FBI May Have Known in Advance of Stratfor Hack
This story was updated at 8:30 a.m. ET March 8 with clarification from the FBI. The updated material is at the end of the story.
Did the FBI know in advance of the Stratfor hack, but let it happen in order to gather evidence?
Soon after the news broke yesterday (March 6) about the arrest and cooperation of turncoat Anonymous and Lulzsec hacker Hector Xavier Monsegur, known online as "Sabu," the Justice Department released chatroom transcripts that imply the FBI knew in advance of the devastating attack in December upon the Austin, Texas geopolitical analysis firm Strategic Forecasting, Inc.
Approximately 860,000 email addresses and accompanying encrypted passwords, 68,000 credit-card numbers and 50,000 telephone numbers belonging to subscribers of Stratfor's email newsletter were posted online within a few days of the attack.
As part of the indictment against Jeremy Hammond, 27, of Chicago, aka "sup_g" and "Anarchaos," the Justice Department included transcripts of chatroom exhanges involving Hammond and several others, one of whom appears to be Monsegur.
The indictment alleges that Hammond, a leftist activist well known in Chicago, spearheaded the attack upon Stratfor as a member of the Anonymous spinoff group "Antisec." Anonymous tweets and postings at the time of the hack showed that the instigators believed Stratfor to be a private intelligence service with links to the CIA.
The first chat, dated Dec. 6, 2011, is between sup_g and an individual identified in the indictment as "CW-1," presumably Monsegur. ("CW" is sometimes used by the FBI to designate a cooperating witness.)
"Working on this new target," sup_g writes. "Basically this site [identified as www.stratfor.com] is a paid membership where they gain access to articles. It stores billing info as well -- [credit] cards. It's enrypted though. I think I can reverse it though but the encryption keys are store on their server (which we can use MySQL to read). When I get the key I can write a script [to] export the data en mass."
The indictment does not state whether the FBI watched this chat in real time. But since Monsegur was a cooperating witness with his computer being continually monitored, it would be difficult to argue otherwise.
Later chats transcribed in the indictment involved Hammond and several unnamed co-conspirators, in which Hammond detailed breaking into Stratfor.
"We in business baby," Hammond allegedly wrote Dec. 14. "Time to feast upon their spools [email databases]."
"Stratfor?" asks an unnamed co-conspirator.
"Oh yes," Hammond allegedly replies. "After y'all left yesterday I spent another eight hours and rooted [got administrative access to] that mofo."
On Dec. 19, Hammond allegedly discussed renting server space using credit-card numbers stolen from Stratfor.
"I was thinking we order some servers with them stolen ccs," Hammond allegedly wrote to a different unnamed co-conspirator. "Lots of servers with big hard drives and make four or five mirror .onions [hidden websites] with them."
The Stratfor hack came to light Dec. 24, with an announcement on an Anonymous Twitter feed and an accompanying Pastebin posting.
While it's not explicitly clear that the FBI knew Stratfor was going to be hacked, the indictment says that at some point before Dec. 26, the FBI and Monsegur set up a server for Hammond and his co-conspirators to use to store data taken from Stratfor.
On Dec. 26, Monsegur and Hammond allegedly joked about how the Stratfor hack would land Monsegur in jail.
"You [expletives] are going to get me rai[d]ed," Monsegur writes.
"We put out 30k [30,000] cards, the it.stratfor.com dump, and another statement," Hammond allegedly replied. "Dude it's big."
"If I get raided Anarchaos your job is to cause havok in my honor," said Monsegur, deliberately addressing Hammond by another alias not previously used in their exchanges.
"It shall be so," replies Hammond, not denying his other alias.
Stratfor and the FBI reply
In an email to SecurityNewsDaily, a Stratfor spokesman passed along the company's official statement on the matter.
"Stratfor applauds the hard work of the law enforcement organizations involved in the investigation," it read. "As the matter now moves through the judicial system, we will stay focused on working to recover from the episode."
UPDATE: An FBI official briefed on the matter told SecurityNewsDaily Thursday (March 8) that Stratfor was indeed tipped off about the impending attack.
"We told them it was going to happen, but they kept us at arm's length and said they could handle it themselves," the official, who declined to be named, told SecurityNewsDaily. "Then when it did happen, they came running back to us."
Other news reports have stated that since Monsegur began cooperating with authorities, the FBI had warned hundreds of organizations that they were about to be targets of Anonymous-led attacks. The FBI official who spoke to SecurityNewsDaily agreed with those figures.