Article Lead Image

Aaron Parecki/Flickr (CC BY 2.0) | Karen Lancaster/Wikipedia (PD) | Remix by Jason Reed

Secret Barrett Brown chat logs reveal crucial new evidence

Brown is accused of helping the FBI's most-wanted hacker.


Dell Cameron


Posted on Jan 20, 2015   Updated on May 29, 2021, 5:49 pm CDT

At Barrett Brown’s initial sentencing hearing last month, U.S. attorneys surprised Brown’s defense team with a whopping 500 pages of new evidence in a last-minute effort to land the Texas journalist and Anonymous provocateur with a maximum sentence of eight and a half years in prison.

Introducing hundreds of chat conversations lifted from Brown’s seized laptop, the government prosecution offered a version of events that depicted him as a central figure in one of Anonymous’s most high-profile cyberattacks to date.

While the flood of chat logs was enough to cause a delay in Brown’s sentencing, it comprises only a fraction of the data extracted by the government from his computer, and more importantly, the selected logs fail to tell the whole story.

A cache of sealed court records obtained last year by the Daily Dot reveals that the Federal Bureau of Investigation (FBI) discovered no fewer than 3,000 pages of chat logs on Brown’s laptop. Those conversations, which span from March 2011 to February 2012, were produced as evidence in the Southern District of New York against Anonymous hacker Jeremy Hammond, who was sentenced in November 2013 for his role in the hacking of Austin-based intelligence publisher Stratfor.

The full extent of the private chat logs, recorded by Brown and seized by the government, remains unknown. But reporters familiar with the evidence against Brown say the FBI may have gleaned tens of thousands of pages of conversations from Brown’s hard drive, potentially revealing his daily contact with hackers and other sources who ostensibly believed they were speaking with the journalist and activist in confidence.

At the Dec. 16 hearing, an unenthused Judge Samuel Lindsay allowed the prosecution to proceed with an analysis of charges long dismissed and for which Brown was never convicted. The prosecution, led by U.S. Attorney Candina Heath, introduced specific chat logs to present at last month’s hearing that best suited its narrative, which, according to D magazine, “painted Barrett as a leader of Anonymous, someone who knowingly stole and distributed credit card information, a wreaker of real and serious damage.” It is these logs that the prosecution hopes will secure a lengthy prison sentence for Brown.

Due to the sheer volume of the submission, and the fact that defense attorneys were given no prior access, Brown’s sentencing was adjourned and would not be handed down for another five weeks.

At present, Brown has been incarcerated in Texas for two years and four months. Branded a threat to his community and a potential flight risk, he was remanded without bail by a federal magistrate less than a week after his September 2012 arrest. Since that time, the charges against him have been amended on multiple occasions. After motions were filed to dismiss all indictments in the spring of 2014, prosecutors rendered a plea bargain that promised to reduce his potential prison sentence by more than 62 years.

The three-count indictment Brown pleaded guilty to stems from “threats” issued on YouTube against a federal agent, interference with the execution of a search warrant to obtain a laptop (which was discovered in his mother’s kitchen), and his alleged after-the-fact involvement in the Stratfor hack—a crime that he was neither present to accomplish nor technically equipped to achieve.

A report based on the evidence against Hammond published by the Daily Dot in June 2014 revealed that, prior to Hammond’s knowledge of the company’s vulnerability, the Stratfor breach was orchestrated by a confidential FBI informant. The incident raised key questions about the Bureau’s adherence to Justice Department guidelines, which expressly forbid the FBI from authorizing an informant—even one permitted under strict protocol to engage in criminal activity—to “initiate or instigate a plan or strategy to commit a federal, state, or local offense.”

To the defense’s objection, the government repeatedly attacked Brown over allegations that he once shared a hyperlink pointing to some of the stolen email addresses and credit card details belonging to Stratfor’s customers. Related counts of trafficking in stolen property and identity theft, which alone carried a maximum sentence of 35 years in prison, were abandoned by the government last March, presumably because there is little if any legal precedent to support such an indictment.

The right of journalists to report on material illegally obtained by others, upheld by a 2001 Supreme Court ruling, failed to deter prosecutors from arguing that sharing the link was conduct worthy of sustaining Brown’s prison sentence. In Heath’s own words: “It doesn’t matter the number of hands it passes as long as they know its stolen property.”

Heath asserted that anyone who shares stolen information “steals it further.” This blanket argument from a U.S. government attorney contradicts the foundation of reporting from august publications, such as the Washington Post and the Guardian, both of which won Pulitzer prizes last year for reporting based on leaked top-secret National Security Agency (NSA) documents.

According to the government, Brown actively sought stolen personal information, including the credit card details of government employees.

This accusation is corroborated by a chat log dated Sept. 6, 2011. In it, Hammond (“burn”) offers Brown credit cards belonging to an employee of a “major military contracted company,” which the hacker says may be useful for “harassment purposes.” Brown indicates that he’s solely interested in the card details because they may be useful for “obtaining other info.” He further implies that harassment is not his objective.

<burn> they may be low level employees
<burn> or work in areas other than cyber security or intelligence
<Barrett_Brown> true, but one never knows
<burn> passwords may lead nowhere but run with it
<burn> it hasn’t been released anywhere else yet either
<burn> will leave that to yall
<Barrett_Brown> won’t release, best not to notify firms what we have

In the same log examined by the Daily Dot, Brown is delivered a series of names, phones numbers, email addresses, and logins belonging to employees of government contractors, such as ManTech; Northrop Grumman; and Booze Allen Hamilton, Edward Snowden‘s former employer. Hammond instructs him to obscure the source before reposting it by deleting specific details. Brown replies: “Not going to repost at any point.”

Again, when Hammond says he’ll leave publishing the employees personal information to Brown, he’s told: “won’t release, best not to notify firms what we have.”

Other documents reviewed appear to starkly contradict the government’s portrayal of Brown as having played a key role in the attack on Stratfor. In fact, confidential evidence maintained by the Justice Department reveals plans by the hackers responsible for the Stratfor breach to attack Brown as well and, if possible, damage his reputation as a source with other journalists.

In the early weeks of December 2011, Hammond and other hackers, known collectively as AntiSec, discussed strategies for releasing Stratfor’s data in a private chatroom called #LulzXmas. While Hammond worked to compromise and gain control over four of the company’s servers, others spoke openly about credit card charges accrued using Stratfor’s stolen data. Stratfor customers would ultimately endure up to $700,000 in fraudulent charges.

Meanwhile, federal agents monitored the hackers’ conversations via surveillance software installed on the computer of an informant, later identified as Hector “Sabu” Monsegur. Ironically, it is the same chat logs obtained from an FBI-provided laptop that now challenge the government’s accusations that Brown abetted AntiSec’s criminal activity.

<????> someone snitched about str to BB
<????> BB tweeted
<????> we r screwed now

<????> he knows target and details
<????> how?

<??> did he tweet the target
<?????> No, but he knows it.

– AntiSec

Despite having never entered AntiSec’s secret chatroom, Brown was aware of the Stratfor breach before most others. Hammond and his cohorts panicked over a Dec. 24, 2011, tweet from Brown’s account alluding to the release of “2.4 million emails.”

Infuriating the group further, Brown hinted on Twitter about a tenuous media embargo negotiated with then-Wired journalist Quinn Norton, the only person not directly involved in the hack ever allowed into the #LulzXmas chatroom.

“Ok so now we already lost Wired,” one of the hackers complained after Brown’s tweets.

<??> Also we should hold back the emails for a week or so. 1) BBs claims will show up as false 2) Speculations and lulz will ensue.

<????> we put all CC on pastebin we signed Barrett Stole the CCs for his drugs

<????> we can keep nuking his router during a month

<????> BB always was a delusional guy with attention whorism syndrome
<????> he cant keep his mouth closed
<?????> yeah he fucked up majorly this time

Brown’s alleged coconspirators had repeatedly plotted to deceive him, according to records the government allegedly withheld from its submission last month. The Daily Dot can confirm that, more than a year ago, the government submitted a number of matching documents as evidence in its case against Hammond. At the request of U.S. attorneys, the exhibits were placed under seal. A source close to the case said evidence that Brown disrupted AntiSec’s plans for releasing Stratfor’s stolen files was never revealed to his defense team.

On Dec. 23, 2011, Hammond (“o”) confronted Brown over revealing AntiSec’s plans. He had “nothing to do with this operation,” Hammond told him. An argument between the two broke out after Brown refused to divulge the source of his information:

[Hammond] Well, obviously the subject matter is of interest to your line of work / But timing and security is also crucial / Obviously it’d be far worse if you went ahead and blurted the name of the target / But the fact you knew at all obviously set off our internal alarms and really you having nothing to do with this operation…

[Brown] obviously the person who told me was involved, and as such it was that person’s decision whether or not to give me advance notice / that person made that decision based on his knowledge of what I generally bring to the table in these releases / my suggestion is that you make this case to your crew, rather than to me / you don’t have any place to dictate to me the terms on which I handle information provided to me by those involved in these operations / …Fuck yourself.

Click here to read a longer segment of this conversation.

In spite of this heated exchange, Hammond and Brown quickly made amends. Two days after the argument took place, chat logs show, Brown suggested redacting sensitive information from Stratfor’s emails before they were leaked: “Earlier it occurred to me that it might be a good idea to tell Stratfor that you guys will consider making any reasonable redactions to e-mails that might endanger, say, activists living under dictatorships,” he said.

“you having nothing to do with this operation”

Brown soon contacted Stratfor CEO George Friedman through an email address included in documents AntiSec stole from the company and shared with him by Hammond. According to Brown’s plea agreement, by advising the hackers to redact information and communicating with Stratfor, he “hindered and prevented” the FBI from learning Hammond’s true identity. Nevertheless, Hammond was apprehended roughly two months later, during an FBI raid at his Chicago home. WikiLeaks eventually released more than 5 million confidential, unredacted Stratfor emails.

Following the Stratfor hack, Hammond went on to breach thousands of websites, causing damage to servers in no fewer than 30 foreign countries. As previously reported by the Daily Dot, many of these vulnerable sites were discovered by Monsegur, at the time a confidential informant under the FBI’s supervision.

Brown’s sentencing resumes on Thursday, Jan. 22, at the Earle Cabell Federal Courthouse in Dallas, Texas.

Additional reporting by Andrew Blake and Daniel Stuckey.

Photo by Aaron Parecki/Flickr (CC BY 2.0) | Karen Lancaster/Wikipedia (PD) | Remix by Jason Reed

Share this article
*First Published: Jan 20, 2015, 5:30 am CST