Inside Menwith Hill

Sunday, 23 October 2016

The narrow roads are quiet and winding, surrounded by rolling green fields and few visible signs of life beyond the occasional herd of sheep. But on the horizon, massive white golf ball-like domes protrude from the earth, protected behind a perimeter fence that is topped with piercing razor wire. Here, in the heart of the tranquil English countryside, is the National Security Agency’s largest overseas spying base.

Once known only by the code name Field Station 8613, the secret base — now called Menwith Hill Station — is located about nine miles west of the small town of Harrogate in North Yorkshire. Originally used to monitor Soviet communications through the Cold War, its focus has since dramatically shifted, and today it is a vital part of the NSA’s sprawling global surveillance network.

For years, journalists and researchers have speculated about what really goes on inside Menwith Hill, while human rights groups and some politicians have campaigned for more transparency about its activities. Yet the British government has steadfastly refused to comment, citing a longstanding policy not to discuss matters related to national security.

Now, however, top-secret documents obtained by The Intercept offer an unprecedented glimpse behind Menwith Hill’s razor wire fence. The files reveal for the first time how the NSA has used the British base to aid “a significant number of capture-kill operations” across the Middle East and North Africa, fueled by powerful eavesdropping technology that can harvest data from more than 300 million emails and phone calls a day.

Over the past decade, the documents show, the NSA has pioneered groundbreaking new spying programs at Menwith Hill to pinpoint the locations of suspected terrorists accessing the internet in remote parts of the world. The programs — with names such as GHOSTHUNTER and GHOSTWOLF — have provided support for conventional British and American military operations in Iraq and Afghanistan. But they have also aided covert missions in countries where the U.S. has not declared war. NSA employees at Menwith Hill have collaborated on a project to help “eliminate” terrorism targets in Yemen, for example, where the U.S. has waged a controversial drone bombing campaign that has resulted in dozens of civilian deaths.

The disclosures about Menwith Hill raise new questions about the extent of British complicity in U.S. drone strikes and other so-called targeted killing missions, which may in some cases have violated international laws or constituted war crimes. Successive U.K. governments have publicly stated that all activities at the base are carried out with the “full knowledge and consent” of British officials.

The revelations are “yet another example of the unacceptable level of secrecy that surrounds U.K. involvement in the U.S. ‘targeted killing’ program,” Kat Craig, legal director of London-based human rights group Reprieve, told The Intercept.

“It is now imperative that the prime minister comes clean about U.K. involvement in targeted killing,” Craig said, “to ensure that British personnel and resources are not implicated in illegal and immoral activities.”

Objective Peckham

Saturday, 30 January 2016

As he walked through the busy streets of London, Bilal el-Berjawi was glancing over his shoulder. Everywhere he went, he suspected he was being followed. Within a few years — 4,000 miles away in remote Somalia — he would be dead, killed by a secret U.S. drone strike.

A small and stocky British-Lebanese citizen with a head of thick dark hair, Berjawi had grown up much like any other young boy in the United Kingdom’s capital city, attending school during the day and playing soccer with friends in his free time. But by his early 20s he was leading no ordinary life. He was suspected of having cultivated ties with senior al Qaeda militants in East Africa, his British citizenship was abruptly revoked, and he was placed on a U.S. kill list.

In January 2012, Berjawi met his sudden end, about 10 miles northwest of Mogadishu, when a missile crashed into his white car and blasted it beyond recognition.

At the time of Berjawi’s death, the Associated Press reported that the missile strike targeting him had been carried out by a drone, citing an anonymous U.S. official. The Economist criticized the secrecy surrounding the attack and questioned whether it had amounted to a “very British execution.”

Now, a classified U.S. document obtained by The Intercept shines new light on the circumstances surrounding Berjawi’s death. It reveals that the U.S. government was monitoring him for at least five years as he traveled between London and Somalia; that he was targeted by a covert special operations unit running a fleet of more than two dozen drones, fighter jets, and other aircraft out of East Africa; and that cellphone surveillance facilitated the strike that killed him.

The document, a case study included in a secret 2013 report by the Pentagon’s Intelligence, Surveillance, and Reconnaissance Task Force, does not mention Berjawi by name, instead referring to a target code-named “Objective Peckham.” But it contains enough specific details about the target’s movements and the time and place of the attack that killed him to confirm his identity beyond doubt.

The Intercept has pieced together the final years of Berjawi’s life based on the Pentagon case study, public records, interviews with individuals who knew him, and a transcript of a long conversation Berjawi had in April 2009 with members of Cage, a London-based rights group, in which he discussed his encounters with security agencies in the U.K. and Kenya.

The story of Berjawi’s life and death raises new questions about the British government’s role in the targeted assassination of its own citizens — also providing unique insight into covert U.S. military actions in the Horn of Africa and their impact on al Qaeda and its affiliate in the region, al Shabaab.

Operation Socialist

Friday, 20 March 2015

When the incoming emails stopped arriving, it seemed innocuous at first. But it would eventually become clear that this was no routine technical problem. Inside a row of gray office buildings in Brussels, a major hacking attack was in progress. And the perpetrators were British government spies.

It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom. But it wasn’t until a year later, in June 2013, that the company’s security experts were able to figure out what was going on. The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data.

Last year, documents from National Security Agency whistleblower Edward Snowden confirmed that British surveillance agency Government Communications Headquarters was behind the attack, codenamed Operation Socialist. And in November, The Intercept revealed that the malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers, who named it “Regin.”

The full story about GCHQ’s infiltration of Belgacom, however, has never been told. Key details about the attack have remained shrouded in mystery—and the scope of the attack unclear.

Now, in partnership with Dutch and Belgian newspapers NRC Handelsblad and De Standaard, The Intercept has pieced together the first full reconstruction of events that took place before, during, and after the secret GCHQ hacking operation.

Based on new documents from the Snowden archive and interviews with sources familiar with the malware investigation at Belgacom, The Intercept and its partners have established that the attack on Belgacom was more aggressive and far-reaching than previously thought. It occurred in stages between 2010 and 2011, each time penetrating deeper into Belgacom’s systems, eventually compromising the very core of the company’s networks.

Snowden told The Intercept that the latest revelations amounted to unprecedented “smoking-gun attribution for a governmental cyber attack against critical infrastructure.”

The Belgacom hack, he said, is the “first documented example to show one EU member state mounting a cyber attack on another…a breathtaking example of the scale of the state-sponsored hacking problem.”

Publicly, Belgacom has played down the extent of the compromise, insisting that only its internal systems were breached and that customers’ data was never found to have been at risk. But secret GCHQ documents show the agency gained access far beyond Belgacom’s internal employee computers and was able to grab encrypted and unencrypted streams of private communications handled by the company.

Belgacom invested several million dollars in its efforts to clean-up its systems and beef-up its security after the attack. However, The Intercept has learned that sources familiar with the malware investigation at the company are uncomfortable with how the clean-up operation was handled—and they believe parts of the GCHQ malware were never fully removed.

The revelations about the scope of the hacking operation will likely alarm Belgacom’s customers across the world. The company operates a large number of data links internationally (see interactive map below), and it serves millions of people across Europe as well as officials from top institutions including the European Commission, the European Parliament, and the European Council. The new details will also be closely scrutinized by a federal prosecutor in Belgium, who is currently carrying out a criminal investigation into the attack on the company.

Sophia in ’t Veld, a Dutch politician who chaired the European Parliament’s recent inquiry into mass surveillance exposed by Snowden, told The Intercept that she believes the British government should face sanctions if the latest disclosures are proven.

“Compensating Belgacom should be the very least it should do,” in ’t Veld said. “But I am more concerned about accountability for breaking the law, violating fundamental rights, and eroding our democratic systems.”
Other similarly sophisticated state-sponsored malware attacks believed to have been perpetrated by Western countries have involved Stuxnet, a bug used to sabotage Iranian nuclear systems, and Flame, a spy malware that was found collecting data from systems predominantly in the Middle East.

What sets the secret British infiltration of Belgacom apart is that it was perpetrated against a close ally—and is backed up by a series of top-secret documents, which The Intercept is now publishing.
GCHQ declined to comment for this story, and insisted that its actions are “necessary legal, and proportionate.”

The Surveillance Engine

Thursday, 4 September 2014

The National Security Agency is secretly providing data to nearly two dozen U.S. government agencies with a “Google-like” search engine built to share more than 850 billion records about phone calls, emails, cellphone locations, and internet chats, according to classified documents obtained by The Intercept.

The documents provide the first definitive evidence that the NSA has for years made massive amounts of surveillance data directly accessible to domestic law enforcement agencies. Planning documents for ICREACH, as the search engine is called, cite the Federal Bureau of Investigation and the Drug Enforcement Administration as key participants.

ICREACH contains information on the private communications of foreigners and, it appears, millions of records on American citizens who have not been accused of any wrongdoing. Details about its existence are contained in the archive of materials provided to The Intercept by NSA whistleblower Edward Snowden.

Earlier revelations sourced to the Snowden documents have exposed a multitude of NSA programs for collecting large volumes of communications. The NSA has acknowledged that it shares some of its collected data with domestic agencies like the FBI, but details about the method and scope of its sharing have remained shrouded in secrecy.

ICREACH has been accessible to more than 1,000 analysts at 23 U.S. government agencies that perform intelligence work, according to a 2010 memo. A planning document from 2007 lists the DEA, FBI, Central Intelligence Agency, and the Defense Intelligence Agency as core members. Information shared through ICREACH can be used to track people’s movements, map out their networks of associates, help predict future actions, and potentially reveal religious affiliations or political beliefs.

The creation of ICREACH represented a landmark moment in the history of classified U.S. government surveillance, according to the NSA documents.

“The ICREACH team delivered the first-ever wholesale sharing of communications metadata within the U.S. Intelligence Community,” noted a top-secret memo dated December 2007. “This team began over two years ago with a basic concept compelled by the IC’s increasing need for communications metadata and NSA’s ability to collect, process and store vast amounts of communications metadata related to worldwide intelligence targets.”

The search tool was designed to be the largest system for internally sharing secret surveillance records in the United States, capable of handling two to five billion new records every day, including more than 30 different kinds of metadata on emails, phone calls, faxes, internet chats, and text messages, as well as location information collected from cellphones. Metadata reveals information about a communication—such as the “to” and “from” parts of an email, and the time and date it was sent, or the phone numbers someone called and when they called—but not the content of the message or audio of the call.

ICREACH does not appear to have a direct relationship to the large NSA database, previously reported by The Guardian, that stores information on millions of ordinary Americans’ phone calls under Section 215 of the Patriot Act. Unlike the 215 database, which is accessible to a small number of NSA employees and can be searched only in terrorism-related investigations, ICREACH grants access to a vast pool of data that can be mined by analysts from across the intelligence community for “foreign intelligence”—a vague term that is far broader than counterterrorism.

Data available through ICREACH appears to be primarily derived from surveillance of foreigners’ communications, and planning documents show that it draws on a variety of different sources of data maintained by the NSA. Though one 2010 internal paper clearly calls it “the ICREACH database,” a U.S. official familiar with the system disputed that, telling The Intercept that while “it enables the sharing of certain foreign intelligence metadata,” ICREACH is “not a repository [and] does not store events or records.” Instead, it appears to provide analysts with the ability to perform a one-stop search of information from a wide variety of separate databases.

In a statement to The Intercept, the Office of the Director of National Intelligence confirmed that the system shares data that is swept up by programs authorized under Executive Order 12333, a controversial Reagan-era presidential directive that underpins several NSA bulk surveillance operations that monitor communications overseas. The 12333 surveillance takes place with no court oversight and has received minimal Congressional scrutiny because it is targeted at foreign, not domestic, communication networks. But the broad scale of 12333 surveillance means that some Americans’ communications get caught in the dragnet as they transit international cables or satellites—and documents contained in the Snowden archive indicate that ICREACH taps into some of that data.

Legal experts told The Intercept they were shocked to learn about the scale of the ICREACH system and are concerned that law enforcement authorities might use it for domestic investigations that are not related to terrorism.

“To me, this is extremely troublesome,” said Elizabeth Goitein, co-director of the Liberty and National Security Program at the New York University School of Law’s Brennan Center for Justice. “The myth that metadata is just a bunch of numbers and is not as revealing as actual communications content was exploded long ago—this is a trove of incredibly sensitive information.” Brian Owsley, a federal magistrate judge between 2005 and 2013, said he was alarmed that traditional law enforcement agencies such as the FBI and the DEA were among those with access to the NSA’s surveillance troves. “This is not something that I think the government should be doing,” said Owsley, an assistant professor of law at Indiana Tech Law School. “Perhaps if information is useful in a specific case, they can get judicial authority to provide it to another agency. But there shouldn’t be this buddy-buddy system back-and-forth.”

Jeffrey Anchukaitis, an ODNI spokesman, declined to comment on a series of questions from The Intercept about the size and scope of ICREACH, but said that sharing information had become “a pillar of the post-9/11 intelligence community” as part of an effort to prevent valuable intelligence from being “stove-piped in any single office or agency.”

Using ICREACH to query the surveillance data, “analysts can develop vital intelligence leads without requiring access to raw intelligence collected by other IC [Intelligence Community] agencies,” Anchukaitis said. “In the case of NSA, access to raw signals intelligence is strictly limited to those with the training and authority to handle it appropriately. The highest priority of the intelligence community is to work within the constraints of law to collect, analyze and understand information related to potential threats to our national security.”

The FBI's WikiLeaks Mole

Sunday, 11 August 2013

When he met Julian Assange for the first time, Sigurdur Thordarson admired the WikiLeaks founder’s attitude and quickly signed up to the cause. But little more than a year later, Thordarson was working as an informant spying on WikiLeaks for the US government — embroiling himself as a teenager in one of the most complicated international events in recent history.

In a series of interviews with Slate, Thordarson has detailed the full story behind how, in an extraordinary sequence of events, he went from accompanying Assange to court hearings in London to secretly passing troves of data on WikiLeaks staff and affiliated activists to the FBI. The 20-year-old Icelandic citizen’s account is partly corroborated by authorities in Iceland, who have confirmed that he was at the center of a diplomatic row in 2011 when a handful of FBI agents flew in to the country to meet with him — but were subsequently asked to leave after a government minister suspected they were trying to “frame” Assange.

Thordarson, who first outed himself as an informant in a Wired story in June, provided me with access to a pseudonymous email account that he says was created for him by the FBI. He also produced documents and travel records for trips to Denmark and the United States that he says were organized and paid for by the bureau.

The FBI declined to comment on Thordarson’s role as an informant or the content of the emails its agents are alleged to have sent him. In a statement, it said that it was “not able to discuss investigative tools and techniques, nor comment on ongoing investigations.” But emails sent by alleged FBI agents to Thordarson, which left a digital trail leading back to computers located within the United States, appear to shine a light on the extent of the bureau’s efforts to aggressively investigate WikiLeaks following the whistle-blower website’s publication of classified US military and State Department files in 2010.

Late last month, Army intelligence analyst Bradley Manning was convicted on counts of espionage, theft, and computer fraud for passing the group the secrets. During the Manning trial, military prosecutors portrayed Assange as an “information anarchist,” and now it seems increasingly possible that the US government may next go after the 42-year-old Australian for his role in obtaining and publishing the documents. For the past 14 months, Assange has been living in Ecuador’s London Embassy after being granted political asylum by the country over fears that, if he is sent to Sweden to face sexual offense allegations, he will be detained and subsequently extradited to the United States.

Meanwhile, for more than two years, prosecutors have been quietly conducting a sweeping investigation into WikiLeaks that remains active today. The FBI’s files in the Manning case number more than 42,000 pages, according to statements made during the soldier’s pretrial hearings, and that stack of proverbial paper likely continues to grow. Thordarson’s story offers a unique insight into the politically-charged probe: Information he has provided appears to show that there was internal tension within the FBI over a controversial attempt to infiltrate and gather intelligence on the whistle-blower group. Thordarson gave the FBI a large amount of data on WikiLeaks, including private chat message logs, photographs, and contact details of volunteers, activists, and journalists affiliated with the organization. Thordarson alleges that the bureau even asked him to covertly record conversations with Assange in a bid to tie him to a criminal hacking conspiracy. The feds pulled back only after becoming concerned that the Australian was close to discovering the spy effort.


It was 2010 when the saga began in Reykjavik, Iceland. Thordarson, then just 17, says that before his first encounter with Assange, he knew little about the man beyond a few YouTube videos he’d watched about WikiLeaks. But he went to hear Assange speak at a conference hosted by an Icelandic university, and the teenager was impressed. After the event, a journalist Thordarson knew introduced him to Assange, and the pair struck up a relationship that led to Thordarson doing some volunteer work for the organization. Before long, he was on the edges of WikiLeaks’ small, tight-knit inner circle.

At that time, the group was sitting on the explosive files it had received from Manning that included a video showing a US helicopter attack that resulted in the deaths of 12 civilians, among them two employees of the Reuters news agency.

Thordarson, a blond-haired stocky figure with a baby face, was present while WikiLeaks staff and volunteers in Reykjavik were preparing the video for publication. When it was published by WikiLeaks in April 2010, under the name Collateral Murder, it catapulted the organization into the international spotlight and provoked an angry response from government officials in Washington.

The then-teenager, known as “Siggi” to his friends, was around at the height of that backlash. He was given administrative privileges to moderate an Internet chat room run by WikiLeaks. And when Assange relocated from Iceland to England, Thordarson came to visit. He even accompanied the WikiLeaks founder to court appearances in London as he fought extradition to Sweden over allegations of sexual assault.

Thordarson looked up to Assange, viewing him as a friend. The WikiLeaks chief, he says, treated him well — helping him find a lawyer in 2010, not long after the pair had met, when he says he was wrongly accused by Icelandic police of breaking into a business premises. But signs that Thordarson had a proclivity for brushes with the law did not appear to trigger alarm bells early on at WikiLeaks — though perhaps they should have, because he was certainly not any ordinary volunteer. Unlike many drawn to WikiLeaks, Thordarson does not seem to have been principally motivated by a passion for the cause of transparency or by the desire to expose government wrongdoing. Instead, he was on the hunt for excitement and got a thrill out of being close to people publishing secret government documents.

As a child, Thordarson led a fairly normal middle-class life in Reykjavik, enjoying social studies and chemistry at school. His father worked as a sales manager at a painting firm, and his mother ran a hair salon. But as he entered his teenage years, he says, he began to feel that he could not connect with others in his peer group. He went to college to study computer science and psychology — but claims he was suspended after hacking into a college computer system.

By mid-2011, Thordarson’s thirst for adventure, combined with his interest in hacking, would irreversibly complicate his relationship with WikiLeaks. In June of that year, the Anonymous-linked hacker group LulzSec brought down the website of the CIA. Thordarson says that he and other WikiLeaks staff were amused by the incident, and he decided to reach out to the hackers to establish contact. Thordarson claims that, using the aliases “Q” and “Penguin X,” he set up a line of communication between WikiLeaks and LulzSec. During the series of exchanges that followed, Thordarson says he “suggested” that his group wanted assistance to find evidence of anti-WikiLeaks sentiment within the Icelandic government’s Ministry of Finance, which had thwarted an attempt by DataCell, a company that processes WikiLeaks donations, to purchase a large new data center in Reykjavik. (In early 2011, DataCell’s founder questioned whether the Icelandic government had deliberately prevented the deal because it was “afraid of letting WikiLeaks here into the country.”)

“That was basically the first assignment WikiLeaks gave to LulzSec,” Thordarson alleges, “to breach the Icelandic government infrastructure.”

Lady Liberty

Wednesday, 1 May 2013

The Statue of Liberty is getting a facelift, though the changes aren’t only cosmetic. An upgraded "state of the art" security system will help keep Lady Liberty safe when it reopens soon. But what does the system entail, and could it involve a controversial new face-recognition technology that can detect visitors’ ethnicity from a distance? I tried to find out — and a New York surveillance company tried to stop me.

Face recognition was first implemented at the Statue of Liberty in 2002 as part of an attempt to spot suspected terrorists whose mug shots were stored on a federal database. At the time, the initiative was lambasted by the American Civil Liberties Union, which said it was so ineffective that “Osama Bin Laden himself” could easily dodge it.

But the technology has advanced since then: Late last year, trade magazine Police Product Insight reported that a trial of the latest face-recognition software was being planned at the Statue of Liberty for the end of 2012 to “help law enforcement and intelligence agencies spot suspicious activity.” New York surveillance camera contractor Total Recall Corp. was quoted as having told the magazine that it was set for trial at the famed tourist attraction software called FaceVACS, made by German firm Cognitec. FaceVACS, Cognitec boasts in marketing materials, can guess ethnicity based on a person’s skin color, flag suspects on watch lists, estimate the age of a person, detect gender, “track” faces in real time, and help identify suspects if they have tried to evade detection by putting on glasses, growing a beard, or changing their hairstyle. Some versions of face-recognition software used today remain ineffective, as investigators found in the aftermath of the Boston bombings. But Cognitec claims its latest technology has a far higher accuracy rating — and is certainly more advanced than the earlier versions of face-recognition software, like the kind used at the Statue of Liberty back in 2002. (It is not clear whether the face-recognition technology remained in use at the statue after 2002.)

Liberty Island took such a severe battering during Sandy that it has stayed closed to the public ever since — thwarting the prospect of a pilot of the new software. But the statue, which attracts more than 3 million visitors annually according to estimates, is finally due to open again on July 4. In March, Statue of Liberty superintendent Dave Luchsinger told me that plans were underway to install an upgraded surveillance system in time for the reopening. “We are moving forward with the proposal that Total Recall has come up with,” he said, adding that “[new] systems are going in, and I know they are state of the art.”

When it came to my questions about face recognition, though, things started to get murky. Was that particular project back on track? “We do work with Cognitec, but right now because of what happened with Sandy it put a lot of different pilots that we are doing on hold,” Peter Millius, Total Recall’s director of business development, said in a phone call. “It’s still months away, and the facial recognition right now is not going to be part of this phase.” Then, he put me on hold and came back a few minutes later with a different position — insisting that the face-recognition project had in fact been “vetoed” by the Park Police and adding that I was “not authorized” to write about it.

That was weird, but it soon got weirder. About an hour after I spoke with Total Recall, an email from Cognitec landed in my inbox. It was from the company’s marketing manager, Elke Oberg, who had just one day earlier told me in a phone interview that “yes, they are going to try out our technology there” in response to questions about a face-recognition pilot at the statue. Now, Oberg had sent a letter ordering me to “refrain from publishing any information about the use of face recognition at the Statue of Liberty.” It said that I had “false information,” that the project had been “cancelled,” and that if I wrote about it, there would be “legal action.” Total Recall then separately sent me an almost identical letter — warning me not to write “any information about Total Recall and the Statue of Liberty or the use of face recognition at the Statue of Liberty.” Both companies declined further requests for comment, and Millius at Total Recall even threatened to take legal action against me personally if I continued to “harass” him with additional questions. (You can read the full correspondence here.)

Linda Friar, a National Park Service spokeswoman, confirmed that the procurement process for security screening equipment is ongoing, but she refused to comment on whether the camera surveillance system inside the statue was being upgraded on the grounds that it was “sensitive information.” So will there be a trial of new face-recognition software — or did the Park Police “cancel” or “veto” this? It would probably be easier to squeeze blood from a stone than to obtain answers to those questions. “I’m not going to show my hand as far as what security technologies we have,” Greg Norman, Park Police captain at Liberty Island, said in a brief phone interview.

The great irony here, of course, is that this is a story about a statue that stands to represent freedom and democracy in the modern world. Yet at the heart of it are corporations issuing crude threats in an attempt to stifle legitimate journalism — and by extension dictate what citizens can and cannot know about the potential use of contentious surveillance tools used to monitor them as they visit that very statue. Whether Cognitec's ethnicity-detecting face recognition software will eventually be implemented at Lady Liberty remains to be seen. What is certain, however, is that the attempt to silence reporting on the mere prospect of it is part of an alarming wider trend to curtail discussion about new security technologies that are (re)shaping society.

This article first appeared at Slate.

The Barrett Brown Saga

Friday, 22 March 2013

Until the moment the FBI burst through his door, it had been much like any other day for Barrett Brown.

The 31-year-old writer and activist, closely affiliated to the Anonymous hacking collective, had been joking around late at night in an internet webcam chat room with a few friends. But the conversation abruptly halted when Brown's video feed blacked out. Amid a flurry of commotion and cries of "get down," a troupe of armed agents surged into his apartment in Dallas, Texas, and handcuffed him face down on the floor.

Since that evening, on 12 September last year, Brown has been in a Texas jail awaiting a looming trial that could land him several decades behind bars. He stands accused of committing 17 offences in total, including aiding and abetting aggravated identity theft, making internet threats, and retaliation against a federal law enforcement officer. But it is no ordinary, open and shut case. It is a bizarre saga that involves a web of secrets, scandals, covert informants and some of the most widely publicised computer hacking conspiracies in recent history.

US authorities have made it clear in indictments lodged against Brown that they view him as a menace to society — an anti-government anarchist agitating for violent revolution. But supporters claim he is being subjected to heavy-handed prosecution, comparing his plight to that of Matthew Keys, the Reuters social media editor accused last week of conspiring with Anonymous, and Aaron Swartz, the prominent internet freedom activist who committed suicide in January while facing a host of controversial hacking charges. In reality, neither side is the full story.

Brown, just short of 6 feet tall, skinny with sandy brown hair, grew up in an affluent part of Dallas County, the son of a wealthy Texas real estate developer. He is a somewhat eccentric character — a college dropout firebrand with a history of drug addiction and a penchant for ranting, red wine and cigarettes.

Before he crossed paths with the FBI, Brown was a prolific writer who had contributed to publications including Vanity Fair, the Guardian, the Huffington Post and satirical news site the Onion. He had a short stint in politics as the director of communications for an atheist group called Enlighten the Vote, and he co-authored a well-received book mocking creationism, Flock of Dodos, which the Harvard law professor Alan Dershowitz compared to works by celebrated authors Thomas Paine and Mark Twain.

"I really just wanted to write humour and was absolutely on track to doing so until a couple events and thoughts in 2009," Brown told me in August last year, shortly before his arrest. What changed his trajectory was that he immersed himself in what he would sometimes jokingly term "this computer shit" — a strange and chaotic world of online activism.

There were a number of factors involved, each of them closely connected. It began when Brown hatched the idea for an internet thinktank he named Project PM, in 2009, dedicated to investigating private government contractors working in the secretive fields of cybersecurity, intelligence and surveillance. Then, in 2010, WikiLeaks published thousands of classified US government documents. And at around the same time Anonymous exploded onto the world stage, attacking the Church of Scientology and defending WikiLeaks by declaring cyberwar on payment processors like Paypal and Visa, which had blocked the whistleblower website's funding sources after pressure from US politicians.

Brown saw a conflation of interests between Project PM, WikiLeaks and Anonymous. He believed WikiLeaks was doing a "tremendous service to humanity" by releasing classified government information, and he was inspired by Anonymous, which he viewed as "unprecedented" because of the way it brought people on the internet together as a force for political change.

Before long, Brown had directly affiliated himself with Anonymous, and by early 2011 he was working alongside some its most skilled hackers as a sort of de facto press officer. He had no hacking ability, but instead put his flair for writing and rhetoric to use. He would send out missives to his media contacts and do televised interviews in which he would rail against murky government cybersecurity initiatives that he said Anonymous would expose.

Some within the diffuse community of Anonymous took an instant dislike to Brown, accusing him of being a paranoid egomaniac who was seeking fame and hogging the limelight. But he rarely gave his critics a second glance because, as far as he was concerned, he had more pertinent issues to deal with — on one occasion embroiling himself in a surreal public spat with a Mexican drug cartel over a kidnapped activist.

"We have hit upon things here that really do matter — that haven't been given due consideration," he would bark in his distinctive, rapid-fire baritone southern drawl. "The battlefield is the information flow."

Brown's interviews, some aired as "exclusives" on major US TV news networks like NBC, grabbed attention. He viewed himself as engaged in what he would refer to as "information operations," almost like a military propaganda campaign. Hackers would sometimes obtain data and then pass it on to him. He would spend days and nights hunkered down in his small uptown Dallas apartment poring through troves of hacked documents, writing blog posts about US government intelligence contractors and their "misplaced power" while working to garner wider media coverage.

When servers belonging to the American security thinktank Stratfor were infiltrated by the hackers in December 2011, for instance, Brown alerted reporters across the world. He told the Times that millions of stolen emails, later published by WikiLeaks, could prove to be "the smoking gun for a number of crimes of extraordinary importance". It was mostly hyperbole, of course, but he was a skilled operator. He knew how to get headlines, especially headlines that would rile his adversaries.

By becoming a public advocate for hackers implicated in major computer crimes, however, Brown was in extremely shaky legal territory. He had developed a close relationship with an Anonymous splinter group called AntiSec — a volatile, militant outfit that had evolved out of LulzSec, another Anonymous offshoot which took credit for a series of prominent attacks on government websites and multinational corporations over a 50-day rampage in the summer of 2011.

AntiSec became highly active toward the end of 2011, hacking Stratfor and then later a Virginia-based law firm involved in defending a US marine who had played a key role in a massacre of civilians during the Iraq war. The group dumped thousands of Stratfor customers' credit card numbers online and posted a large trove of emails obtained from the law firm, collaterally exposing personal details about victims of sexual assault in the process.

It appeared that the hackers were becoming increasingly callous and equally careless, veering from the "vigilantes for good" image they liked to project of themselves.

Brown said that the credit card leak was a "public relations blunder" that had caused internal conflict between the hackers. One party had been "blindsided" by the data dump, according to Brown, and one of the team quit the group and "went dark" because of it.

"I wasn't informed of the leak or the nature of the leak," he told me at the time. "I do defend them for it and I will take responsibility for defending them. But if I had my way it would have been done differently. I have no... they don't need me, basically, so they don't ask my opinion."

But by then it was too late: Brown's relationship with AntiSec had pinned a law enforcement target on his back. A few months after the hack on Stratfor, he was raided for the first time by the FBI. He was not arrested, but some of his property, including his laptop computer, was confiscated as evidence.

On the same day, 6 March 2012, an explosive Fox News story outed a core member of both AntiSec and LulzSec as an FBI informant. "Sabu," real name Hector Monsegur, 29, had been "turned" nine months earlier by the authorities after being traced to his New York apartment.

In order to escape jail, Monsegur, a notorious loudmouth elite hacker who was considered a ringleader of the groups, had been covertly cooperating with the FBI to help build cases against, and track down, his former partners. It was an extraordinary development that shook the hacking community and made front page news internationally.

Prosecutors, likely assisted at least in part by evidence gleaned by Monsegur, have since accused Brown of aiding and abetting the transfer of the credit card numbers obtained from Statfor's servers in a case of aggravated identity theft. The hackers used the credit cards to fraudulently donate hundreds of thousands of dollars to charities including the Red Cross and Save the Children.

Brown, who denies all of the charges against him, is also accused of a separate fraud-related offence that carries up to 15 years imprisonment for copying and pasting a hyperlink in a chat room to a file that allegedly included within it some 5,000 Stratfor credit card details. This has caused an outcry among some activists, with secret-spilling website Cryptome — which published the same link Brown is accused of sharing — posting a statement likening the charge to "official chilling of free speech online" and criticising "over-reaching indictments."

The spiralling debacle eventually took its toll on Brown. The FBI seizure of his property and the revelation about Monsegur, whom he angrily branded a "degenerate pussy traitor," seemed pivotal.

When I spoke to him earlier in 2011 he had appeared optimistic — as if he felt he was riding the crest of an unstoppable wave. He would talk enthusiastically about "spiritual change" taking place due to revolutions sweeping the Arab world, and explain how young Anonymous hackers he knew had assisted activists in the Middle East by providing them with tools to counter government surveillance and tracking. But by spring 2012, his mindset seemed to alter, his mood darker and at times almost anguished.

"We're losing hope in the idea of trying to convince the American people to pay attention to something that matters," he lamented in April, speaking on the phone from Dallas. "To some extent we are all the enemy, all of us have failed."

Brown was frustrated that mainstream media outlets were not covering stories he felt deserved attention. He would complain that reporters would often approach him and ask about the personalities of some of the more prominent hackers, like Monsegur, but ignore the deeper issues about governments and private contractors contained in documents that had been hacked.

Complicating matters further, as a recovering heroin addict, Brown was taking Suboxone, a prescription drug used to treat opiate withdrawal. This was having an impact on his health, perhaps amplified by the cyclone of drama engulfing him. One day in August, he told me he had broken down in tears. "All of it gets to be too much," he wrote in an email.

Three weeks later, Brown would be in jail. He had posted online a series of videos in which he appeared to issue threats directed at a named FBI agent, whom he accused of harassing his mother, and demanded that his previously seized property be returned. In the videos he looked frazzled, pale and on edge. He concluded with a lengthy tirade, saying he feared drug cartel "assassin squads" were out to get him and warning government officials not to come near his apartment.

"I will shoot all of them and kill them if they come," he said, looking blankly straight into the camera. "It was pretty obvious I was going to be dead before I was forty or so — so I wouldn't mind going out with two FBI sidearms like a fucking Egyptian Pharaoh."

Within hours of the video appearing, agents charged through his door and pinned him to the floor. For the FBI, it was clearly the final straw. Brown had moved from publishing long blog screeds blasting shady security firms to making violent threats. Hyperbole or not, a line had been crossed. His time was up.

When the moment finally came, Brown can't have been too surprised. He suspected that one day he was going to end up carted off to a dingy jail cell, he just didn't know exactly when or in what circumstances. He had accepted his fate fairly soon after becoming involved with Anonymous.

"I'll probably be charged or indicted," he told me during one interview in early 2012. "I just hope that a trial will bring more media attention to the issues that brought me here in the first place."

Brown is due to face two separate trials, the first of which is scheduled to begin on 3 September.

Last I heard from him he was doing all right.

"How's everything?" he wrote in short message. "I seem to be in prison."


This article first appeared in the Guardian.