Stratfor Hacker's Sentence: An AnalysisAttorneys Explain Significance of Hammond's Sentencing
The 10-year prison sentence for hacker Jeremy Hammond shows the significance that past criminal history and details of a case can have when determining punishment, says security attorney Kim Peretti, a former federal prosecutor.
See Also: HIPAA Audits: A Revised Game Plan
Hammond was sentenced for his role in the 2011 Strategic Forecasting Inc. breach that affected about 860,000 individuals. Stratfor is a global intelligence firm based in Austin, Texas, that provides services to the U.S. federal government.
Hammond pleaded guilty on May 28 to one count of conspiracy to engage in computer hacking. His 10-year prison sentence was the maximum allowed for the charge, and reflects his involvement in other hacking incidents, prosecutors said. The court has not yet determined how much restitution he must pay.
Length of Sentence
"We're more familiar with cases that involve Web defacement, denial-of-service [attacks] and first-time offenders," says Peretti, a former Department of Justice prosecutor who is now co-chair of the security incident management and response team at the law firm Alston & Bird.
But in this case, Hammond's guilty plea to one count of conspiracy, along with the number of victims, credit cards stolen and money lost, increased the case to a higher offense level, Peretti says.
"The other side of the coin is criminal history," she says. Because Hammond had prior incidents on his record, his sentence could be more severe.
But privacy attorney Ronald Raether of Faruki Ireland & Cox says the case could serve as a catalyst for discussions on sentencing for hackers.
"You will continue to have this debate around does the sentencing fit the crime," he says. "Just because it's online, do you deserve to get more time than if you did [the crime] in the brick-and-mortar world?"
In December 2011, Hammond and other members of the hacktivist group AntiSec, an off-shoot of Anonymous, hacked into Stratfor computer systems and stole confidential information, including employee e-mails as well as account information, for approximately 860,000 Stratfor subscribers or clients, prosecutors say. Credit card information for about 60,000 individuals was also stolen, and some of the stolen details were used to make more than $700,000 in unauthorized charges.
In his guilty plea, Hammond also admitted involvement in additional hacks, including: the FBI's Virtual Academy; the Arizona Department of Public Safety; Brooks-Jeffery Marketing; Special Forces Gear; Vanguard Defense Industries; the Jefferson County, Ala. Sheriff's Office; the Boston Police Patrolmen's Association; and Combined Systems Inc.
Hammond was sentenced on Nov. 15 by Chief U.S. District Judge Loretta A. Preska, according to the U.S. Attorney's Office for the Southern District of New York.
"As he admitted through his plea of guilty, Jeremy Hammond launched a series of computer hacks that stole confidential information pertaining to companies, law enforcement agencies, and thousands of innocent individuals," said Manhattan U.S. Attorney Preet Bharara.
"His sentence underscores that computer hacking is a serious offense with damaging consequences for victims, and this office is committed to punishing the perpetrators of such crimes," Bharara says.
Deterrence for Others?
It's unclear whether the case will serve as a deterrent for future hacktivists or hackers, Raether says.
"The hacktivists are already aware of the law," he says. "They're aware that for the most part they're violating the law when they hack into somebody else's system."
As a result of Hammond's hefty prison sentence, however, hackers may grow smarter in their tactics, Raether says. "It may cause them to [take] extra measures to maintain anonymity in what they do as opposed to being so overt," he says. "You may extend the cat-and-mouse game further."