Jeremy “Anarchaos” Hammond has been indicted in the revised Anonymous/Lulzsec case, as charged by a federal grand jury. The case includes the attacks against Stratfor and the Arizona Department of Public Safety. While Hammond was one of the original named parties in the conspiracy indictment, he had not been charged with these acts at that time.
Hammond is accused of being the lead coordinator on the attack on the Arizona DPS in mid-2011 and the Stratfor attacks that took place between December of 2011 and March of this year. The Arizona DPS attack included a trove of hacked emails, and internal documents that were subsequently released. Many of the documents were considered sensitive and covered law enforcement training, plans, and other delicate internal topics. In the case of the Stratfor attack, the records of over 860,000 clients were stolen, along with a reported 60,000 credit card numbers, complete with security codes and dates of expiration. Also revealed in the indictment, the accused are reported to have used those credit card accounts to the tune at least $700,000 through unauthorized charges. During the transaction of stolen data, some of this was shared with and through servers under monitoring by FBI operations and under the control of indicted FBI informant Hector Xavier Monsegur, also known as “Sabu”.
Hammond is a 27 year old well-known political activist and is the founder of a computer security training website, known as “HackThisSite”, often criticized as encouraging nefarious hacking activities. With his historical background and public statements, it is hardly a surprise that he now stands accused as the mastermind of these acts. In fact, at the yearly DEF CON event back in 2004, Hammond delivered a talk on the topic of “Electronic Civil Disobedience”.
Some of the juicier lead comments describe electronic civil disobedience as: “A means of fighting of social justice by putting direct pressure on politicians and institutions” and it should be “legitimate act of online protest”. Hammond boasts an arrest record littered with disorderly conduct charges and property damage charges dating back to 2003 in public protests. Stratfor is not off the hook and should be quite embarassed as the disturbing disclosure of the fact that complete credit card information was stored at Stratfor is a violation of PCI compliance. Rules around this are strict and violations typically are revenue-impacting loss of credit-card processing and significant fines.