On my podcast this week I talk to Gabriella Coleman, a McGill University anthropologist who is an expert on Anonymous. We talk about the origins of the movement, about its LulzSec offshoot, and the recent arrests. It’s a fascinating topic and I hope you’ll take a listen. There’s one thing about the investigation, that I find especially fascinating: that the Stratfor breach and the transfer of its emails to Wikileaks happened as the FBI watched.
The timeline of events as I understand it from news reports and court documents is this:
Hector Xavier Monsegur, a.k.a. Sabu, was arrested on June 7, 2011, and plead guilty to computer crimes on August 15, 2011.
Jeremy Hammond, a.k.a. Anarchaos, told Monsegur (and by extension the FBI) about his plans to target Stratfor as early as December 6. By December 14, Hammond had successfully rooted Stratfor. Around December 19, at the direction of the FBI, Monsegur offered Hammond a server on which to store the pilfered Startfor emails, which he accepted.
On December 24, the group made the hack public by defacing the Stratfor website. “By January 11,” according to Ars Technica, “the group working with Hammond had started to unpack the contents of the Stratfor servers onto the server provided by Monesgur—providing a treasure trove of evidence for the FBI.”
They did not, however, release the emails publicly as they’d previously done when they’d breached law enforcement servers. Instead, the emails would not begin to be released until February 27 when Wikileaks announced it had acquired them and would be their exclusive distributor. How the emails got from Hammond to Wikileaks remains a mystery.
The FBI began physical surveillance of Hammond on February 29, 2012 and he was arrested on March 6.
First interesting question: Did the FBI warn Stratfor about the impending attack? Or were they allowed to be a sacrificial lamb? There are sketchy and conflicting reports on this.
The New York Times cites an anonymous FBI sources saying that “they learned of the Stratfor breach on Dec. 6, after hackers had already infiltrated the company’s network and were knee-deep in Stratfor’s confidential files. … The F.B.I. said that it immediately notified Stratfor, but said that at that point it was too late.” This seems to be at odds with the complaint filed against Hammond, which states that on December 6 he was merely attacking the Stratfor server and had not yet gotten full access.
Then we have this from Security News Daily:
An FBI official briefed on the matter told SecurityNewsDaily Thursday (March 8 ) that Stratfor was indeed tipped off about the impending attack.
"We told them it was going to happen, but they kept us at arm’s length and said they could handle it themselves," the official, who declined to be named, told SecurityNewsDaily. "Then when it did happen, they came running back to us."
So did the FBI warn Stratfor before or after the hack? As far as I can tell, no one else has reported on this.
The other interesting question is what the FBI knew about the connection to Wikileaks and when did it know it. At some point between December 6 and February 27, the small group that hacked Stratfor had to discuss giving the emails to Wikileaks, and one would imagine that Monsegur would have been included in that conversation. How did the idea emerge? Who first suggested it? Did they approach Wikileaks or did Wikileaks approach them?
The chat transcripts released in court documents contain no mention of Wikileaks, and there’s no reason they should. Prosecutors would only have included evidence to support the charges at hand. But, how much did the FBI know of the hand-off to Wikileaks, and could it have prevented it?
Some are suggesting that the entire LulzSec/Antisec investigation is actually a carefully orchestrated operation meant to nab Julian Assange. I have a hard time believing federal investigators were playing that long of a game. Yet it’s very likely the FBI has evidence of the transfer of emails to Wikileaks. What, if anything, will it do with that information?