Your Source for Leaks Around the World!

List of 30 Countries FBI Informant Sabu Provided Jeremy Hammond to Hack

In Anonymous, Archive, FBI, Hacking, Jeremy Hammond, Sabu on October 2, 2014 at 2:37 AM

 

sabu-fbi-hammond

10/01/2014

Dell Cameron/DailyDot:

A cache of leaked IRC chat logs and other documents obtained by the Daily Dot reveals the 30 countries, including U.S. partners, tied to cyberattacks carried out under the direction of Hector Xavier Monsegur, better known as Sabu, who served as an FBI informant at the time of the attacks. The actual attacks were carried out by hacktivist Jeremy Hammond, who broke into countless international websites identified by Sabu, unaware that Monsegur was working as an FBI informant. Hammond was arrested in March 2012 and sentenced to 10 years last November. Monsegur walked free in May with a year of probation.

In Hammond’s sentencing statement, he revealed 12 of the countries targeted (13 including the Polish Embassy in the U.K.), but this is the first time the full list of targets has been made public.

Note: Text in bold indicates the names previously redacted in court documents. Click on the linked “BS” numbers to view the corresponding chat logs between Monsegur (“leondavidson“) and Hammond (“yohoho”), which were used by the Daily Dot to un-redact the names.

DISCOVERY TIMELINE PERTAINING TO HACKS OF FOREIGN WEBSITES:

Jan. 23, 2012:

•    Mr. Monsegur gives Mr. Hammond a list of Brazil targets with Plesk vulnerabilities and asks him to “hit these… for our brazilian squad.” (BS 104988 – 104989)

•    Hammond hacks one of these targets and shows Monsegur the site contains 287 domains and 1330 different email accounts. Monsegur says he will give these targets to Brazillian hacker “Hivitja” (actually Havittaja) to hack the sites. Monsegur tells Hammond to create a root backdoor (“just backdoor urls”) so the sites can be accessed again. Hammond also gives Monsegur passwords for some of the sites. (BS 104989 – 104990)

•    Monsegur identifies additional targets for Hammond. Hammond confirms that he successfully gained access to two of them. One of the servers contains 3520 domains, many of them in Netherlands and Belgium. Another contains 392 Brazil domains. (BS 104991 – 105013)

•    Hammond explains to Monsegur how to use root backdoors and where to find the emails and databases. (BS 105013 – 105014)

•    Monsegur says he is finding more targets (“finding new juicy targets”) and asks for root backdoor instructions again, which Hammond provides. (BS 105014)

•    Monsegur provides Hammond with targets in Slovenia. Hammond gains access to one that contains 62 domains and 96 email accounts. (BS 105028 – 105029)

•    Monsegur provides more international targets and says he is “looking for embassies [sic] and consulates” [sic]. Hammond provides access to two of them. (BS 105029 – 105030)

•    Monsegur asks Hammond to access a Brazil site, but he is unable to gain access. (BS 105041)

•    Monsegur gives Hammond more Brazil targets, including Globo, which he describes as a “big target.” Hammond provides passwords. (BS 105041 – 105042)

•    Monsegur provides more Brazil targets. Hammond gains access to one of them and provides the password, as requested. (BS 105044-105046)

•    Monsegur provides a long list of targets from many different international countries including United Kingdom, Australia, Papua New Guinea, Republic of Maldives, Philippines, Laos, Libya, Turkey, Sudan, India, Malaysia, South Africa, Yemen, Iraq, Saudi Arabia, Trinidad and Tobago, Lebanon, Kuwait, Albania, Bosnia and Herzegovina, and Argentina (BS 105061-105063)

•    Monsegur tells Hammond that he will give the Turkey government sites to a Turkish hacking group known as RedHack (“the .gov.tr’s will be handled Redhack famous Turkish hackers”) and tells Hammond that the sites he has given him are “high priority”—as if he were placing an order. (BS 105063)

•    Monsegur invites Hammond to the RedHack channel so Hammond can provide the Turkey sites (“accept invite”). Monsegur also provides more Turkish domains (BS 105065 – 105066)

•    Hammond tells Monsegur that one of the servers has mail for 22 Turkey government domains and another has mail for about 600 domains. (BS 105067)

•    Monsegur creates a chat room and invites Hammond and an alleged member of RedHack. They exchange information regarding thousands of Turkey sites. (BS 62889)

•    Hammond explains to the alleged Redhack member how to access the root backdoors of the Turkey sites. (BS 62889-62897)

Jan 26, 2012:

•    Monsegur follows up on foreign government targets he provided Hammond “last night.” Hammond sends back a list of the sites he did not gain access to, including government sites in Libya, Yemen, Sudan, Philippines, Iran, and United Kingdom. (BS 105077-105078)

•    Monsegur asks for the list again. Monsegur again asks for instructions on how to access root backdoors. Hammond gives Monsegur the information. (BS 105080-105081)

•    Monsegur provides more Iran targets to which he wants access. (Monsegur: “lend me an hour of your time to bang out these Iranian targets.”) Hammond gains access to one that hosts seven domains and 56 email accounts. (BS 105091)

•    Monsegur provides two targets in India. Hammond cannot gain access to either. (BS 105091 – 105092)

Feb 2, 2012:

•    Monsegur provides more targets, including a government site in United States and government sites in Nigeria, Republic of Maldives, Paraguay, Saint Lucia, and Puerto Rico. Mr Monsegur asks again for instructions on how to access root backdoors. (BS 67554)

•    Monsegur provides targets in Greece, United Kingdom, and Turkey. Hammond accesses one of the Greece sites that contains 135 domains and 287 email accounts. (BS 67559 – 67561)

Feb 15, 2012:

•    Monsegur provides targets in Slovenia. He tells Hammond that these sites are for “tony, the guy who hacked kingcope.” (BS 105191)

•    Monsegur tells Hammond he is “setting up a new box to serve as another for onion for us as a third backup” and says, “I want us to have redundant backups for all our shit.” (BS 105192-105193)

•    Hammond provides access to some of the Slovenian sites. He creates three backdoors and tells Monsegur that they contain hundreds of domains and emails. Hammond comments “hopefully were getting something out of all this.” Monsegur responds, “trust me…everything i do serves a purpose ;P” (BS 105195)

Related Links:

How FBI Informant Sabu Helped Anonymous Hack Brazil – Daniel Stuckey/Andrew Blake

FBI Informant Led Cyberattacks on Turkey’s Government – Dell Cameron

  1. […] List of 30 Countries FBI Informant Sabu Provided Jeremy Hammond to Hack […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: