- People on Twitter ask whose ancestors would’ve passed immigrant ‘wealth test’ Monday 6:54 PM
- Kobe Bryant helicopter crash mocked in teen’s TikTok video Monday 6:38 PM
- Chiefs, Bears, Packers have Twitter accounts hacked Monday 3:48 PM
- Washington Post reporter suspended amid backlash over Kobe Bryant tweet Monday 3:08 PM
- America is united in hating Ken Starr’s impeachment hat Monday 3:01 PM
- In ‘Cuties,’ the contradictions of growing up come to a head Monday 1:55 PM
- Racist tweets blame fruit bat soup for coronavirus Monday 1:25 PM
- What is the #ILeftTheGOP movement? Monday 1:21 PM
- The Grammys were weird and sad—but the Billy Porter hat memes offered some levity Monday 12:36 PM
- Auschwitz Museum calls on Facebook to ban Holocaust denialism Monday 11:59 AM
- YouTuber who said his girlfriend was dead now says he faked it Monday 11:42 AM
- Review: Kentucky Route Zero is one of the most magical games ever made Monday 11:00 AM
- Backlash grows against Clearview as lawsuit looms Monday 10:58 AM
- Tyler the Creator calls out the Grammys for racism over ‘Rap Album’ win Monday 10:25 AM
- Democrats call on John Bolton to testify after book bombshell Monday 9:56 AM
A new short film by actor and cybercrime documentarian Alex Winter offers a glance at Barrett Brown‘s first moments of freedom since the 35-year-old journalist was incarcerated in the summer of 2012.
Before filming Brown’s release late last month from the Three Rivers federal correctional institution in San Antonio, Winter says he corresponded with the former Anonymous agitator, who spent the last year covering his own imprisonment in a series of award-winning essays published by D Magazine and the Intercept.
“I’ve been following his case since they tried to throw the extreme sentences at him—similar to what they did with Aaron Swartz,” Winter told the Daily Dot. Swartz was a developer, Reddit co-founder, and activist. He took his own life in 2013 while under federal prosecution for downloading millions of academic journals. “[Brown] has a lot to say, and he’s very bold about getting his stories out.”
Brown was arrested in September 2012 after posting a video to YouTube in which he threatened to “ruin” the life of an FBI agent, whom Brown personally blamed for a raid the agency carried out at his mother’s house. That spring, the FBI had conducted two raids while attempting to seize Brown’s computers. His mother was charged with impeding a search warrant after concealing a pair of laptops in a kitchen cabinet and was later sentenced to six months probation.
According to Brown, who ultimately accepted responsibility for posting the video, he was withdrawing from heroin at the time. Facing a litany of cybercrime charges tied to the 2011 hacking of Stratfor, a private intelligence firm, Brown accepted a plea agreement that significantly reduced his potential time behind bars. (At one point, Brown was facing more than a century in prison.)
Brown was sentenced last January to 63 months in prison for transmitting a threat via interstate commerce for the video; interference in the execution of a search warrant for attempting to hide his laptops; and accessory after the fact in the unauthorized access to a protect computer. The latter charge stemmed from Brown’s connection to the Anonymous hacktivists who nearly crippled Stratfor during one of the most high-profile cybercrimes of the last decade.
The hack, which the U.S. Justice Department maintains led to more than $700,000 in fraudulent credit card charges, was widely reported after millions of the private intelligence firm’s emails were published by WikiLeaks in the spring of 2011, and noted hacker Jeremy Hammond—whom the FBI had placed on a terrorist watchlist—was taken into custody.
Brown’s story has, with the help of Winter, entered its next phase. But the tale of how he ended up entangled in a high-profile legal mess has never before been told in full.
The Stratfor hack
On Dec. 6, 2011, Stratfor became aware of a potential data breach of its servers. The company, founded in 1996, believed customer credit card information had been stolen. An independent forensic investigation would later determine that Stratfor’s systems had been infiltrated more than two months prior: On Sept. 29, a brute force attack was launched targeting a specific employee account, and within four days Stratfor’s mail server was breached.
The mail server would prove to be crucial. It contained not only the 5 million company emails later published by WikiLeaks—the so-called “Global Intelligence Files”—but served as a gateway to Stratfor’s e-commerce environment where it stored more than 79,000 credit card numbers. Stratfor’s cardholder data was not stolen directly from the server on which the cards were kept, but was instead transferred to the mail server prior to extraction.
The data dump file containing the Stratfor customer cards was created on Nov. 16, 2011, according to a forensic investigation conducted by Verizon, alongside the FBI, in early 2012, during three on-site visits to Stratfor’s 6th St. headquarters in downtown Austin, Texas.
The Verizon team’s analysis was damning. Stratfor, they found, disregarded most of the fraud control measures mandated by the payment card industry. The company had no management policy to prohibit employees from sharing passwords. There was no anti-virus software installed on any of the systems examined. And only a portion of the systems were actually protected by a firewall—though it was basically useless because it hadn’t been properly configured.
While it is against industry standards for merchants to store card verification values (CVVs)—the three digits located on the back of payment cards—Stratfor customers were not so lucky.
On Jan. 19, 2012, an FBI victim specialist sent Stratfor CEO George Friedman a formal letter to inform him that he’d been identified “as a possible victim of a crime.” Friedman had published a video nine days earlier in which admitted his customers’ financial information had been stored in an unencrypted format, against payment-industry protocol. “This was a failure on our part,” he said. “As CEO of Stratfor, I take responsibility.”
Hammond, a skilled hacker with the Anonymous-affiliated group AntiSec who was ultimately convicted of hacking Stratfor, became aware of the breach on Dec. 6, introduced to the hacker responsible by Hector Monsegur, whom the FBI had arrested approximately six months before and kept under constant supervision, according to the U.S. attorney prosecuting Monsegur’s case. After being informed that Stratfor was breached, Monsegur promptly connected Hammond with the hacker responsible, who was at the time known only as “Hyrriiya.”
Hyrriiya—who authored a May 2012 letter in which he confesses to hacking Stratfor months prior to Hammond’s involvement—was a member of RevoluSec, another hacking group that, by the fall of 2011, had infiltrated nearly every facet of the Syrian government’s online infrastructure. (Incidentally, a trove of files stolen by RevoluSec would later form a WikiLeaks dump known as the “Syria Files.”)
A skilled hacker who frequently boasted of his ability to infiltrate and steal directly from banks, Hyrriiya indicated to AntiSec on Dec. 6 that he intended to profit financially from Stratfor’s credit cards. When he gave Hammond access to Stratfor’s server, he asked only that he be warned before the group dumped the cards online, according to records under seal by request of the Justice Department and leaked to the Daily Dot.
The evidence of Hyrriiya’s early involvement, combined with the knowledge of Stratfor’s egregious security failures, paints a picture of the breach very different than the one described by the U.S. government, whose prosecutors characterized Brown as integral to the attack. (The U.S. was eventually forced to drop charges that alleged as much.) In court, U.S. attorneys offered only vague, sometimes unreliable descriptions of the actual cyberattack, relying instead on an assortment of Brown’s own statements to further the appearance that he was, in fact, the “leader of Anonymous,” to quote the prosecution.
For instance, the prosecution team read aloud an email in which Brown described himself as increasingly taking on a “central role in Anonymous.” FBI agent Robert Smith, whom Brown had threatened, was once asked by a prosecutor how long Brown had been an “anarchist;” Brown attorney Charles Swift quickly objected, seemingly confused over what his client dabbling in anarchism had to do with Stratfor’s stolen credit cards.
But when Smith—the key FBI witness for the U.S. government—was cross-examined by the defense, he appeared to have little knowledge of the Stratfor hack itself, or the inner workings of AntiSec, the group the FBI claim Brown aided and abetted. Smith couldn’t comment on Monsegur’s role in AntiSec; he also didn’t know precisely when Brown had first learned of the breach; and later on the witness stand, he incorrectly claimed that Stratfor was “compromised in early December 2011.”
From Oct. 3, 2011—the date that Stratfor was first compromised—83 days passed before Brown shared a link containing a portion of the stolen cards, on Christmas Day in 2011, according to sealed FBI records that by the time of Brown’s sentencing had already been introduced in a related case.
The same records also show that the FBI was made aware of the Stratfor breach on Dec. 7 when agents allegedly “provided all known at-risk cardholder information to the respective card brands.” On Dec. 9, MasterCard was served with a subpoena issued by the U.S. District Court for the Western District of Texas and in response began handing over fraud reports to the FBI. Other payment companies followed suit.
Stratfor’s servers, however, remained online for additional 15 days, until Hammond purposefully disabled them himself. In a public statement, Stratfor’s CEO admitted that, at the FBI’s request, his company had intentionally withheld knowledge of the theft from its customers.
By the time of Brown’s sentencing, all charges against him related to the link had been dismissed. But in court, the basis for the allegation—comprised mostly of fuzzy logic and dubious digital-vs-physical-world metaphors—served as a point of fixation for the government in its quest to extend Brown’s prison sentence.
In testimony, the FBI acknowledged that the exact link shared by Brown had been widely circulated online—specifically, it was posted to Pastebin.com—for at least an hour and 45 minutes before Brown re-shared it in a chatroom. In subsequent questioning, Smith further admitted that there was no evidence that anyone who may have clicked on the link provided by Brown ever broke the law. It was never even suggested Brown had actually downloaded, much less opened, the file himself.
Still, the government insisted that at least $18,000 in fraudulent charges had occurred after Brown shared the link and, prosecutors argued, he was, therefore, responsible. In response, Brown’s defense forced the government to acknowledge that Brown had questioned what was contained in the file he shared immediately after he shared it. But while vying to enhance his sentence, the U.S. attorneys argued that through Brown’s actions the cards had been “stolen further.”
Despite having knowledge of the breach three weeks before, the FBI first acquired physical access to the data on Stratfor’s servers on Dec. 28, according to a victim notification form obtained by the Daily Dot. In the first of at least three visits to the company’s Austin office, FBI agents from the bureau’s San Antonio field office seized 17 hard drives belonging to four Stratfor servers.
The following day, an FBI case officer’s attention was drawn to Brown’s link through an email also received by the San Antonio field office. The FBI report concerning the tip describes the sender only as a “confidential human source.” (Monsegur, it should be noted, reported to the FBI’s New York City office.) A cursory examination of the link revealed a file containing “full user data, including CC info,” the reporting agent wrote. “It was not the email dump that was promised,” he added, ostensibly indicating that the email’s sender was not fully aware of the file’s contents.
The FBI’s manhunt for AntiSec hackers continued, as agents conducted interviews across the country. A lead emerged after one of the hackers inadvertently revealed that he was using an IP address tied to a computer at Florida International University (FIU). Logs produced by the university showed its computer was used to access a server in Germany—one that had been used by Hyrriiya to store stolen Stratfor data, to which he had given AntiSec access on Dec. 6.
Brown’s only real connection to the Stratfor hack occurred on Dec. 26, when he emailed Stratfor’s CEO offering to redact information from its to-be-released emails in “an effort to minimize damages” to Stratfor customers. Far from charitable, his intention was to see if Stratfor would carelessly pinpoint its most sensitive information—a scheme one could hardly argue is above the stratagem of mainstream investigative journalists.
In addition to six months house arrest and two years probation, Brown has been ordered to pay restitution in the amount of $890,000—nearly all of it to Stratfor.
Barrett Brown returns
Brown is currently staying in a halfway house, but he is expected to be released next week, Winter says. From there, Brown will remain confined to his Dallas home for up to five more months.
“Barrett’s case is really clear-cut, in terms of what he absolutely, categorically did wrong,” Winter said. “He responded to being targeted by the FBI by threatening the life of an FBI agent. Whether or not he was coming down from drugs and not in his right mind, or not, obviously that’s something that’s going to catch up to him.”
Winter says the production of his short film “happened very quickly” following Brown’s release. “I knew when he was getting out,” he said. “I knew I was going to film him coming out, getting released into his parent’s custody. But, as I said, it occurred to me that it would be really beneficial if his story could get some coverage.”
That’s where Academy-Award winning filmmaker Laura Poitras and her production outfit, Field of Vision, stepped in. “It was something I dealt with on Deep Web,” said Winter, describing the complexities of producing a work around an event happening in real time, as he did with Deep Web, a documentary about the Silk Road online black market. “I like telling these stories that are happening as the news is happening. It’s very difficult to find people who are willing to run with you on that given the speed with which you have to go.”
Winter also spoke about the drug issue deeply ingrained in Brown’s case, something personal he also confronted while producing Deep Web. “I’ve lost a lot of friends to heroin. Very, very close friends,” he said. “The idea of drugs, on the surface, is so contemptible and unpleasant and unpalatable to people. But it isn’t to me. I think I have a lot of sympathy for people who are dealing with those issues, and I have a great understanding for the mental challenges that occur when you’re coming off of those drugs.”
With Brown free, Winter said he expects to see him more steadily producing a kind of high-quality journalism that he feels is lacking right now in America. “He’s beholden to a system that he’s continually critiquing,” Winter says, admiringly, but with a touch of concern.
“That does paint a big target on his back. He definitely has a lot of enemies, and there are a lot of people who’d love to see him back in jail.”
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.