Just before 6 AM on March 17 Pong Khumdee awoke to persistent knocking at the front door of her Pilsen loft. When she opened the door she saw nine FBI agents, “white guys in jeans and bulletproof vests,” who handed her a search warrant and fanned out through the apartment. They were looking for evidence that her boyfriend, Jeremy Hammond, a 20-year-old self-described “hacktivist,” had hacked into a conservative Web site called ProtestWarrior and stolen credit-card numbers, intending to use them to charge donations to liberal and radical groups such as the ACLU and the Communist Party USA.
An FBI spokesperson says the bureau won’t comment on an ongoing investigation, and, at the request of his lawyer, Hammond has stopped talking about the case. A Web site he and his friends set up, FreeJeremy.com, calls the FBI allegations “ridiculous,” though it never explicitly denies that he hacked ProtestWarrior, stating only that “Jeremy has done no damage to any system and has not charged anything to any credit card numbers.”
Best of Chicago voting is live now. Vote for your favorites »
HackThisSite stresses on its front page that it’s set up for “free, safe, and legal” hacking. Among hackers there’s a Spy vs. Spy distinction between “white hat” hackers, who, as Hammond puts it, “find a vulnerability, report it to the vendors, and get a job in IT security,” and “black hat” hackers, who don’t report their intrusions but deface and vandalize Web sites, take personal information, or cause other mischief. Hammond says he’s neither; he identifies with hacktivists, people who use black hat tactics but want to further a political agenda rather than turn a profit, promote themselves, or show off. “We think we are literally under attack by either right-wing groups, law enforcement, or oppressive governments,” he says. “We believe that we need to take direct action to defend the Internet against the forces who are standing in the way of making the Internet free and making our society free.” For example, he says, in 2004 someone defaced the D.A.R.E. home page, putting up arguments favoring the legalization of drugs as well as links to organizations such as the National Organization for the Reform of Marijuana Laws. The hack was apparently a tribute to an 18-year-old hacker nicknamed “Coolio,” who’d pulled off a similar stunt in 2001 and subsequently served three months in federal prison.
In the spring of 2004, during his freshman year at the University of Illinois at Chicago, Hammond hacked the computer-science department’s Web site, identifying a vulnerability in its security system and installing a back door that would allow him unfettered access. “At that point,” he says, “I was still dancing with the prospect of being a white hat hacker. I had found this vulnerability, and I had notified them. ‘Here’s how it’s vulnerable, here’s how you go about fixing it, here’s where I put the back door. You guys can talk with me, and maybe I can work with the webmaster.’ They didn’t take too kindly to that at all. In fact I was called before the department chair. He said they almost went to the FBI. I’m pretty sure the guy who developed the Web site, one of the professors there, took it personally. This was a slap in the face. Some punk kid was able to get into the site. So they disciplined me instead of hiring me.” Peter Nelson, who supervises the undergraduate computer-science program at UIC, wouldn’t confirm Hammond’s account, citing privacy concerns.
In the days leading up to the convention self-described “hacker anarchists” kept trying to deface and shut down Republican and conservative Web sites. Hammond won’t say whether he was among them, though he does say he “had affiliations with different circles, which did some things.” The hacker anarchists’ most dramatic action was hacking ProtestWarrior and posting the names and e-mail addresses of its members, along with the passwords and phone numbers of the site’s administrators, on Indymedia. Indymedia is a loose collective of sites, administered by volunteers, that use open publishing software and post articles and commentary from “community journalists,” mostly leftists, radicals, and anarchists. The hacker anarchists posted the message they’d left on the ProtestWarrior site on nyc.indymedia.org. “ProtestWarriors are fighting against the democratic process while claiming to uphold the ‘core values of this country,’” it stated. “It is unpatriotic to blindly accept and obey the dogma of the ruling classes, and to lash out at peace activists who are trying to build a better world is intolerable. We’re shutting you down.”
In February Alfia started “noticing some really strange activity” on the site’s chat server: a user named Weareeverywhere kept logging on to ports on the server he shouldn’t have had access to. Alfia also discovered a file that had been uploaded to the server that displayed the message “Hacker anarchists are everywhere!” above a command prompt where a user could put executable code. “That’s when all the alarm bells went off,” he says.
In April Clorox and some fellow G00ns exploited a security vulnerability in the Indymedia publishing software, one that, ironically, Hammond had found a month earlier when conducting a security audit for the Chicago site. He’d notified Indymedia administrators, warning them not to make the vulnerability public until all the sites had an opportunity to fix it. Chicago’s administrators patched the hole immediately. But then someone posted the vulnerability on a publicly accessible bulletin board for Indymedia administrators, and Clorox found it. Within two days he reportedly took down more than 16 Indymedia sites, in some cases erasing their archives and displaying messages on their home pages that said things like “Our soldiers are dying over sees to give men, women, and children a taste of freedom and you call them imperialists. You are nothing but pigs.” In retaliation Indymedia users posted what they’d deduced was Clorox’s identity and college, along with the phone number of the head of the school’s computer-science department. According to an article in the Boulder Weekly, a few days later he was called into the dean’s office and suspended. The FBI also paid him a visit, and apparently he too is now laying low. (He didn’t respond to the e-mails I sent.)
