Last week, Higinio O. Ochoa III was charged by the FBI with hacking into US law enforcement agencies and releasing phone numbers and home addresses of police officers. You’re looking at the evidence the FBI used to nail him.
Ochoa is a 30-year-old Linux administrator who lives in Galveston, Texas. The FBI accuses him of being part of Anonymous hacking group CabinCr3w and participating in several illegal actions. The woman in the photo is his Australian girlfriend, who lives in Wantirna South in Melbourne. The image was used by the FBI as ‘definitive proof’ that shows that the CabinCr3w hacker known as w0rmer and Ochoa are the same person.
Here is what happened: back in February, Ochoa allegedly posted a tweet using the handle @Anonw0rmer. In that tweet, he directed followers to a site in which he posted pilfered information from various law enforcement agency websites. At the bottom of that site there was the image of this woman, now identified as his girlfriend, with a sign that read “PwNd by w0rmer & CabinCr3w <3 u BiTch’s !”
The picture — taken with an iPhone — had GPS information which showed that the photo was taken at the woman’s home in Wantirna South. The GPS information was embedded in the photo’s EXIF data (EXIF is a set of standard tags that includes information such as location, camera type and other image information in every photo you take with your smartphone).
Other tweets from @Anonw0rmer pointed to other sites that contained references to the w0rmer alias and more pictures of this woman. Some of the sites had Ochoa’s name connected to the w0rmer alias, which was enough cause for the FBI to gain access to Ochoa’s Facebook page. There, the discovered that he listed the Australian woman as his girlfriend, and showed off several of her photos.
Although the photo used as evidence doesn’t show the woman’s face, the FBI is convinced there is no doubt that it is the same woman. They also claim that it is definitive proof that Ochoa is w0rmer.
Unlike Sabu — who sold his colleagues to the FBI — Ochoa says he’s not a snitch. Higinio was busted on March 20, according to a Pastebin post allegedly written by himself on March 31. In that post, he said that “around eight agents from the FBI stormed [in his] apartment” at around 10.30am. He then was taken to a Houston FBI office until he paid a $US50,000 bail.
In the same Pastebin, Ochoa claimed he wasn’t an informant:
Some body such as myself who not only participated in the occupy movement but knew many and knew the inner workings of the ‘infamous’ cabin crew would not be just put away without wondering if he could be turned. I did how ever tell FBI that I would participate in the capture of my fellow crew mates, a play which undoubtfully both satisfied and confused the FBI.
Those however who know me best would vouch for me undoutfully that doing so would put this movement at risk, something that I wish more anon’s would not only consider but place higher than themselves and those around them. ALL information provided to the FBI merely made MY case weaker and caused internal confusion showing the inherent weakness in the system.
The FBI has detailed some of Ochoa’s personal hacking. He illegally logged into the County of Houston’s website in Alabama, “created fake events on their online, posted images representing Anonymous and CabinCr3w, deleted all the administrator accounts except the one created by the attacker. All of this was accomplished by gaining unauthorised administrator access to the site’s control panel.”
In addition to revealing policemen’s personal information from several law enforcement agencies, including more than one hundred Los Angeles police officers, CabinCr3w was also responsible for leaking email address and confidential information from Goldman Sachs executives in September 2011.
Ochoa took time to reply to these accusations:
After FBI Agent Scott Jenson [sic] was done explaining how unimpressed he was with both my expressed skills, and information I provided the systems administrator for the texas DPS, he then proceeded to interview me for the exact information concerning the breach of the texas DPS site. (It would seem to me neither the DPS administrator nor the FBI fully understand the ‘complexity’ of SQL injections.)