Thursday, April 24, 2014

Yes, It Looks Like the US Government Coordinated the 2012 Anonymous China Hacks




On April 23, Mark Mazzetti reported in the New York Times that the FBI had used Hector Xavier Monsegur, a hacker it had in its clutches, to coordinate hacks in 2012 against Iran, Syria, Brazil, and Pakistan, and other targets.  The actual hacks were carried about by an associate of Monsegur, Jeremy Hammond, who was a dupe in that he did not know that Monsegur was turning over the information and access he gleaned to the US government.

Jeremy Hammond is serving a ten-year jail sentence for other hacks.  I’m not clear if Monsegur is currently incarcerated; last reference I saw was to the cancellation of a 2013 court date that was expected to give him a suspended sentence for a previous guilty plea.  In addition to running the foreign hacks for the US government, Monsegur also rolled up his own Lulzsec hacking network, which carried out s series of US hacks in a spectacular 50-day campaign, and his months if not years of cooperation with the US government may have netted him some favorable treatment.

Mazzetti’s article does not mention China; but I did!  Back in 2012!

Back on 2012 I wrote for Asia Times Online about “Hardcore Charlie”, who identified himself as an associate of Monsegur and the hacks he had inflicted on various Chinese government websites.

At the time, it seemed fishy to me that “Hardcore Charlie”—whose profanity-laced anti-imperialist Spanglish rants sounded a lot like Monsegur’s persona—had suddenly decided that the cause of liberty and lulz was best served by hacking into Chinese language websites like the Taoyuan Land Reclamation Bureau.

Concluding my piece, I wrote:


My speculation is that the campaign of cyber-attacks against Chinese targets was seeded by the US government, but has gathered its own momentum and is drawing in freelance foreign and some Chinese hackers searching for lulz - the hacker term for giggles or detached/callous amusement.

Lulzsec closed shop at the end of June 2011, when an asset in England was arrested. It appears that was not enough to elude the bloodhounds of the Federal Bureau of Investigation or forestall Monsegur's betrayal of his associates.

Pattern-oriented readers might consider whether the sudden eruption of Lulzsec resembles the cyber flashmob that is currently swarming Chinese sites.

Contrarian readers might find it interesting that the focus of hacking seems to have done a 180-degree turn away from American government, security and corporate targets to tormenting their Chinese equivalents (despite the limited lulz obtainable when hacking a site whose language one does not understand).

Curious readers might also wonder if information from Monsegur has helped the authorities get "Hardcore Charlie" in their sights and he is hacking into Chinese websites either at their behest to help get the Anonymous China ball rolling or is pre-emptively demonstrating his utility and eagerness to please.


Compare w/ Mr. Mazzetti’s account:


Over several weeks in early 2012, according to the chat logs, Mr. Monsegur gave Mr. Hammond new foreign sites to penetrate. During a Jan. 23 conversation, Mr. Monsegur told Mr. Hammond he was in search of “new juicy targets,” the chat logs show. Once the websites were penetrated, according to Mr. Hammond, emails and databases were extracted and uploaded to a computer server controlled by Mr. Monsegur.

The sentencing statement also said that Mr. Monsegur directed other hackers to give him extensive amounts of data from Syrian government websites, including banks and ministries of the government of President Bashar al-Assad. “The F.B.I. took advantage of hackers who wanted to help support the Syrian people against the Assad regime, who instead unwittingly provided the U.S. government access to Syrian systems,” the statement said.

The court documents also refer to Mr. Monsegur’s giving targets to a Brazilian hacker. The hacker, who uses the alias Havittaja, has posted online some of his chats with Mr. Monsegur in which he was asked to attack Brazilian government websites.

One expert said that the court documents in the Hammond case were striking because they offered the most evidence to date that the F.B.I. might have been using hackers to feed information to other American intelligence agencies. “It’s not only hypocritical but troubling if indeed the F.B.I. is loaning its sting operations out to other three-letter agencies,” said Gabriella Coleman, a professor at McGill University and author of a forthcoming book about Anonymous.


It certainly looks like the China operation was cut from the same cloth.  The interesting question is if Monsegur eschewed a cutout and ran the China operation himself as “Hardcore Charlie”.

In the era of Snowden, it is difficult to remember, but in 2012 the United States was pre-emptively (and, in light of the already revealed Stuxnet attack on Iran's nuclear facility at Natanz, quite hypocritically) claiming the moral and legal high ground against Chinese hacking.  In fact, Chinese cyber misbehavior was teed up as the next existential threat to the world order.

Revelation of any US government involvement in Hardcore Charlie's antics would be somewhat embarrassing for the Obama administration, since they involved website defacement, disabling, and public compromise of administrator account information, in other words "cyberwarfare" and not just covert information gathering.  The additional fact that the United States outsourced its cyberattack to a known criminal, who in turn may have established an independent network of hackers beyond US control, is not likely to be regarded as an extenuating circumstance.

In this context, a decision to unleash a wild hacking campaign against Chinese websites would look like a piece of questionable judgment.

No comments: