Did veteran member of Anonymous and LulzSec play Bendedict Arnold to his band of rogues?

No hacker group ignited controversy or captured the attention of the tech community quite like LulzSec.  Formed in May 2011, the group consisted of veteran hackers from the greater Anonymous collective, which in turn was born out of the image board 4Chan -- a landing spot for millions of internet-enthusiasts.  2011 was truly an incredible year for "pwnie" nominated LulzSec, with high profile hacks on the Japan's Sony Corp. (TYO:6758) and even U.S. government agencies [1][2][3][4] [5][6][7][8] [9][10][11][12] [13][14][15].

I. The End of LulzSec

But the defiant band of rogues began to crumble in late July with the arrest of a 16-year-old alleged LulzSec member (handle:"T-Flow"/"tflow") in South London.  Soon afterwards, 18-year-old Jake Davis (handle: "Topiary"/"atopiary") -- an even more active LulzSec core member -- was reportedly arrested in the small Shetland Islands north-east coast of Scotland.

Jake Davis, aka "Topiary" -- a young veteran of Anonymous and LulzSec --
was among the first of last year's high-profile arrests.
[Image Source: Financial Times (left); Michael Mayer (right)]

Not long after, Darren Martyn (handle: "pwnsauce"/ "raepsauce" / "networkkitten"; location: Ireland), Donncha O'Cearrbhail (handle: "palladium"; location: Ireland); and Jeremy Hammond (handle:"Anarchaos" / "sup_g" / "CredibleThreat" / etc.; location: Chicago, Ill.) all were brought into custody.  "Anarchaos", it should be noted, was a late joiner who led the Anonymous attack on Stratfor, which stole over $700,000 USD from individual victims in the public.

But the highest profile catch yet came this Tuesday, with the reported arrest of Ryan Ackroyd (handle: "Kayla" / "lol" / "lolspoon"; location: London).  Kayla, age 23, was reportedly second in command of the group, contributing key work, such as a vulnerability discovery that allow LulzSec's hack of the U.S. Senate servers.

Those arrests only left one top LulzSec member unmentioned -- its chief, "Sabu".  Well, if reports are correct, 28-year-old Hector Xavier Monsegur -- an unemployed father of two from New York City, New York -- is "Sabu".  And according to an press release by the U.S. Federal Bureau of Investigation, the leader of LulzSec has not only been tracked down by federal agents, but he was responsible for carefully snaring his underlings into federal custody in exchange for leniency.

According to Mr. Monsegur's guilty plea, filed in Southern District of New York federal court, the feds tracked Sabu to a housing project on New York's Lower East Side.

II. From Hacker "God" to "Snitch"

At the time black-hat hackers of all levels were enraptured by Mr. Monsegur alter ego "Sabu" -- a key figure in AnonymousInternet FedsLulzSec, etc.  An unnamed "law enforcement official" interviewed by Fox News recalls, "In half the world he was a god.  If he thought what you did was good, you’d rise up in the [hacker] community—once he blessed you, basically."

Sabu 1
Hacker "messiah" Hector Monsegur, handle "Sabu" was a top leader in Anonymous and beloved.  But he turned in his own, to save his own skin and protect his children.
[Image Source: Fox News]

Wikileak-affiliated New York area hacker recalls, "He's a rockstar.  All the girls, you buy them a drink, but all they want to talk about is Sabu, Sabu, Sabu.... And what really sucks is he really is that good."

It wasn't easy for the FBI to convince this cyberpunk "messiah" to play Benedict Arnold on the underlings who worshipped him.  But in the end the FBI says it was Mr. Monsegur's children who swayed him.

Recalls an official involved in the operation, "He didn't go easy.  It was because of his kids. He didn't want to go away to prison and leave them. That’s how we got him.  He really cares about these kids.  They’re young [and] he is really worried about what will happen."

So he agreed to play mole not for profit, like The Matrix's fictional "Cypher", but for his family's sake.

From there on out, he was all in, in terms of assisting the feds.  

Set to work, Mr. Monsegur spent most of his waking hours at FBI office facility.  He disguised his location by secure routing.  To avoid suspicious he stuck to his old schedule -- online between 8 to 16 hours at night, chatting with his cohorts, receiving information on vulnerabilities, and coordinating attacks.

LulzSec reportedly operated less like an "organization without a leader" and more like a mafia, led by its don, "Sabu".  Unfortunately for the mafioso, their don was secretly snitching on them.
[Image Source: LulzSec]

Except, now he was working for the FBI to both mitigate those attacks and gather incriminating evidence -- and more important "dox" (gain the real world identity) -- his underlings.

In June, not long after his detainment he received word that his minions were in the process of carrying out a successful distributed denial of service attack on the U.S. Central Intelligence Agency.  His new FBI handlers pleaded with him.  Recalls an agent, "We told Sabu to tell them to stop.  'It's embarrassing for the CIA,' we told Sabu, 'Make them stop, now.'"

It was one of the few times the FBI resorted to forcing Sabu to blatantly "404" (cancel) and attack.  Sabu told the members of LulzSec, sternly, "You're knocking over a bee’s nest.  Stop."

And like petulant children, the hackers complied, entrusting the veteran judgment of their fearless leader.  They appeared never to suspect his true motives for calling off the assault.

III. Sabu Proves a Loyal Agent to the Feds

On Aug. 15 Mr. Monsegur entered his guilty plea on ten hacking related criminal charges -- three counts of computer hacking conspiracy, five counts of computer hacking, one count of computer hacking in furtherance of fraud, one count of conspiracy to commit access device fraud, one count of conspiracy to commit bank fraud, and one count of aggravated identity theft.  

The charges could have landed him in prison for 124 years and 6 months.  But his extreme cooperation may earn him a sentence of anywhere from months, to a few years, with closely watched probation.

After his plea Mr. Monsegur turned over his aged laptop with missing left Shift, 'L', and '7' keys.  He also handed over encryption keys, giving the feds access to logged conversations that would help incriminate his cohorts.

Sabu 2
"Sabu" was allowed to stay at home with his children and pet pitbull in exchanging for cooperating with the FBI in sabotaging attacks and snitching on his hacker underlings. [Image Source: Fox News]

As a reward for his loyal cooperation, he was allowed to begin working for home.  He received a special FBI laptop equipped with real-time video monitoring software.  Watched at all times by an on-duty handler, "Sabu" was able to spend time with his children and his white pit bull, which he bought shortly after his arrest.

Back at home, he watched as his lieutenants continued to offer him vulnerabilities, eager to please their hacker king.  The FBI grimly allowed Sabu to carry out attacks based on the information, in order to avoid suspicion.  But the agency says that the hacker was extremely helpful in trying to save the targets from damage, before he green lit operations against them.

For example, in August he learned Anonymous was preparing to attack 70 police agencies that used a Missouri hosting company.  He worked with the serving company to explain and try to mitigate the vulnerabilities his colleagues had discovered.  The ISP was just one out 300 global government agencies and private sector business that Mr. Monsegur, under FBI guidance, secretly helped to protect.

The efforts didn't always work.  In order to protect their star witness, the FBI grimly watched as a handful of "Op Antisec" attacks succeeded with startling results.

IV. Guilty Hacker Helped Mitigate Financial Impact of His Underlings Attacks

Sabu also worked with federal agents to fact checking his subordinates attack claims.  For example, if one of them stated that they hacked Sony, he would verify the exact extent of the damage, as some attacks proved worthless dead ends, from a damage perspective, but could still swing a major corporations stock value by millions of dollars if a non-expert public took the information out of context and panicked.

Hackers didn't seem to realize his true motive in posting this information was not to spread the glory of Anonymous and LulzSec, but rather to mitigate the damage to their victims.  Likewise the FBI allowed him to post carefully engineered comments to Twitter and give carefully worded press interviews.  The interviews were designed to both dupe the media into believe that Sabu was still black hat (to protect his cover) and to lull (pun) his teammates into a false sense of security.

Prison bars
"Sabu" helped provide the FBI with the evidence needed to put over a half-dozen or more of his colleagues behind bars. [Image Source: AP]

In the end the scheme worked -- nearly every single member of LulzSec has been arrested, as well as dozens of members of Anonymous.

V. Why Sabu's Betrayal is No Great Surprise, and What it Means

Back at the start of Aug. 2011, contemplating the possibility that tflow could be a turncoat, I wrote:

The question of how police tracked Mr. Davis to the remote Shetland Islands remains a compelling one, particularly when he had seemingly been doing such a solid job in avoiding being doxed. 
This possibility is interesting, as betrayal from friends is one of the most common ways savvy hackers have been caught in the past.  For all their hard work to obfuscate their true identity, it can all be for naught if a trusted colleague starts to sing as part of a plea deal.

That statement proved fortuitous.

Now as we look back on the crazy story of Sabu, his betrayal, and the fall of LulzSec, we turn to examine what impact this all will have on both Mr. Monsegur, his cohorts, and the hacker communit/Anonymous.

i. Impact on the Reputation of "Sabu"

The FBI is crowing about the victory.  Says one source, "[The international charges] are devastating to [LulzSec].  We're chopping off the head."

For Mr. Monsegur the unsealed testimony and new arrests almost certainly will seal his new status as the world’s most hated hacker in the black hat community.  Comments one source, "You might be a messiah in the hacking community but you’re still a rat."

While some may disavow the developments and cry conspiracy or commiserate with Mr. Monsegur's noble instinct to protect his children, most who buy the story will likely gain a newfound hate for their once-messiah, a hatred as black as their metaphorical hats.  The community does not take kindly to former hackers who cooperate with federal agents to turn in young rogues -- just ask Adrian Lamo, who turned in Wikileaks informant Bradley Manning and for doing so received death threats and the titles of "snitch" and "world's most hated hacker".  

Now Mr. Lamo may pass on the latter distinction to Sabu.  In fact, the community may find a new level of revulsion at the actions of Sabu, given that unlike Mr. Lamo, he did not (at least at first) approach the feds out of his own vindications and heartfelt beliefs -- rather he "snitched" to save his own skin.

ii. Impact on the Arrested

For Mr. Monsegur's cohorts, they will inevitably be held up as martyrs to the "evil" of the U.S. government and global corporations.  Most face 5-10 years in prison, with Kayla potentially facing a longer sentence.

Ultimately other hackers have been in individuals like Mr. Ackeroyd's shoes -- facing spending their late twenties in federal prison after a youthful spree of rebellious hacking.  And invariably, yet more individuals to come will find themselves in this familiar position.  

Judging by past cases, most of these hackers go on to become productive citizens, many of whom end up working as security consultants for the government/businesses, or working as journalists.

The damage done by LulzSec is estimated by the FBI and others to be somewhere in the billions of dollars range.  While they may not admit it, many of these individuals may look back at this dubious distinction with a degree of pride, even as they clean up and go on to more noble pursuits.

iii. Impact on Anonymous

And speaking of pride, there are some powerful lessons to be observed here about Anonymous and the hacker youth movement in general.  First, while attacks of past and present often were fueled to a degree by individuals' political or social vindications, almost always the biggest driver was pride -- a desire for attention and glory.

Anonymous demonstrators
Anonymous claims to have no leaders, yet time and again leaders emerge.
[Image Source: Flickr]

These traits are exemplified in Anonymous's much beloved Wikileaks, a fame and fortune seeking "leaks" site brainchild of ex-Australian college professor Julian Assange who resorted to creative Hollywood editing to make U.S. attacks on armed militants look like the murder of unarmed civilians (see the scandal regarding the unedited "Collateral Murder" video).  

Julian Assange
Julian Assange doctored and manipulated reality for his own fame and glory.  The idealistic members of Anonymous must be careful not to stoop to the same lows. [Getty Images/AFP]

The site's publications -- much of which were exagerrated or doctored -- could well end up costing lives, a prospect that allegedly delights WikiLeaks founder who is quoted by a prestigious British journalist (and supported by several other journalists who were at the meeting) as stating that those who cooperate with U.S. forces in the Middle East are traitors to the their people and "deserve to die" (Assange denies saying this calling the journalists liars).

With Anonymous's favorite "hacktivist" site willing to stoop to blatant lies for fame and profit, one has to wonder whether some members of the idealist collective aren't willing to willing to go just as far.  It all comes down to pride. 

As they say, "Pride cometh before the fall."

And fall they inevitably do.

iv. Idealism Falls Short of Reality With Anonymous

Anonymous was supposed to be different.  It preached to the outside world that its members sought no glory for their actions and were merely part of a pure-hearted collectionist movement to change society via hactivism.

Among the group's more idealistic members this certainly would hold true.  However, many members privately -- within the group's IRC channels, message-boards, and their ilk -- are just as big glory seekers as blacks hats of 80s or 90s.

Likewise, Anonymous claims to be "a group with out a leader".  Again, this is a half-truth, which only holds amongst casual and more idealistic members.  Among the core hackers of the Anonymous movement, there are leaders.  

Again, the group's more idealistic members would argue that these more structured subgroups are not really Anonymous, but at a certain point you're just arguing semantics.  Between Dec. 2010 and May 2011 "Sabu" lead "topiary", "kayla", "pwnsauce", and "palladium" in attacks on government contractor HBGary, Inc., Irish political party Fine Gael, and on News Corp. (NWS) subsidiary Fox, stealing an "X-Factor" contestant database.

At the end of the day, when you look back at this amazing story, it's striking that Anonymous and its splinter group LulzSec under Sabu were not acting as "groups without a leader", but rather were behaving like the loyal subjects of a mafia don.

Members of LulzSec learned the hard way that anonymity is a knowledge-based illusion.
[Image Source: Jason Mick/DailyTech]

The crushing blow of disillusionment is hardened even more by the fact that the one-time don went on to betray his most trusted subjects.  States one FBI agent, "When people in the hacking community realize their God has actually been cooperation with the government, it’ll be sheer terror."

Suddenly, some members of Anonymous may be realizing that they may not be as anonymous as they thought, and that cause still brings effect -- even in the era of digital anonymity.

Sources: FBI, Fox [1], [2]

"My sex life is pretty good" -- Steve Jobs' random musings during the 2010 D8 conference

Most Popular Articles

Copyright 2018 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki