By Mike Masnick | Techdirt | November 18, 2013
On Friday, we wrote about Jeremy Hammond’s 10-year prison sentence, mentioning that the judge had required part of Hammond’s statement be redacted from any reports as his discussion of the list of targets he was asked to hack by FBI informant Sabu (Hector Xavier Monsegur) was considered classified. Of course, it will come as little surprise that the unredacted/uncensored text of his original statement is alleged to have leaked soon after the sentencing. Someone posted it to Pastebin. While it’s entirely possible that this is fake, there are at least some indications that it’s accurate.
Sabu also supplied lists of targets that were vulnerable to “zero day exploits” used to break into systems, including a powerful remote root vulnerability effecting the popular Plesk software. At his request, these websites were broken into, their emails and databases were uploaded to Sabu’s FBI server, and the password information and the location of root backdoors were supplied. These intrusions took place in January/February of 2012 and affected over 2000 domains, including numerous foreign government websites in Brazil, Turkey, Syria, Puerto Rico, Colombia, Nigeria, Iran, Slovenia, Greece, Pakistan, and others. A few of the compromised websites that I recollect include the official website of the Governor of Puerto Rico, the Internal Affairs Division of the Military Police of Brazil, the Official Website of the Crown Prince of Kuwait, the Tax Department of Turkey, the Iranian Academic Center for Education and Cultural Research, the Polish Embassy in the UK, and the Ministry of Electricity of Iraq.
Sabu also infiltrated a group of hackers that had access to hundreds of Syrian systems including government institutions, banks, and ISPs. He logged several relevant IRC channels persistently asking for live access to mail systems and bank transfer details. The FBI took advantage of hackers who wanted to help support the Syrian people against the Assad regime, who instead unwittingly provided the U.S. government access to Syrian systems, undoubtedly supplying useful intelligence to the military and their buildup for war.
All of this happened under the control and supervision of the FBI and can be easily confirmed by chat logs the government provided to us pursuant to the government’s discovery obligations in the case against me. However, the full extent of the FBI’s abuses remains hidden. Because I pled guilty, I do not have access to many documents that might have been provided to me in advance of trial, such as Sabu’s communications with the FBI. In addition, the majority of the documents provided to me are under a “protective order” which insulates this material from public scrutiny. As government transparency is an issue at the heart of my case, I ask that this evidence be made public. I believe the documents will show that the government’s actions go way beyond catching hackers and stopping computer crimes.
Again, while Hammond is responsible for actually carrying out the activity of breaking into these sites, it still seems incredibly questionable that the targets may have been suggested by the FBI, which then basically got to take advantage of Hammond’s activities, and then when that wasn’t useful any more, to throw him in jail for a decade.