On the day he learned he was to spend 10 years in federal prison for his involvement in an Anonymous hack, 28-year-old Jeremy Hammond read a statement to the Manhattan court. As well as framing his hacktivism as a public service, aimed at revealing the shadier operations of corporate intelligence firms, Hammond told the court that the FBI had played a significant role in cyberattacks in which he had participated, using infamous Anonymous snitch Sabu to provide information to hackers.
Hammond specifically noted that the FBI informant had provided him with information on vulnerabilities within the official websites of various governments around the world, including Brazil, Syria, Iran and Turkey. (The names of the nations were redacted from the court statement, but soon emerged online.)
Hammond stated: "I broke into numerous sites and handed over passwords and back doors that enabled Sabu -- and by extension his FBI handlers -- to control these targets ... The government celebrates my conviction and imprisonment, hoping that it will close the door on the full story. I took responsibility for my actions, by pleading guilty, but when will the government be made to answer for its crimes?”
The hackivist's contention here is that the U.S. government used hackers to garner information on, and cyber-advantage over, foreign governments. The hackers were then condemned as criminal, having unwittingly performed services for the U.S. government through illegal hacks. Whether or not the targets provided by Sabu were actually of interest to U.S. national intelligence, or whether they were simply valueless sting bate for hackers is unclear. What is evident, however, is that without government assistance, a number of illegal hacks would not have been carried out as they were. The decades-old question thus arises of when a government sting crosses the boundary into entrapment. In the years since 9/11, little more than a faint line in the sand seems to distinguish (legal) stings and (illegal) entrapment operations by the FBI.
The criterion purportedly dividing sting and entrapment operations is weak. An operation counts as a sting (as opposed to entrapment) if it can be shown that a suspect would have carried out the crime, given the chance. It's a perverse logic of hypotheticals when the government provides all the conditions for a crime to take place (e.g., providing talented hackers with government targets) -- conditions that would not have been in place otherwise. A number of recent FBI cases relating to political activism have reeked of entrapment, but have been framed as stings. Recall, for example, the group of young Cleveland anarchists, strung along by an FBI agent into agreeing on a plan to blow up a bridge. The young men were, at every turn, prompted and offered materials by an FBI informant. "The alleged terrorist masterminds end up seeming, when the full story comes out, unable to terrorize their way out of a paper bag without law enforcement tutelage,” noted Rick Perlstein on the case in Rolling Stone last year.
Hammond's case is different. The 28-year-old is a smart, articulate and experienced activist and hacker. As his guilty plea made clear, he knew what he was doing and he acted in what he felt was the public interest, to expose and hold accountable the private intelligence industry. However, Hammond also engaged in wholly government-prompted hacks and is now being ferociously punished. If it can be shown that the U.S. government used information gathered by hackers on Sabu's tips, crucial questions arise about why the hackers and not the government agencies that used their skills are being persecuted. If, however, Sabu's information about foreign government sites' vulnerabilities were no more than a lure, questions of entrapment should be raised. Either way, as Hammond begins his lengthy federal prison sentence for a nonviolent crime, through which he received no personal enrichment, the FBI's role in catching the hacktivist deserves greater scrutiny.