Monday, November 18, 2013

Reuters article reveals FBI apparently lied about large Anonymous breaches 'not happening' anymore

Justice Dept. memo related to case of Anonymous hacker sentenced on the same day Reuters exclusive was published may contain another lie; Two months after finally covering Barrett Brown, New York Times returns to ignoring his case

Lying to the FBI is a crime, but the bureau has a long history of engaging in asymmetric behavior when it comes to truthfully informing the public. It seems like the only "change" since 2008 - after Obama was elected president - is that lying has become more routine, and that it is done for public relations or propaganda purposes, rather than collecting information or preventing crimes.

An exclusive article published by Reuters reveals that not only have "activist hackers linked to the collective known as Anonymous secretly accessed U.S. government computers in multiple agencies and stolen sensitive information in a campaign that began almost a year ago," but that an FBI official apparently lied to the US public in August when he claimed that - due to high profile arrests - "large information breaches" were "not happening" anymore.

"The hackers exploited a flaw in Adobe Systems Inc's software to launch a rash of electronic break-ins that began last December, then left 'back doors' to return to many of the machines as recently as last month, the Federal Bureau of Investigation said in a memo seen by Reuters," Jim Finkle and Joseph Menn reported for Reuters on Friday.

The article continues, "According to an internal email from Energy Secretary Ernest Moniz' chief of staff, Kevin Knobloch, the stolen data included personal information on at least 104,000 employees, contractors, family members and others associated with the Department of Energy, along with information on almost 2,0000 bank accounts."

"Officials said the hacking was linked to the case of Lauri Love, a British resident indicted on October 28 for allegedly hacking into computers at the Department of Energy, Army, Department of Health and Human Services, the U.S. Sentencing Commission and elsewhere," Finkle and Menn report. "Investigators believe the attacks began when Love and others took advantage of a security flaw in Adobe's ColdFusion software, which is used to build websites."

The Reuters exclusive almost completely contradicts bragging - and apparently premature grave dancing - by an FBI official a few months ago.

According to the FBI, "[t]he hacker collective Anonymous has not produced as many high-profile cyber attacks as it once did, a drop-off that can be directly attributed to the arrests of the group's core members ," Gerry Smith reported for Huffington Post on August 21, 2013.

"The movement is still there, and they're still yacking on Twitter and posting things, but you don't hear about these guys coming forward with those large breaches," Austin P. Berglas, the "assistant special agent in charge of the FBI's cyber division in New York," told Huffington Post. "It's just not happening, and that's because of the dismantlement of the largest players."

As Smith reported, the "41-year-old Berglas leads the FBI's cyber division in New York, one of the busiest of the FBI's 56 field offices," so it's unlikely he was left in the dark about the investigation of breaches "that began almost a year ago" revealed by Reuters on Friday. Perhaps Berglas carefully stated that "you don't hear about these guys coming forward with those large breaches," because no news organization had reported on the Adobe Systems case, yet. The October 11, 2013 FBI memo noted that "the majority of the intrusions have not yet been made publicly known."

While it's possible when Berglas gave his August interview that the FBI didn't have enough evidence to tie Anonymous hackers to the breaches related to stolen information for over 100,000 victims, they almost certainly knew about it then, and presumably wasn't ruling them out.

The Reuters article was published on the same day that Anonymous hacker Jeremy Hammond was sentenced in a New York federal courtroom to ten years of prison. Although evidence shows that Hammond's illegal hacks of private security firms and government were rooted in activism, a federal judge dismissed his clearly politically-minded actions as "mayhem."

"Before being sentenced inside a packed courthouse in Lower Manhattan, Mr. Hammond, 28, described his hacking activities as 'acts of civil disobedience' against both an expanding surveillance state and the companies that do the government's bidding," Mark Mazzetti reported for The New York Times on Friday. "But Federal District Judge Loretta A. Preska was unmoved, telling Mr. Hammond 'there's nothing high-minded or public-spirited about causing mayhem.'"

The New York Times headline - "Hacker Receives 10-Year Sentence for 'Causing Mayhem'" - focuses on the judge's derisive pronouncement, rather than Hammond's defense or the actual charges he pleaded guilty over, largely in order to avoid a potential 30-year prison sentence if convicted. Mazzetti also ignored the potential conflict of interest that Hammond's lawyers had argued should have led Judge Preska to recuse herself from the case. In February, Preska refused to step down because her husband only was a two week subscriber to Stratfor, the email address leaked by Hammond and his co-conspirators was "publicly available" at his law firm's website, and he "never provided Stratfor with [his] credit card number or any other personal financial or identifying information such as [his] name, address, Social Security number or telephone number" (pdf link).

And although journalist Barrett Brown - who embedded himself into Anonymous to report on it - is currently facing over a 100 years in prison for copy-and-pasting a link in a IRC chat room to hacked Stratfor emails which included subscribers' credit card info, Mazzetti doesn't mention his name even once. Brown is facing over triple the time that Hammond faced, even though he had nothing to do with the actual hacking. New York Times reporters often used Brown as a source for Anonymous, but - except for a few republished wire reports and an April 14, 2013 op-ed by Northwestern University philosophy professor Peter J. Ludlow - the so-called "paper of record" pretty much ignored Brown's September of 2012 arrest for nearly a full year.

Media reporter David Carr wrote in his September 9, 2013 New York Times column that "much of what has Mr. Brown staring at a century behind bars seems on the right side of the law, beginning with the First Amendment of the Constitution." But other Times journalists continue to ignore Brown's case, perhaps because he leaked some of their emails in #OpNYT, not long before his arrest. (Editor's Note: I helped provide some research for the Free Barrett website for nearly eight months, but I've continued to report objectively and sometimes critically on Brown and his defense.)

A hacker named Hector Xavier Monsegur was secretly arrested in 2011, but worked as a confidential informant for the FBI to help catch others in Anonymous. Many "hacktivists" complain that while Monsegur aka "Sabu" committed some hacking crimes for selfish reasons, the hackers he helped "entrap" acted altruistically.

In his defense, Hammond argued that the FBI used Sabu to manipulate him and other hackers "to collect information regarding the vulnerabilities of foreign government websites and in some cases, disabl[e] them." However, Department of Justice lawyers countered that Hammond's "claims are baseless."

"While the CW and Hammond did discuss vulnerabilities of foreign websites (among others), in fact, the FBI notified foreign governments about this activity and the vulnerabilities in their websites after Hammond was arrested and the CW's role could be revealed without harming the investigation so they could take appropriate remedial action. In any event, even if Hammond's allegations were true, which they are not, they do not bear on any issues relevant to sentencing," Preet Bharara - the United States Attorney for the Southern District of New York - and Assistant United States Attorneys Thomas Brown and Rosemary Nidiry argued in a Justice Dept. sentencing memo (hat tip: @APBlake; footnote on pages 19-29: pdf link).

At his sentencing on Friday, Hammond claimed he "broke into numerous websites [the C.I.] supplied, uploaded the stolen email accounts and databases onto Sabu's FBI server, and handed over passwords and backdoors that enabled Sabu (and, by extension, his FBI handlers) to control these targets."

Hammond specifically cited Iran, Brazil and Turkey government websites in court - which the Judge admonished him over - but the names of six or seven other foreign government websites allegedly targeted were redacted from his statement.

"These intrusions, all of which were suggested by Sabu while cooperating with the FBI, affected thousands of domain names and consisted largely of foreign government websites, including those of XXXXXXX, XXXXXXXX, XXXX, XXXXXX, XXXXX, XXXXXXXX, XXXXXXX and the XXXXXX XXXXXXX," Hammond added. "In one instance, Sabu and I provided access information to hackers who went on to deface and destroy many government websites in XXXXXX. I don't know how other information I provided to him may have been used, but I think the government's collection and use of this data needs to be investigated."

While the Justice Department memo claims "the FBI notified foreign governments about this activity and the vulnerabilities in their websites after Hammond was arrested," it seems extremely dubious that an unfriendly country such as Iran would be warned, and that the U.S government and military wouldn't take advantage of such a potential intelligence coup.