Jeremy Hammond, the 28-year-old hacktivist, was sentenced to 10 years in prison Friday for his role in the hacking of private intelligence firm Stratfor. But the length of Hammond’s sentence has overshadowed the allegations he may have leveled at the FBI during the hearing.
According to a Pastebin document posted by a prominent security researcher, Hammond was convinced by an FBI informant to carry out hacks against several foreign governments and tried say as much during his sentencing hearing.
The document is still unverified, but witnesses inside the courtroom say that when Hammond attempted to read his statement before the court, he was ordered silent by Judge Loretta Preska. Preska reportedly stopped Hammond mid-sentence after he mentioned the names of three countries—Turkey, Iran, and Brazil—and was told, “Mr Hammond, we just spoke about those countries being redacted, I’d appreciate if you didn’t use them.”
Immediately after Hammond’s sentence was announced, Sparrow Media published the text of his allocution—which redacted the countries the judge allegedly forbid Hammond to mention in court.
An hour after Hammond’s sentence was announced, well-known computer security researcher and WikiLeaks associate Jacob Appelbaum published a Pastebin document that contains an alleged, uncensored version of Hammond’s courtroom testimony.
I have now seen the un-redacted list of targets that #Hammond was asked to hack by the FBI. Holy fucking shit.
— Jacob Appelbaum (@ioerror) November 15, 2013
— Jacob Appelbaum (@ioerror) November 15, 2013
The Pastebin document claims that, through the use of an informant, the FBI repeatedly passed Hammond orders to infiltrate the computer systems of foreign governments. Hammond then unwittingly uploaded whatever data he could retrieve onto a server under FBI’s control. Federal agents repeated this process with Hammond many times, targeting many different countries.
Before the judge ordered his silence, Hammond apparently intended to disclose the names of those countries in the presence of the media.
Hammond told the court, “These intrusions, all of which were suggested by Sabu while cooperating with the FBI, affected thousands of domain names and consisted largely of foreign government websites.”
Sabu, a prominent hacker whose real name is Hector Xavier Monsegur, was later revealed to be an FBI informant.
“Sabu also supplied lists of targets that were vulnerable to ‘zero day exploits’ used to break into systems, including a powerful remote root vulnerability effecting the popular Plesk software,” Appelbaum’s Pastebin claims. “At his request, these websites were broken into, their emails and databases were uploaded to Sabu’s FBI server, and the password information and the location of root backdoors were supplied.”
— Runa A. Sandvik (@runasand) November 15, 2013
The document goes on to allege that more than 2,000 domains were affected by attacks carried out between January and February of 2012 at the request of the FBI. Brazil, Turkey, Syria, Puerto Rico, Colombia, Nigeria, Iran, Slovenia, Greece, and Pakistan are specifically named as nations targeted during these attacks, and the letter claims there are others as well.
It specifically names half a dozen websites that Hammond allegedly targeted at the request of Sabu and the FBI, including the official website of the Governor of Puerto Rico, the Internal Affairs Division of the Military Police of Brazil, the Official Website of the Crown Prince of Kuwait, the Tax Department of Turkey, the Iranian Academic Center for Education and Cultural Research, the Polish Embassy in the U.K., and the Ministry of Electricity of Iraq.
“All of this happened under the control and supervision of the FBI,” the letter says, noting that these claims are backed up by documents provided to Hammond’s defense during his trial. The full extent of the FBI’s “abuses,” the letter says, may never be known due to a protective order that has been placed on much of the evidence.
The Pastebin concludes by asking that all of the trial’s evidence be made available to the public. “I believe the documents will show that the government’s actions go way beyond catching hackers and stopping computer crimes.”
When asked to verify the authenticity of the Pastebin, Appelbaum told one reporter on Twitter, “This is a leak from people who know – it is legit.”
Although the document hasn’t been verified and should be treated with extreme caution, Hammond has previously made similar statements about Sabu and the FBI.
“What many do not know is that Sabu was also used by his handlers to facilitate the hacking of targets of the government’s choosing – including numerous websites belonging to foreign governments,” Hammond wrote in August to FreeJeremy.net. “What the United States could not accomplish legally, it used Sabu, and by extension, me and my co-defendants, to accomplish illegally.”