FBI used autistic New Yorker to nail Anonymous hacker

13 May, 2014 20:32 / Updated 11 years ago

A British computer hacker arrested in 2011 for breaching the website of internet news company Gawker was apprehended with the help of a former acquaintance from outside Albany, New York, according to just leaked, previously unpublished court files.

The documents — posted to the web on Tuesday this week by the Smoking Gun — for the first time reveals how law enforcement agencies from across the world were able to narrow in on a South London hacker who took credit for compromising the computer networks of Gawker, among others, nearly three years ago.

According to 28-pages of court documents published on the Smoking Gun’s website this week, an autistic Troy, NY man involved in the Gawker breach helped point officers with the Federal Bureau of Investigation towards the Brit — a computer hacker known as Kayla — in June 2011 amidst the ongoing probe into the hacktivist movement Anonymous and its offshoots, including LulzSec and Internet Feds.

With the cooperation of Thomas “Eekdacat” Madden, the Smoking Gun reported, authorities abroad were able to locate Kayla and successfully convict the person behind the handle, Ryan Ackroyd, of computer crimes committed with Anonymous and its factions from 2010 up to just before his arrest. Ackroyd, now 27, was released from prison in March after serving 10 months of a two-and-a-half year sentence.

RT has reported extensively about how the arrest of hacker Hector Xavier Monsegur, or “Sabu,” in June 2011 provided the FBI with evidence that led to the arrests of several other Anonymous hackers, including a Chicago man currently serving a 10-year prison sentence. Only now, however, do details about Madden and his active role in cooperating with authorities demonstrate how the FBI used him to take down Ackroyd, and perhaps others, starting just days after Monsegur became an informant in exchange for leniency.

Excerpts from a federal search warrant published by the Smoking Gun show that authorities arrested Madden, now 26, on June 29, 2011 after he was charged with hacking in a criminal complaint filed in the Southern District of New York.

Madden appears in some of the Smoking Gun’s files as a confidential witness (either CW-1 or CW-2, depending on the documents) and, according to one of the files, he “attempted to cooperate with law enforcement in the hopes of reducing [his] sentencing liability" shortly after being detained.

In debriefings that occurred shortly after his arrest — and without an attorney present, according to the website’s writers — Madden allegedly told investigators that he was a member of the online group “Gnosis” and, along with “Kayla,” participate in the December 2010 hacking of Gawker that unearthed the email address and passwords of hundreds of thousands of the website’s users.

“We're deeply embarrassed by this breach,” Gawker said at the time.

Madden reportedly went on to tell the authorities that he personally decrypted roughly 180,000 account passwords lifted from Gawker’s network, and discussed that hack and others during online conversations with the person behind the Kayla handle.

A separate search warrant published by The Smoking Gun this week shows that Madden allowed authorities to see his instant messenger contact list after he was arrested, which included an entry labeled “Kayla.” Contact information for that account then directed the FBI to an email address and Twitter account used by the same “Kayla,” which provided the feds with enough evidence to get a search warrant and pen register against the person that ended up being identified as Ackroyd.

“Based on pen traffic obtained from the Kayla email account and for the Kayla Twitter account, I learned the both had accessed the Internet through one IP address based in the United Kingdom on separate occasions,” the second warrant reads. “Specifically the Kayla email account accessed the internet on one occasion in December 2009 and again in March 2011 from that IP address, and the Kayla Twitter account had accessed the Internet on one occasion in June 2011 from that IP address.”

The FBI soon collaborated with UK law enforcement officials, who in turn obtained internet records from the provider of that IP address.

“By coordinating their surveillance with the Twitter account activity, the investigators conducted a search, consistent with UK law, of the residence,” the warrant read, eventually allowing them to identify Ackroyd as Kayla.

According to the Smoking Gun, the apprehension of Madden months earlier involved a whole other investigation of sorts. Madden’s father told the Smoking Gun that his son had befriended a classmate in college and “ended up getting fooled into doing the homework for the person,” as well as tests and other online projects. Eventually the younger Madden wised up and told the classmate’s professor that the work being submitted was not genuine, which prompted the cheating colleague to contact with a vengeance the FBI and provide authorities with a chat transcript in which Madden bragged about his role in the Gawker hack.

“The subsequent bureau probe, headed by Agent Olivia Olson, used an assortment of subpoenas, as well as motor vehicle and passport records to identify Madden as the hacker ‘Eekdacat,’” William Bastone and Andrew Goldberg wrote for the Smoking Gun.

“Following his FBI debriefing — and nearly 12 hours after his arrest — Madden made an initial appearance in a closed federal courtroom in lower Manhattan,” they added. “A US District Court magistrate released Madden on a $100,000 bond secured by his father, and ordered that his Internet access would only be ‘via an FBI monitored laptop.’”

Another document, dated May 17, 2012, confirms that the US determined it was in the best interest to defer prosecuting Madden for the computer crimes he admitted to in exchange for good behavior and compliance with a list of rules, including provisions that prevented him for six-months of engaging in conversation with any non-law-abiding persons, on and off the web. Half-a-year later, the case was terminated.

Speaking to The Smoking Gun over the Phone recently, Madden said he had “no contact” with other hackers since his arrest and suggested that he may have been mischaracterized by the FBI in court filings. Shortly after his arrest, however, federal prosecutor Rosemary Nidiry reported that Madden “actively is cooperating with the government and has indicated an intent to continue working proactively with the government.”

Madden, the Smoking Gun quoted Nidiry as saying, provided investigators with “detailed information” about suspected hackers and may be able to testify before a grand jury “for purposes of obtaining an indictment against the defendant’s accomplices and other individuals identified by the defendant.”

“If I ever have to type the world LulzSec again it’ll be too soon,” Madden tweeted from his @Eekdacat account only hours before being arrested in 2011.

Monsegur, who weeks prior to that began helping authorities infiltrate Anonymous and LulzSec, earlier this month had his sentencing hearing adjourned for the seventh time in three years.