to the whole ‘trust no one on IRC, ever’ thing.”
It may be hard to prove computer crimes after they have been committed, unless data—such as credit card numbers, emails, or other incriminating information—is found on a suspect’s computer. But as computer security researcher Robert Graham put it, chat logs culled by an informant can be used to “convict you of conspiracy, intent, obstruction of justice [and] racketeering.”34 And the prosecution had an enormous hunk of logs from which to build its case. Still, having Sabu around was not enough to nab everyone—some members of AntiSec and LulzSec remain out of reach of the law. Had others been more careful with their operational security, they may have never been caught.
How were mistakes made? Hammond practiced nearly flawless technical operational security, but in chats he revealed personal detai
ls. The most significant—which I had seen him mention once in public and once in a private channel—was that he had spent time in federal prison. Given one of his main nicknames, “Anarchaos,” his unique status as one of the only bona fide American anarchist hackers to have done time in US prison must have placed him pretty high on the list of candidates. Perhaps the one vital task that Sabu performed for the FBI here was to connect Hammond’s potpourri of different nicknames. Below is a snippet of a conversation, filed in the court documents, between Sabu (as “CW-1”) and Hammond (as “@sup_g”) on Christmas Day:
<@sup_g>: I been going hard all night
<@sup_g>: we put out 30k cards, the it.stratfor.com dump, and another statement
<@sup_g>: dude it’s big
<@sup_g>: it shall be so
Of course, Sabu proved crucial to the investigations in many other ways: one LulzSec member shared a link to a home-brewed video he hosted on YouTube. With the URL, the authorities sent a subpoena to YouTube for the account’s email address, and from there it was trivial to connect his Facebook account. This young hacker had made the grave mistake of uploading incriminating screenshots of a web defacement, which were then shared with another member of LulzSec (oy vey).
Anonymous9’s suggestion to “trust no one on IRC” is much easier said than done. The “Sabutage,” as one person humorously referred to it, cut so deep because Anonymous, like almost every political movement, was underwritten by friendships and the flourishing of more intimate relationships still. Marriages, like the one between the young hacker John Anthony Borell III (Kahuna), from the CabinCr3w, and Sarah Borell, were indebted to chats in the crew’s private IRC channel. Topiary shepherded one of his LulzSec mates through a dark period of his life. Even those who never shared personally identifying information were interpolated into strong, lasting bonds. Such connections make it all too tempting, and easy, to be lulled into a state of comfort wherein one betrays their identity by oversharing. Even if one recognizes that this is happening, it is not as simple as simply changing a nickname, scrubbing all markers of the previous identity, and adopting a different style of talk. Parmy Olson highlights this “dilemma” constantly faced by hackers: changing a nick means losing the stable marker of identity and reputation crucial to hacker coworking across time.35