Thursday, August 22, 2013

FBI director suggests Sabu helped feds build case against Barrett Brown

[October 7, 2015 Editor's Note: The headline and central premise of this article is almost certainly wrong, I should have added this correction a while ago. There's still some good stuff in article though, imo]

Update below: Brown's prosecutors claim no confidential human sources were used in case but that doesn't seem to explain warrant for March, 2012 raid, unless prosecutors were allowed to go on a fishing expedition and FBI agents were granted the go-ahead to seize a journalist's computers

On August 8, Federal Bureau of Investigation Director Robert S. Mueller, III gave a speech called "The Future of Cyber Security from the FBI’s Perspective" at the International Conference on Cyber Security 2013 held at Fordham University in New York City.

"Over two years after the Summer of Lulz, FBI Director Robert Mueller remarks at the Fordham ICCS Conference this past Thursday, to the best of my knowledge, the first time he made mention of Lulz Security & their informant leader Sabu, better known as Hector Xavier Monsegur, Jr.," the Operation Slingshot blog notes. "It is quite curious, since apart from the arrests and proceedings themselves, the FBI leadership has more or less kept radio silence on the matter."

Eight months before Barrett Brown, a journalist who essentially embedded himself into Anonymous, is scheduled to go on trial for computer related crimes, the outgoing FBI director may have accidentally revealed that the feds may have used Sabu's cooperation to help build the case against him.

Mueller told the conference that the Bureau's "combination of technical skills and traditional investigative techniques recently led the FBI to the hacker known as Sabu—one of the co-founders of LulzSec."

"This case began when our Los Angeles Division collected IP addresses that were used to hack into the database of a TV game show. One of these led to an individual who had failed to anonymize his IP address," Mueller said. "Our New York Office used confidential human sources, search warrants, and physical surveillance to identify and locate this man, who was only known then by his online moniker, Sabu."

He added, "When our agents went to arrest him, they gave him a choice: Go to jail now, or cooperate."

"Sabu agreed to cooperate, continuing to use his online identity," Mueller continued. "His cooperation helped us to build cases that led to the arrest of six other hackers linked to groups such as Anonymous and LulzSec. It also allowed us to identify hundreds of security vulnerabilities—which helped us to stop future attacks and limit harm from prior intrusions."

Douglas Stanglin reported for USAToday on March 6, 2012, "Five alleged hackers have been charged with breaking into the computer systems of governments, corporations and media organizations after the reputed head of the LulzSec ring became an FBI informant, authorities announced."

"Five computer hackers in the United States and abroad were charged today, and a sixth pled guilty, for computer hacking and other crimes," the March 6, 2012 indictment states. "The six hackers identified themselves as aligned with the group Anonymous, which is a loose confederation of computer hackers and others, and/or offshoot groups related to Anonymous, including 'Internet Feds,' 'LulzSec,' and 'AntiSec.'"

"RYAN ACKROYD, a/k/a “kayla,” a/k/a “lol,”a/k/a “lolspoon,” JAKE DAVIS, a/k/a “topiary,” a/k/a “atopiary,” DARREN MARTYN, a/k/a “pwnsauce,” a/k/a “raepsauce,” a/k/a “networkkitten,” and DONNCHA O’CEARRBHAIL, a/k/a “palladium,” who identified themselves as members of Anonymous, Internet Feds, and/or LulzSec, were charged in an Indictment unsealed today in Manhattan federal court with computer hacking conspiracy involving the hacks of Fox Broadcasting Company, Sony Pictures Entertainment, and the Public Broadcasting Service (“PBS”). O’CEARRBHAIL is also charged in a separate criminal Complaint with intentionally disclosing an unlawfully intercepted wire communication.

HECTOR XAVIER MONSEGUR, a/k/a “Sabu,” a/k/a “Xavier DeLeon,” a/k/a “Leon,” who also identified himself as a member of Anonymous, Internet Feds and LulzSec, pled guilty on August 15, 2011 in U.S. District Court to a 12-count information charging him with computer hacking conspiracies and other crimes. MONSEGUR’S Information and guilty plea were unsealed today. The crimes to which MONSEGUR pled guilty include computer hacking conspiracy charges initially filed in the Southern District of New York. He also pled guilty to the following charges: a substantive hacking charge initially filed by the U.S. Attorney’s Office in the Eastern District of California related to the hacks of HBGary, Inc. and HBGary Federal LLC; a substantive hacking charge initially filed by the U.S. Attorney’s Office in the Central District of California related to the hack of Sony Pictures Entertainment and Fox Broadcasting Company; a substantive hacking charge initially filed by the U.S. Attorney’s Office in the Northern District of Georgia related to the hack of Infragard Members Alliance; a substantive hacking charge initially filed by the U.S. Attorney’s Office in the Eastern District of Virginia related to the hack of PBS, all of which were transferred to the Southern District of New York, pursuant to Rule 20 of the Federal Rules of Criminal Procedure, in coordination with the Computer Crime and Intellectual Property Section (“CCIPS”) in the Justice Department’s Criminal Division.

Late yesterday, JEREMY HAMMOND, a/k/a “Anarchaos,” a/k/a “sup_g,” a/k/a “burn,” a/k/a “yohoho,” a/k/a “POW,” a/k/a “tylerknowsthis,” a/k/a “crediblethreat,” who identified himself as a member of AntiSec, was arrested in Chicago, Illinois and charged in a criminal Complaint with crimes relating to the December 2011 hack of Strategic Forecasting, Inc. (“Stratfor”), a global intelligence firm in Austin, Texas, which may have affected approximately 860,000 victims. In publicizing the Stratfor hack, members of AntiSec reaffirmed their connection to Anonymous and other related groups, including LulzSec. For example, AntiSec members published a document with links to the stolen Stratfor data entitled: “Anonymous Lulzxmas rooting you proud” on a file sharing website.

Last March, I reported that The New York Times oddly deleted passages related to Barrett Brown from their March 7, 2012 article, which was originally credited to Somini Sengupta and Nicole Perlroth. The story originally said, "Barrett Brown, a member of Anonymous who has often served as a spokesman for the group, said that his home in Dallas had been raided and that the F.B.I. had sent three agents to his mother’s house, where he was staying last night."

"'I received an advance warning of the raid and put all my laptops in very specific places where they couldn’t be found,' Mr. Brown said. He said the agents left without making an arrest.

Mr. Brown said the arrests elsewhere would not slow down the Anonymous movement. 'There are lots and lots of people here that continue to work. The F.B.I. did not really cut the head off of anything. Anonymous will go forward as usual. So will I. We hired an army of lawyers last January. We are prepared for a big slug-out.'

When I asked Perloth why all three paragraphs related to Barrett Brown were scrubbed, she sent me a bland, boilerplate statement which didn't really explain anything: "Hi Ron, Thanks for the inquiry, it's the type of q we often get from readers. In this case the story that was originally posted... on the Web was updated and revised multiple times before it went to print, with some material deleted as more was added. In happens all the time, in part to freshen the story and in part because we think that changes make it better. Hope that helps!"

Even though The New York Times used Barrett Brown as a source for multiple stories, he hasn't been mentioned by any of their reporters in a story since this scrubbing - which even Brown called odd in one of his videos. The New York Times staff completely ignored Barrett Brown's arrest last September, even though he's one of the most famous and known contributors to Anonymous. It's possible that Times reporters are purposely blacklisting all mention of Brown because he published conversations he had with a few of them in an "op" he mounted in the summer of 2012.

Mueller said that Sabu's "cooperation helped us to build cases that led to the arrest of six other hackers linked to groups such as Anonymous and LulzSec." Since only five others are named on the indictment unsealed on March 6, 2012, and Barrett Brown was raided that same day, the FBI director's speech appears to suggest that Brown was number six. Brown isn't a hacker, so it was probably too difficult for prosecutors to find a reason to charge him on March 6, 2012.

In a pastebin posted on March 7, 2012, Barrett Brown complained, after FBI agents showed up at his apartment on March 6, "At that point I began taking calls and e-mails from the press regarding Sabu, whom I learned was in fact a degenerate pussy traitor who couldn't face two fucking years in prison, making him the biggest pussy in the history of mankind. There were several people who came to this conclusion early on; I was not wise enough to be one of them. As to the various stunts he pulled in the months since his arrest - including but not limited to the unnecessary release of credit card information for Stratfor customers - we may never know to what extent such things were encouraged by his 'Justice Department' handlers in an effort to discredit this movement. But I digress, lol. At any rate, the Feds came back a couple of hours later with a search warrant for my mom's place - they fully intended to take a certain laptop, and did."

A website devoted to raising funds for Barrett Brown's defense called Free Barrett states, "Having previously been raided by the FBI on March 6, 2012 and not charged with any crime in relation to that incident, on September 12, 2012 Barrett Brown was again raided and this time arrested by the Federal Bureau of Investigation while he was online participating in a Tinychat session. He was subsequently denied bail and detained without charge and adequate medical treatment for over two weeks while in the custody of US Marshals. In the first week of October 2012, he was finally indicted on three counts. related to alleged activities or postings on popular websites such as Twitter and YouTube."

In the early morning on September 12, I called the chambers of the North Dallas judge who allegedly signed the warrants (which Michael Hastings later published in a report on Brown for BuzzFeed), and was told that there was no record of it. They suggested I contact the US Attorney's Office to see if the warrants were sealed. The North Dallas Department of Justice office couldn't find any record of the warrants, and was skeptical that they even existed. In a video Barrett Brown claimed that the FBI told him the warrants were sealed because he was the target of a Mexican drug cartel, but it's not clear if he was being serious or not.

"On December 4, 2012 Barrett was indicted by a federal grand jury on twelve additional counts related to data from the Stratfor breach," the Free Barrett website adds. "Despite his lack of direct involvement in the operation and stated opposition to it, he faces these charges simply for allegedly pasting a hyperlink online."

[Editor's Note: I provided the Free Barrett website with research for over six months after Brown's arrest, and I helped contribute to the last line of the preceding paragraph. I've never been in Anonymous, but I support Brown because he's an imprisoned journalist. However, I report objectively on his case, and have often criticized Brown, some of his lawyers and the Free Barrett website.]

The 12 counts on Brown's second indictment - so far - are the only charges that he faces that could be related to Sabu's cooperation. It states that Brown was "aided and abetted by persons known and unknown to the Grand Jury," and one of those persons could be Sabu.

Even though there doesn't seem to be any proof that Brown had anything to do with the Stratfor hack - or foreknowledge of the crime - the majority of the time he faces is related to it. Sabu and Hammond pled guilty to the actual hack, and while the former's sentencing keeps getting postponed (August 23rd is the next date), the latter is facing up to ten years. Brown is currently facing decades, just for copy-and-pasting a link to a fileshare that contained some credit card information into an IRC chat room so he and his Project PM colleagues could pore over the details of the emails in hopes of finding possibly illegal activities by the US government or security firms.

The unsealed March 6. 2012 indictment against Sabu and five others states, "In December 2011, HAMMOND conspired to hack into computer systems used by Stratfor, a private firm that provides governments and others with independent geopolitical analysis. HAMMOND and his co-conspirators, as members of AntiSec, stole confidential information from those computer systems, including Stratfor employees’ emails as well as account information for approximately 860,000 Stratfor subscribers or clients. HAMMOND and his co-conspirators stole credit card information for approximately 60,000 credit card users and used some of the stolen data to make unauthorized charges exceeding $700,000. HAMMOND and his co-conspirators also publicly disclosed some of the confidential information they had stolen."

The Free Barrett website adds, "On January 23rd, 2013 he was indicted a third time on two more counts, relating to the March 2012 FBI raid(s) on his apartment and his mother’s house."

"Sabu was assumed to have been an informant in his case as well, until the prosecutors in Barrett’s case stated there were none at all," the Operation Slingshot blogger wrote, but I'm not sure how he or she came to this conclusion [SEE UPDATE BELOW]. The warrant for the March 6, 2012 raids on Barrett Brown's residences was looking for specific information, which seems to have been derived from an informant's claims. It sought info related to HBGary, Stratfor and Endgame Systems - a shadowy security firm Brown was probing. The warrant also mentioned InfraGard - which was hacked - but Brown said in one of his videos that he never worked on anything related to them.

"I suspect that the FBI is working off of incorrect information," Brown told Hastings - who died in a car accident two months ago - in April of 2012.

There is another informant - a wannabe security firm agent who worked with HBGary after it was hacked - named Jennifer Emick who has relentlessly pursued Barrett Brown since at least February of 2011. A future story that I have been working on for months will hopefully be finished before Brown's trial which is scheduled for April of 2014.

UPDATE - The Free Barrett website pointed out to me that prosecutors claimed no informants were involved in the Barrett Brown case in a July response to a Discovery request by his lawyers (Page 24 of PDF).

Brown's lawyers requested, "A list of all confidential sources who provided information for any application for a search warrant, arrest warrant or eavesdropping warrant in this case, regardless whether such warrant was actually sought or obtained."

"A confidential human source (CHS) is any individual who is believed to be providing useful and credible information to the FBI for any authorized information collection activity, and from whom the FBI expects or intends to obtain additional useful and credible information in the future, and whose identity, information or relationship with the FBI warrants confidential handling. see," the prosecutors responded. "The prosecution team did not rely on any CHSs in applying for search or arrest warrants in Brown’s cases."

Brown's lawyers also requested, "A statement of whether any evidence in the government’s possession, custody, or control was obtained through a confidential informant, and if so, a description of such evidence."

"The prosecution team did not rely on any CHSs in presenting the facts to the Grand Jury for the return of Brown’s Indictments. (See the definition of CHS in the response to #10 above.) If the prosecution team receives/reviews any information or evidence from a CHS and determines the same to be discoverable, it will notify the defense," prosecutors responded.

A member of Project PM who uses the handle @subverzo on Twitter also pointed out that Sabu isn't listed as a witness. The government doesn't have to provide all names until a day before they are scheduled to testify, and podcaster @VinceInTheBay argued that Sabu doesn't necessarily have to testify anyway.

However, the denials don't seem to explain why Brown's residences were raided in the first place on March 6, 2012. It seems unlikely that a grand jury and a judge allowed prosecutors to go on a fishing expedition and to seize a journalist's computers, without any proof that crimes were committed. It also seems unlikely that the government didn't rely - at all - on statements or evidence provided by their inside man, Sabu, or Jen Emick who has allegedly furnished the FBI with tips regarding Brown.


Anonymous said...

So did you ever find a copy of the warrants? Do you know what federal facility Brown was in before he was transferred to Mansfield Law Enforcement Center? 12/07/12. It shows he was released from federal custody on that date on the federal inmate search query. This is odd because he should still be listed under fed custody.

Anonymous said...

Response to comment: "It shows he was released from federal custody on that date on the federal inmate search query. This is odd because he should still be listed under fed custody."

That federal inmate search is totally unreliable, at least for pre-trial inmates like B. Brown.

Ron Brynaert said...

The warrants are still seeled along with other court documents from the early days of his imprisonment. The recent gag wasn't the first gag in his case either.

From Barrett Brown's "Communiqué from Prison 9/20/12"

"Likewise, if I were the US attorney who signed the Motion for Detention dated September 13 2012 – the document that, after having been approved by Judge Paul D. Stickney, ensured I would not only be prevented from discussing what I’m being accused of but also made a prisoner of the state until such time as a trial or some such can be concocted out of the jurisprudential magick I struggle to follow, in my innocence. Apparently I am not just a danger to the fragile FBI agents who have taken to threatening my mother and fracturing my ribs in the course of heavily-armed raids on my uptown Dallas apartment, but must be prevented from explaining to my associates, followers, and even enemies why I have again been subjected to violence and indignity."