"Sabu", aka Hector Monsegur provided info leading to the arrest of at least 10 LulzSec, AntiSec, and Anon hackers

On Tuesday, former "hacktivist" Hector Xavier Monsegur received a suspended sentence of 7 months (time served) for his role in rounding up virtually every member of the hacking group he once led.  At the hearing, Mr. Monsegur appeared quiet and serious saying he was "not the same man" as he had been when he committed the offenses that led to his original arrest.  In ordering a suspended sentence, the presiding Judge agreed, stating that Mr. Monsegur has "turning on a dime to doing good, not evil" since he was arrested.

I. The Rise

The story of Mr. Monsegur, (now) 28, began in 2011 with the rise of LulzSec [1][2][3][4] [5][6][7][8] [9][10][11][12] [13][14][15].

At the time the young computer expert was better known in the digital underground by his hacker handle "Sabu".  For years he led a double life as one of the world's top "hacktivists", acting as a senior-level organizer for some of the most volatile parts of the global hacker collective known as Anonymous.  As a founding member and leader of the group LulzSec, he carried out a series of increasingly political attacks against U.S. government websites and large corporations like Sony Corp. (TYO:6758).

Hector "Sabu" Monsegur, 28, convicted hacker [Image Source: AP]

As the members of LulzSec began to get picked up, many in Anonymous cheered that Sabu still appeared to be active and free.  That joy turned to shock and disgust when it was revealed that Sabu -- a father of two young boys -- allegedly offered to betray his hacker comrades in order to be a free man and be able to take care of his kids.

Residing in New York City, New York, the single father was reportedly first identified by Jennifer "Asherah" Emick, an old-school member of Anonymous who had participated against its operations agains the "Church" of Scientology.

Operating as "Backtrace Security" Asherah and her colleagues frowned on LulzSec's antics, which it felt hurt consumers more than corporations. Operating as "FakeGreggHoush" (named after Gregg Housh, an Anonymous member Asherah accused of harassing her), Asherah (Emick) launched the website Anonymousdown and worked with th3j35t3r ("The Jester"), DustLavaRockSan, b14ck4dd3r, FailSec, awinee, and TeaMp0iSoN  to try to discover the true identies of LulzSec and "dox" them, leading to their arrest.

In March 2011, they "doxed" (revealed the identity of) Sabu in a PDF dubbed "Namshub".

[Image Source: LulzSec]

At the time the release wasn't taken all too seriously, as LulzSec's top members had already seen many inaccurate doxings -- some of which they may have themselves orchestrated in obfuscation attempts.  But this time it was the real deal; Ms. Emick had received leaked LulzSec chat logs from a former Anonymous colleague.  In the logs Sabu accidentally posted a domain he owned which -- with a bit of mutation -- led to a social network where he posted photos of his car.  How that information led to his arrest remained unclear, but what is clear is that the info was more weakly protected that Sabu's LulzSec identity, which actively posted on sites like Twitter.

II. The Fall

While most didn't take the release very seriously, U.S. federal investigators did.

After looking into the info on June 25, 2011 the U.S. Federal Bureau of Investigation (FBI) paid a visit to Mr. Monsegur's house and arrested him.  The arrest happened quietly and for nearly a year he provided intelligence before his identity was exposed by a second arrest in March 2012, when the FBI discovered he had been illicitly talking [PDF] with close colleagues in the Anonymous community about the arrest, even as he publicly assisted the FBI in hunting down the remaining at-large members of LulzSec.

His cooperation led to multiple arrests, so he was allowed to remain free despite his behavior, which was punished with the likely purposeful exposure of his identity by the courts.

Jennifer Amack
After being harassed by members of Anonymous, former member Jennifer Emick had the last laugh, turning Sabu into an informant. [Image Source: Gaelic Podcasts]

Ms. Emick -- who herself was the victim of an apparent doxing effort -- remarked at the time:

Anon made a great idea for a protest group, but a terrible idea for criminal hacking group.  [The media] always seem to have fallen for the forced image Anon wanted people to see: naughty scamps with a conscience.  They ignored a lot of really dark stuff…harassment, endangerment.  The arrests clearly aren’t overand there are many more informants than Sabu…lots.

Indeed, that post appears to have proven prophetic.

Sabu's case finally wrapped up at a Tuesday sentencing hearing at a court in New York City, New York.  In the end the hacker was sentenced to the time he served during his brief 2011 sentence -- 7 months.  That was a pretty lenient sentence, considering the twelve criminal counts of hacking, conspiracy to hack, and fraud that he faced carried a maximum consecutive sentence of 124 years and a maximum total of $2.5M USD in fines.

III. Betrayed by Their Leader

But it came at the cost of more betrayals.

After the FBI relocated him and his foster children following threats which started after his 2012 exposure as an informant, he continued to cooperate with them, stopping hacks against the U.S. military, NASA and media companies.  In total, court documents filed by the FBI on his behalf paint him as a mostly model informant, thwarting 300 cyberattacks against key entities in only three years.

The document also detailed how had Sabu not cooperated, the other LulzSec folks might not have been caught.  Apparently the group had a collective self-destruct on their file systems which would have kicked in had Sabu gone missing and/or been announced arrested.

States the document:

Working sometimes literally around the clock, at the direction of law enforcement, Monsegur engaged his co-conspirators in online chats that were critical to confirming their identities and whereabouts.  During some of the online chats, at the direction of law enforcement, Monsegur convinced LulzSec members to provide him digital evidence of the hacking activities they claimed to have previously engaged in, such as logs regarding particular criminal hacks.
Monsegur admitted to engaging in hacking activities about which the government had not previously developed evidence.

The FBI concluded that the defendant had been "extremely valuable and productive" to law enforcement.

While some of his hacker friends sympathized with him, Anonymous condemned his actions.  Upon hearing of his arrest in 2012 they posted an open letter to several hacked webpages, stating:

Sabu snitched on us. As usually happens FBI menaced him to take his sons away. We understand, but we were your family too (remember what you liked to say?) It’s sad and we can't imagine how it feels having to look at the mirror each morning and see there the guy who shopped their friends to [the] police.

The post seems to indicate Anonymous' mixed feelings about Mr. Monsegur's decision.  They seem to acknowledge that they might have done the same thing.  But at the same time they clearly label him a traitor, saying he should have perhaps put principles above all else.

IV. The Arrested

But many members of Anonymous have since learned the alternative first-hand.  Among those who Sabu's information led to the arrest and conviction of:
  • Ryan "ViraL" Cleary, 22 (Wickford Essex, UK)

    mug shot -- Ryan Cleary 
    Ryan "ViraL" Cleary [Image Source:  Metropolitan Police/PA]
    • Plead guilty
    • Sentenced to 32 months
    • Was found to possess child pornography; received leniency due to his diagnosis of Asperger's syndrome.
    • Released in 2013, on probation
  • Ryan "Kayla" Ackroyd, 27 (Mexborough, South Yorkshire, UK)
    • Plead guilty
    • Former British military
    • Served 30 months in prison
    • Released May 2013
  • Jake "Topiary" Davis, 21 (Lerwick, Shetland, UK) 

    Jake Davis 
    Jake "topiary" Davis [Image Source: Financial Times (left); Michael Mayer (right)]
    • Plead guilty
    • Served 24 months in custody at a juvenile facility
  • Mustafa "T-Flow" Al-Bassam, 19 (Peckham, south London, UK)
    • Plead guilty
    • Suspended sentence of 24 months for 20 months served
    • Also sentenced to 300 hours of community service
    • Had his school career delayed.
  • Kody "recursion" Kretsinger, 26 (Los Angeles, Calif.)
    • Plead guilty
    • Sentenced to one year in prison + home detention
    • Also sentenced to 1,000 hours of community service
  • Raynaldo "neuron" Rivera, 22 (aka "royal" or "wildicv") (Chandler, Ariz.)
    • Plead guilty
    • Sentenced to a year and one day in prison
    • Also sentenced to 13 months of home detention and 1,000 hours of community service
    • Ordered to pay $605,663 in restitution
  • Darren "pwnsauce" Martyn (aka "Networkkitten" or "Raepsauce"), 22 (Cloonbeggin, Claregalway, Co Galway, Ireland) 

    Daren Martyn 
    Darren "pwnsauce" Martyne (L) and Donncha "palladium" O'Cearrbhail (R) [Image Source: Irish Mirror]
  • Donncha "Palladium" O’Cearrbhail, 21 (The Ring, Birr, Co Offaly, Ireland)
    • Received probation under the Probation Act
    • Ordered to pay €5,000 (~$6,820 USD) in restitution for hack of Finn Gael party
    • Is studying medicinal chemistry at Trinity College in Dublin
  • Matthew Keys, 26 (Calif.) 

    Matthew Keys 
    Matthew Keys [Image Source: Getty Images]
    • Former Reuters social media editor
    • Arrested in March 2013, accused of providing Anonymous with access to The Los Angeles Times
    • Plead not guilty in April 2013, is awaiting trial free on bond
    • Claimed FBI interogation was invalid with as it was obtained while he was under the influence of a sleeping pill (Trazodone), according to a court filing
    • Fired in April 2013 over inaccuracies in his Twitter reporting of the Boston bombing.
    • Is currently blogging on his own personal site
    • Is awaiting trial; in March 2014 lost his case to suppress FBI interoggation and logs found in search of his computer
  • Jeremy Hammond, 29 (Chicago, Ill., USA)
    • Founder of
    • Plead guilty in November 2013 to hacking Strategic Forecasting, Inc. (Stratfor) as a member of Antisec
    • Leaked 200 GB of StratFor data, including government emails some say implicates certain parties in wrongdoing.
    • Claims he was entrapped by Sabu
    • Is serving his sentence at FCI Manchester in Manchester, Kentucky, will be released (at the latest) in 2022.
    • Will face 3 years supervised probation after release
    • Judge in the case (same Judge as in Sabu's case) was asked to recuse herself after it was revealed her husband's email was leaked in the StratFor breach.  She declined to recuse herself.
    • Some have criticized the sentence against Mr. Hammond as overly harsh.
Note that other than Mr. Hammond no arrested hacker in the LulzSec, AntiSec, and Anonymous campaigns has been sentenced to more than two years behind bars.  Many, in fact, are now free on probation.  The key exception, of course, is Mr. Hammond.

V. Closure

In court this week Sabu got precisely what Mr. Hammond had not -- judicial mercy.  A petulant Mr. Monsegur remarked at his sentencing hearing:

Over the last three years I’ve gone through a lot of changes and learned a lot of lessons.  I’ve done a lot of soul searching… and I realized I hurt my family the most.  I’m not the same person you saw here three years ago.

The same judge who presided over Mr. Hammond's case -- Judge Loretta A. Preska of the U.S. District Court for the Southern District of New York praised Mr. Monsegur for rehabilitating himself, in her eyes.

She remarked:

The immediacy of Mr. Monsegur’s cooperation and its around-the-clock nature was particularly helpful to the government.  That personal characteristic of turning on a dime to doing good, not evil, is the most important factor in this sentencing.

His family has been subject to threats, assaults, and all manner of danger.  For all these reasons, I find that Monsegur is entitled to a downward departure [a lighter sentence].

The things you did [prior to your arrest] were not so good, [but] you have done as much as any human can do [to make up for those acts] and I salute you for that.

Now a free man thanks to his cooperation, he will have to serve a year of supervised release.  Judge Loretta has yet to rule on compensation for Sony and other corporations that were harmed by his hacking.  If he is order to pay compensation, though, it can be safely expected to be well below the maximum amount of $2.5M USD.

It is unclear what's next for the hacker, who many former colleagues regard as a digital Benedict Arnold.  Hackers such as Adrian Lamo -- who turned in Wikileaker Pfc. Bradley Manning -- have struggled with similar criticism in recent years, but have found ways to continue to contribute in various roles including as media commentators, security experts, and even as government security analysts.

While Sabu may be a marked man for some time, the good news for him is that such sentiments will likely eventually fade, as even Anoynmous seemed to acknowledge at its most bitter that Sabu did what he had to, to look out for his family.  And in the end the outcome was disruptive to Anonymous and LulzSec, but by no means a life sentence, as all but Jeremy Hammond were sentenced to less than two years in prison.

Source: Wired

"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." -- Charlie Miller

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki