Just before 6 AM on March 17 Pong Khumdee awoke to persistent knocking at the front door of her Pilsen loft. When she opened the door she saw nine FBI agents, "white guys in jeans and bulletproof vests," who handed her a search warrant and fanned out through the apartment. They were looking for evidence that her boyfriend, Jeremy Hammond, a 20-year-old self-described "hacktivist," had hacked into a conservative Web site called ProtestWarrior and stolen credit-card numbers, intending to use them to charge donations to liberal and radical groups such as the ACLU and the Communist Party USA.
In the next three hours the agents methodically went through every room in the house, confiscating three computers--belonging to Hammond, Khumdee, and their roommate, Chris Shay--an external hard drive, an Xbox, even the digital memory from Khumdee's camera. Looking for passwords, they sifted through the trash and leafed through address books, scraps of paper, and notebooks. They flipped through Khumdee's sketchbook, complimented her on her drawings, and read her journal. They poked fun at some of the radical literature they found around the house and cracked up when they found a Bill O'Reilly book, a gift from Hammond's mother. After reading a lefty diatribe in Shay's diary one agent told him, "If you watch Fox News you don't think about this kind of thing."
"It was really surreal," says Shay. "I made some tea to calm myself down, because I was really freaking out. And the whole while our two cats are madly fornicating all over the house, like, Meow! Meow! The agents took pictures of the cats humping. I think they thought it was funny."
The two lead agents drove over to Hammond's father's house in suburban Glendale Heights, where Hammond was in the shower. He heard his father yell, "Jeremy, it's the FBI!" The agents were waiting when he emerged from the bathroom. "They were like, 'OK, Jeremy, you're fucked,'" he says. "'We know all about ProtestWarrior. We know all about the credit-card numbers.' And they tried to persuade me that it was in my best interests to tell them about other people." He says he was scared and felt pressured to give them information, but instead he told them he wanted to talk to a lawyer. Ten minutes later they left. "For the next day or two," he says, "I wasn't doing anything, wondering what the hell I should do."
An FBI spokesperson says the bureau won't comment on an ongoing investigation, and, at the request of his lawyer, Hammond has stopped talking about the case. A Web site he and his friends set up, FreeJeremy.com, calls the FBI allegations "ridiculous," though it never explicitly denies that he hacked ProtestWarrior, stating only that "Jeremy has done no damage to any system and has not charged anything to any credit card numbers."
Hammond does say federal agents have told him an indictment is imminent. "I'm fucking scared shitless," he says. "They're saying 30 years in jail. They're threatening to just ruin my life, essentially."
Whether or not Hammond had anything to do with cracking ProtestWarrior, he's clearly a good hacker. At nine he was already programming video games in Qbasic, and by high school he was obsessively reading hacker Web sites. In 2003, the summer after he graduated from Glenbard East High School, he started HackThisSite.org, an online training camp that offers aspiring hackers challenges of varying difficulty that are executed on the site, which has been programmed with many of the common security holes found on the Web. In its first two years the site got 2.5 million hits and acquired 110,000 members and a volunteer staff of 34.
HackThisSite stresses on its front page that it's set up for "free, safe, and legal" hacking. Among hackers there's a Spy vs. Spy distinction between "white hat" hackers, who, as Hammond puts it, "find a vulnerability, report it to the vendors, and get a job in IT security," and "black hat" hackers, who don't report their intrusions but deface and vandalize Web sites, take personal information, or cause other mischief. Hammond says he's neither; he identifies with hacktivists, people who use black hat tactics but want to further a political agenda rather than turn a profit, promote themselves, or show off. "We think we are literally under attack by either right-wing groups, law enforcement, or oppressive governments," he says. "We believe that we need to take direct action to defend the Internet against the forces who are standing in the way of making the Internet free and making our society free." For example, he says, in 2004 someone defaced the D.A.R.E. home page, putting up arguments favoring the legalization of drugs as well as links to organizations such as the National Organization for the Reform of Marijuana Laws. The hack was apparently a tribute to an 18-year-old hacker nicknamed "Coolio," who'd pulled off a similar stunt in 2001 and subsequently served three months in federal prison.
Hammond admits that earlier this year he hacked the Web site of the Chicago chapter of the hacker group 2600 to bypass a limit someone had put on his ability to e-mail their listserv. Hammond says most members of 2600 weren't upset about the hack, but some didn't appreciate the tables being turned on them. One irate member posted a comment on several Web sites calling Hammond a "dim bulb" and a "petulant, willful child" and wishing him "copious butt sex . . . on the receiving end."
In the spring of 2004, during his freshman year at the University of Illinois at Chicago, Hammond hacked the computer-science department's Web site, identifying a vulnerability in its security system and installing a back door that would allow him unfettered access. "At that point," he says, "I was still dancing with the prospect of being a white hat hacker. I had found this vulnerability, and I had notified them. 'Here's how it's vulnerable, here's how you go about fixing it, here's where I put the back door. You guys can talk with me, and maybe I can work with the webmaster.' They didn't take too kindly to that at all. In fact I was called before the department chair. He said they almost went to the FBI. I'm pretty sure the guy who developed the Web site, one of the professors there, took it personally. This was a slap in the face. Some punk kid was able to get into the site. So they disciplined me instead of hiring me." Peter Nelson, who supervises the undergraduate computer-science program at UIC, wouldn't confirm Hammond's account, citing privacy concerns.
Hammond says his political awakening--or what he calls, with a hint of self-mockery, his "personal liberation"--came in high school. After 9/11 he and his twin brother began reading left-wing Web sites and books like the anticapitalist manifesto The Revolution of Everyday Life and Abbie Hoffman's Steal This Book. They also started a zine. In his senior year Hammond "launched war," cofounding the Student Liberation Collective, which distributed radical and anarchist literature, some of which he wrote, and organized teach-ins to oppose the invasion of Iraq. Yet he still went through the proper channels. "We had a school sponsor," he says. "It was officially sanctioned and everything." On the first day of the war the collective organized a student walkout: 100 students marched through downtown Lombard before making their way to the protests in the Loop. Hammond was quoted in a Daily Herald story saying, "I don't want to be sitting locked in my cage while innocent people who haven't done anything are getting killed."
In the fall of 2003 Hammond started a group called Free Society to protest the war and to demand an end to tuition increases at UIC. The group posted flyers around campus with the photos and salaries of some of the university's administrators, and Hammond was arrested for the first time, for spray painting BRING THE WAR TO UIC on a campus wall. The next spring he was arrested for possession of a bag of weed, which he calls "a stupid arrest that I'm not really proud of." He thinks all this worked against him when he went into the disciplinary hearing for hacking the computer-science department. He says that a few weeks after the hearing he got a letter from administrators telling him he wouldn't be welcome at UIC in the fall.
That summer Hammond was arrested again, after clashing with antigay hecklers at the Pride Parade. He also attended the Defcon conference in Las Vegas, the nation's biggest hacker gathering. Most attendees are white hat hackers who work for banks, the government, and Internet security firms. Hammond gave a speech urging people to use "electronic civil disobedience" to disrupt the Republican National Convention "by any means necessary." Federal agents who were there asked for a tape of the speech, and the conference organizers told Hammond he was being watched. Khumdee, who has since broken up with Hammond, was dismayed that he'd made the speech and that he was now on the feds' radar. "It was really bad," she says. "It also was a bragging note--'Oh, these men in suits are interested in what I do. I have mad skills.'"
In August, as Hammond was organizing buses to take activists to New York to protest at the Republican convention, two FBI agents came looking for him at his father's house--the same two who would later show up when he was in the shower. Hammond wasn't there, so they went to the Mac repair shop in Villa Park where he works, and finally called Khumdee's cell. Hammond arranged to meet them at a coffee shop. "Obviously they were knowledgeable about both my hacking stuff as well as my activism stuff," he says. "They wanted to know what groups I worked with, whether I knew of any actions planned. They even went as far as asking me if I was going to bomb anything--do you plan on bombing anything or causing any violence or assassinating the president? Stuff like that. I was like, 'I'm just some college activist.' I mean, I'm pretty well-balanced in my head and stuff." At the convention he would be arrested a fourth time, during a drum-banging protest--an arrest he calls "my best prison experience."
In the days leading up to the convention self-described "hacker anarchists" kept trying to deface and shut down Republican and conservative Web sites. Hammond won't say whether he was among them, though he does say he "had affiliations with different circles, which did some things." The hacker anarchists' most dramatic action was hacking ProtestWarrior and posting the names and e-mail addresses of its members, along with the passwords and phone numbers of the site's administrators, on Indymedia. Indymedia is a loose collective of sites, administered by volunteers, that use open publishing software and post articles and commentary from "community journalists," mostly leftists, radicals, and anarchists. The hacker anarchists posted the message they'd left on the ProtestWarrior site on nyc.indymedia.org. "ProtestWarriors are fighting against the democratic process while claiming to uphold the 'core values of this country,'" it stated. "It is unpatriotic to blindly accept and obey the dogma of the ruling classes, and to lash out at peace activists who are trying to build a better world is intolerable. We're shutting you down."
The ProtestWarriors didn't blame the Indymedia administrators for the hack, but they were angry that the administrators hadn't removed the names and e-mail addresses. A ProtestWarrior who went by Elac and later Clorox responded by launching an electronic attack that took down the New York Indymedia Web site. In an online interview with a conservative blogger Clorox said, "Their Web site will be down a long time. I will keep it down as long as I can, and it will remain down during the RNC."
In August Clorox started his own hacktivist Web site, rightwingextremist.net, and joined a group of black hat hackers called the G00ns, who until then had directed their version of online mayhem at nonpolitical targets. Their reasons, they say on their Web site, are "because it's fun, because we can, because we want to, because we fucking hate you." A battle between left and right hackers was now officially on.
The logo for ProtestWarrior is a scowling, bare-chested, muscular white guy wielding a massive broadsword in one hand and a sign with the group's name in the other. Founded in San Francisco in 2003 by two recent college grads and now headquartered in Austin, Texas, the group organizes conservatives to show up at liberal and radical protests with signs that say things like "Except for Slavery, Nazism, Fascism, and Communism, War Never Solved Anything." The group, which is fond of pranks and maintains a snarky tone, has been a big hit among young right-wingers--it now has 12,000 members and chapters in all 50 states. "Our slogans are what have really been the driving force of our Web site," says cofounder Kfir Alfia. "They use a lot of sarcasm, and they're quite witty."
Alfia says he and other ProtestWarrior administrators had nothing to do with hacking Indymedia. He admits that Clorox was responsible for shutting down Indymedia last August but says he kicked him off the site when he found out. "That's not what we are all about--we're about taking it to them ideologically," he says. "But I can't control every member."
In February Alfia started "noticing some really strange activity" on the site's chat server: a user named Weareeverywhere kept logging on to ports on the server he shouldn't have had access to. Alfia also discovered a file that had been uploaded to the server that displayed the message "Hacker anarchists are everywhere!" above a command prompt where a user could put executable code. "That's when all the alarm bells went off," he says.
Soon after this Alfia started an online chat with a suspiciously named user. He says the user turned out to be a disaffected member of a group that was hacking ProtestWarrior: "He was not necessarily happy with the direction the hack was going." According to Alfia, over the next several weeks the disaffected hacker informed on his coconspirators, naming Hammond, among others, and saying they'd gained access to the database storing the credit-card numbers of people who'd bought ProtestWarrior merchandise. The informant also said members of the group were planning to go to an Internet cafe and execute a script that would bill all the credit cards for donations to liberal organizations, then send out press releases to Indymedia and other hacker sites from the "Internet Liberation Front" claiming responsibility.
"I asked for proof and said, 'Could you send me some snippets of credit-card information?'" Alfia says. "It all checked out. That's when I knew it was breached." Instead of shutting the server down Alfia called the credit-card companies and notified the FBI. Agents asked him to send all the evidence he'd gathered, and a short while later they raided Hammond's apartment.
A few weeks after his apartment was searched Hammond and his lawyer went to talk to the agents, who said they had chat logs and informants who would finger him. They urged him to cooperate and turn over other hackers, but he refused. "They say that whoever hacked the Web site bounced through, like, five or six proxies all over the world," he says, "so they probably don't have much electronic evidence." Alfia seems confident that Hammond will be indicted, but Chris Shay, who's been questioned a few times by the agents investigating the case, isn't so sure. "They seemed like they were really reaching," he says. "They were basically trying to say they had everything, and they could arrest him right now, but they don't want to."
Soon after ProtestWarrior announced that its site had been hacked, pundit Michelle Malkin, who defended wartime internment in a 2004 book, linked to a ProtestWarrior letter about the scheme on her blog, prompting an avalanche of scorn for Hammond. "The slightly-built, pouty-lipped Jeremy Hammond will probably be quite popular inside the cell block after lights-out," wrote one blogger. "I hope he doesn't bruise easy." Others rallied to support Hammond. Hundreds of people from as far away as Turkey and the Netherlands have signed the petition on FreeJeremy.com. "Jeremy is one of the best, most helpful guys I have ever talked to," wrote HackThisSite user Brandon Perry of Texas. "He is a good guy that only taught ethical hacking."
In April Clorox and some fellow G00ns exploited a security vulnerability in the Indymedia publishing software, one that, ironically, Hammond had found a month earlier when conducting a security audit for the Chicago site. He'd notified Indymedia administrators, warning them not to make the vulnerability public until all the sites had an opportunity to fix it. Chicago's administrators patched the hole immediately. But then someone posted the vulnerability on a publicly accessible bulletin board for Indymedia administrators, and Clorox found it. Within two days he reportedly took down more than 16 Indymedia sites, in some cases erasing their archives and displaying messages on their home pages that said things like "Our soldiers are dying over sees to give men, women, and children a taste of freedom and you call them imperialists. You are nothing but pigs." In retaliation Indymedia users posted what they'd deduced was Clorox's identity and college, along with the phone number of the head of the school's computer-science department. According to an article in the Boulder Weekly, a few days later he was called into the dean's office and suspended. The FBI also paid him a visit, and apparently he too is now laying low. (He didn't respond to the e-mails I sent.)
These days Hammond spends most of his time at his Mac technician job and working on the next issue of "Hack This Zine," a print and online zine he started earlier this year for hacktivists. He says his days of scuffles and handcuffs are behind him. "I'm still raising a ruckus," he says, gamely raising a fist, but then adds, "I'm not, like, involved in any direct action or any illegal or questionable activities."
He says he's focusing instead on teaching fellow hacktivists technical tricks to "protect themselves," so that if they choose to "play the game" they "don't find themselves in a situation like I'm in." Then he adds, "I knew what I was getting involved with. I know if you're going to be involved in more sensitive things you have to be prepared to accept the consequences. And I've accepted that."