On 7 March, a US federal judge granted the government’s motion to dismiss the majority of its criminal case against journalist Barrett Brown. The 11 dropped charges, out of 17 in total, include those related to Brown’s posting of a hyperlink that led to online files containing credit card information hacked from the private US intelligence firm Stratfor.
Brown, a 32-year old writer who has had links to sources in the hacker collective Anonymous, has been in pre-trial detention since his arrest in September 2012 – weeks before he was ever charged with a crime. Prior to the government’s most recent motion, he faced a potential sentence of over a century behind bars.
The dismissed charges have rankled journalists and free-speech advocates since Brown’s case began making headlines last year. The First Amendment issues were apparent: are journalists complicit in a crime when sharing illegally obtained information in the course of their professional duties?
“The charges against [him] for linking were flawed from the very beginning,” says Kevin M Gallagher, the administrator of Brown’s legal defense fund. “This is a massive victory for press freedom.”
At issue was a hyperlink that Brown copied from one internet relay chat (IRC) to another. Brown pioneered ProjectPM, a crowd-sourced wiki that analysed hacked emails from cybersecurity firm HBGary and its government-contracting subsidiary HBGary Federal. When Anonymous hackers breached the servers of Stratfor in December 2011 and stole reams of information, Brown sought to incorporate their bounty into ProjectPM. He posted a hyperlink to the Anonymous cache in an IRC used by ProjectPM researchers. Included within the linked archive was billing data for a number of Statfor customers. For that action, he was charged with 10 counts of “aggravated identity theft” and one count of “traffic[king] in stolen authentication features”.
On 4 March, a day before the government’s request, Brown’s defence team filed its own 48-page motion to dismiss the same set of charges. They contended that the indictment failed to properly allege how Brown trafficked in authentication features when all he ostensibly trafficked in was a publicly available hyperlink to a publicly available file. Since the hyperlink itself didn’t contain card verification values (CVVs), Brown’s lawyers asserted that it did not constitute a transfer, as mandated by the statute under which he was charged. Additionally, they argued that the hyperlink’s publication was protected free speech activity under the First Amendment, and that the application of the relevant criminal statutes was “unconstitutionally vague” and created a chilling effect on free speech.
Whether the prosecution was responding to the arguments of Brown’s defense team or making a public relations choice remains unclear. The hyperlink charges have provoked a wave of critical coverage from the likes of Reporters Without Borders, Rolling Stone, the Committee to Protect Journalists, the New York Times, and former Guardian columnist Glenn Greenwald.
Those charges were laid out in the second of three separate indictments against Brown. The first indictment alleges that Brown threatened to publicly release the personal information of an FBI agent in a YouTube video he posted in late 2012. The third claims that Brown obstructed justice by attempting to hide laptops during an FBI raid on his home in March of that year. Though he remains accused of access device fraud under the second indictment, his maximum prison sentence has been slashed from 105 years to 70 in light of the dismissed charges.
While the remaining allegations are superficially unrelated to Brown’s journalistic work, serious questions about the integrity of the prosecution persist. As indicated by the timeline of events, Brown was targeted long before he allegedly committed the crimes in question.
On 6 March 2012, the FBI conducted a series of raids across the US in search of material related to several criminal hacks conducted by Anonymous members. Brown’s apartment was targeted, but he had taken shelter at his mother’s house the night prior. FBI agents made their way to her home in search of Brown and his laptops, which she had placed in a kitchen cabinet. Brown claims that his alleged threats against a federal officer – as laid out in the first indictment, issued several months later in September – stem from personal frustration over continued FBI harassment of his mother following the raid. On 9 November 2013, Brown’s mother was sentenced to six months probation after pleading guilty to obstruction of justice for helping him hide the laptops – the same charges levelled at Brown in the third indictment.
As listed in the search warrant for the initial raid, three of the nine records to be seized related to military and intelligence contractors that ProjectPM was investigating – one of which was never the victim of a hack. Another concerned ProjectPM itself. The government has never formally asserted that Brown participated in any hacks, raising the question of whether a confidential informant was central to providing the evidence used against him for the search warrant.
“This FBI probe was all about his investigative journalism, and his sources, from the very beginning,” Gallagher says. “This cannot be in doubt.”
In related court filings, the government denies ever using information from an informant when applying for search or arrest warrants for Brown.
But on the day of the raids, the Justice Department announced that six people had been charged in connection to the crimes listed in Brown’s search warrant. One, Hector Xavier Monsegur (aka “Sabu”), had been arrested in June 2011 and subsequently pleaded guilty in exchange for cooperation with the government. According to the indictment, Sabu proved crucial to the FBI’s investigation of Anonymous.
In a speech delivered at Fordham University on 8 August 2013, FBI Director Robert Mueller gave the first official commentary on Sabu’s assistance to the bureau. “[Sabu’s] cooperation helped us to build cases that led to the arrest of six other hackers linked to groups such as Anonymous,” he stated. Presuming that the director’s remarks were accurate, was Brown the mislabeled “other hacker” caught with the help of Sabu?
Several people have implicated Sabu in attempts at entrapment during his time as an FBI informant. Under the direction of the FBI, the government has conceded that he had foreknowledge of the Stratfor hack and instructed his Anonymous colleagues to upload the pilfered data to an FBI server. Sabu then attempted to sell the information to WikiLeaks – whose editor-in-chief, Julian Assange, remains holed up in the Ecuadorian embassy in London after refusing extradition to Sweden for questioning in a sexual assault case. Assange claims he is doing so because he fears being transferred to American custody in relation to a sealed grand jury investigation of WikiLeaks that remains ongoing. Though Sabu’s offer was rebuffed, any evidence linking Assange to criminal hacks on US soil would have greatly strengthened the case for extradition. It was only then that the Stratfor data was made public on the internet.
During his sentencing hearing on 15 November 2013, convicted Stratfor hacker Jeremy Hammond stated that Sabu instigated and oversaw the majority of Anonymous hacks with which Hammond was affiliated, including Stratfor: “On 4 December, 2011, Sabu was approached by another hacker who had already broken into Stratfor’s credit card database. Sabu…then brought the hack to Antisec [an Anonymous subgroup] by inviting this hacker to our private chatroom, where he supplied download links to the full credit card database as well as the initial vulnerability access point to Stratfor’s systems.”
Hammond also asserted that, under the direction of Sabu, he was told to hack into thousands of domains belonging to foreign governments. The court redacted this portion of his statement, though copies of a nearly identical one written by Hammond months earlier surfaced online, naming the targets: “These intrusions took place in January/February of 2012 and affected over 2000 domains, including numerous foreign government websites in Brazil, Turkey, Syria, Puerto Rico, Colombia, Nigeria, Iran, Slovenia, Greece, Pakistan, and others. A few of the compromised websites that I recollect include the official website of the Governor of Puerto Rico, the Internal Affairs Division of the Military Police of Brazil, the Official Website of the Crown Prince of Kuwait, the Tax Department of Turkey, the Iranian Academic Center for Education and Cultural Research, the Polish Embassy in the UK, and the Ministry of Electricity of Iraq. Sabu also infiltrated a group of hackers that had access to hundreds of Syrian systems including government institutions, banks, and ISPs.”
Nadim Kobeissi, a developer of the secure communication software Cryptocat, has levelled similar entrapment charges against Sabu. “[He] repeatedly encouraged me to work with him,” Kobeissi wrote on Twitter following news of Sabu’s cooperation with the FBI. “Please be careful of anyone ever suggesting illegal activity.”
While Brown has never claimed that Sabu instructed him to break the law, the presence of “persons known and unknown to the Grand Jury,” and whatever information they may have provided, continue to loom over the case. Sabu’s sentencing has been delayed without explanation a handful of times, raising suspicions that his work as an informant continues in ongoing federal investigations or prosecutions. The affidavit containing the evidence for the March 2012 raid on Brown’s home remains under seal.
In comments to the media immediately following the raid, Brown seemed unfazed by the accusation that he was involved with criminal activity. “I haven’t been charged with anything at this point,” he said at the time. “I suspect that the FBI is working off of incorrect information.”