backtop


Print 52 comment(s) - last by JEEPMON.. on Mar 8 at 11:52 AM

Did veteran member of Anonymous and LulzSec play Bendedict Arnold to his band of rogues?

No hacker group ignited controversy or captured the attention of the tech community quite like LulzSec.  Formed in May 2011, the group consisted of veteran hackers from the greater Anonymous collective, which in turn was born out of the image board 4Chan -- a landing spot for millions of internet-enthusiasts.  2011 was truly an incredible year for "pwnie" nominated LulzSec, with high profile hacks on the Japan's Sony Corp. (TYO:6758) and even U.S. government agencies [1][2][3][4] [5][6][7][8] [9][10][11][12] [13][14][15].

I. The End of LulzSec

But the defiant band of rogues began to crumble in late July with the arrest of a 16-year-old alleged LulzSec member (handle:"T-Flow"/"tflow") in South London.  Soon afterwards, 18-year-old Jake Davis (handle: "Topiary"/"atopiary") -- an even more active LulzSec core member -- was reportedly arrested in the small Shetland Islands north-east coast of Scotland.

Topiary
Jake Davis, aka "Topiary" -- a young veteran of Anonymous and LulzSec --
was among the first of last year's high-profile arrests.
[Image Source: Financial Times (left); Michael Mayer (right)]

Not long after, Darren Martyn (handle: "pwnsauce"/ "raepsauce" / "networkkitten"; location: Ireland), Donncha O'Cearrbhail (handle: "palladium"; location: Ireland); and Jeremy Hammond (handle:"Anarchaos" / "sup_g" / "CredibleThreat" / etc.; location: Chicago, Ill.) all were brought into custody.  "Anarchaos", it should be noted, was a late joiner who led the Anonymous attack on Stratfor, which stole over $700,000 USD from individual victims in the public.

But the highest profile catch yet came this Tuesday, with the reported arrest of Ryan Ackroyd (handle: "Kayla" / "lol" / "lolspoon"; location: London).  Kayla, age 23, was reportedly second in command of the group, contributing key work, such as a vulnerability discovery that allow LulzSec's hack of the U.S. Senate servers.

Those arrests only left one top LulzSec member unmentioned -- its chief, "Sabu".  Well, if reports are correct, 28-year-old Hector Xavier Monsegur -- an unemployed father of two from New York City, New York -- is "Sabu".  And according to an press release by the U.S. Federal Bureau of Investigation, the leader of LulzSec has not only been tracked down by federal agents, but he was responsible for carefully snaring his underlings into federal custody in exchange for leniency.

According to Mr. Monsegur's guilty plea, filed in Southern District of New York federal court, the feds tracked Sabu to a housing project on New York's Lower East Side.

II. From Hacker "God" to "Snitch"

At the time black-hat hackers of all levels were enraptured by Mr. Monsegur alter ego "Sabu" -- a key figure in AnonymousInternet FedsLulzSec, etc.  An unnamed "law enforcement official" interviewed by Fox News recalls, "In half the world he was a god.  If he thought what you did was good, you’d rise up in the [hacker] community—once he blessed you, basically."

Sabu 1
Hacker "messiah" Hector Monsegur, handle "Sabu" was a top leader in Anonymous and beloved.  But he turned in his own, to save his own skin and protect his children.
[Image Source: Fox News]

Wikileak-affiliated New York area hacker recalls, "He's a rockstar.  All the girls, you buy them a drink, but all they want to talk about is Sabu, Sabu, Sabu.... And what really sucks is he really is that good."

It wasn't easy for the FBI to convince this cyberpunk "messiah" to play Benedict Arnold on the underlings who worshipped him.  But in the end the FBI says it was Mr. Monsegur's children who swayed him.

Recalls an official involved in the operation, "He didn't go easy.  It was because of his kids. He didn't want to go away to prison and leave them. That’s how we got him.  He really cares about these kids.  They’re young [and] he is really worried about what will happen."

So he agreed to play mole not for profit, like The Matrix's fictional "Cypher", but for his family's sake.

From there on out, he was all in, in terms of assisting the feds.  

Set to work, Mr. Monsegur spent most of his waking hours at FBI office facility.  He disguised his location by secure routing.  To avoid suspicious he stuck to his old schedule -- online between 8 to 16 hours at night, chatting with his cohorts, receiving information on vulnerabilities, and coordinating attacks.

LulzSec
LulzSec reportedly operated less like an "organization without a leader" and more like a mafia, led by its don, "Sabu".  Unfortunately for the mafioso, their don was secretly snitching on them.
[Image Source: LulzSec]

Except, now he was working for the FBI to both mitigate those attacks and gather incriminating evidence -- and more important "dox" (gain the real world identity) -- his underlings.

In June, not long after his detainment he received word that his minions were in the process of carrying out a successful distributed denial of service attack on the U.S. Central Intelligence Agency.  His new FBI handlers pleaded with him.  Recalls an agent, "We told Sabu to tell them to stop.  'It's embarrassing for the CIA,' we told Sabu, 'Make them stop, now.'"

It was one of the few times the FBI resorted to forcing Sabu to blatantly "404" (cancel) and attack.  Sabu told the members of LulzSec, sternly, "You're knocking over a bee’s nest.  Stop."

And like petulant children, the hackers complied, entrusting the veteran judgment of their fearless leader.  They appeared never to suspect his true motives for calling off the assault.

III. Sabu Proves a Loyal Agent to the Feds

On Aug. 15 Mr. Monsegur entered his guilty plea on ten hacking related criminal charges -- three counts of computer hacking conspiracy, five counts of computer hacking, one count of computer hacking in furtherance of fraud, one count of conspiracy to commit access device fraud, one count of conspiracy to commit bank fraud, and one count of aggravated identity theft.  

The charges could have landed him in prison for 124 years and 6 months.  But his extreme cooperation may earn him a sentence of anywhere from months, to a few years, with closely watched probation.

After his plea Mr. Monsegur turned over his aged laptop with missing left Shift, 'L', and '7' keys.  He also handed over encryption keys, giving the feds access to logged conversations that would help incriminate his cohorts.

Sabu 2
"Sabu" was allowed to stay at home with his children and pet pitbull in exchanging for cooperating with the FBI in sabotaging attacks and snitching on his hacker underlings. [Image Source: Fox News]

As a reward for his loyal cooperation, he was allowed to begin working for home.  He received a special FBI laptop equipped with real-time video monitoring software.  Watched at all times by an on-duty handler, "Sabu" was able to spend time with his children and his white pit bull, which he bought shortly after his arrest.

Back at home, he watched as his lieutenants continued to offer him vulnerabilities, eager to please their hacker king.  The FBI grimly allowed Sabu to carry out attacks based on the information, in order to avoid suspicion.  But the agency says that the hacker was extremely helpful in trying to save the targets from damage, before he green lit operations against them.

For example, in August he learned Anonymous was preparing to attack 70 police agencies that used a Missouri hosting company.  He worked with the serving company to explain and try to mitigate the vulnerabilities his colleagues had discovered.  The ISP was just one out 300 global government agencies and private sector business that Mr. Monsegur, under FBI guidance, secretly helped to protect.

The efforts didn't always work.  In order to protect their star witness, the FBI grimly watched as a handful of "Op Antisec" attacks succeeded with startling results.

IV. Guilty Hacker Helped Mitigate Financial Impact of His Underlings Attacks

Sabu also worked with federal agents to fact checking his subordinates attack claims.  For example, if one of them stated that they hacked Sony, he would verify the exact extent of the damage, as some attacks proved worthless dead ends, from a damage perspective, but could still swing a major corporations stock value by millions of dollars if a non-expert public took the information out of context and panicked.

Hackers didn't seem to realize his true motive in posting this information was not to spread the glory of Anonymous and LulzSec, but rather to mitigate the damage to their victims.  Likewise the FBI allowed him to post carefully engineered comments to Twitter and give carefully worded press interviews.  The interviews were designed to both dupe the media into believe that Sabu was still black hat (to protect his cover) and to lull (pun) his teammates into a false sense of security.

Prison bars
"Sabu" helped provide the FBI with the evidence needed to put over a half-dozen or more of his colleagues behind bars. [Image Source: AP]

In the end the scheme worked -- nearly every single member of LulzSec has been arrested, as well as dozens of members of Anonymous.

V. Why Sabu's Betrayal is No Great Surprise, and What it Means

Back at the start of Aug. 2011, contemplating the possibility that tflow could be a turncoat, I wrote:

The question of how police tracked Mr. Davis to the remote Shetland Islands remains a compelling one, particularly when he had seemingly been doing such a solid job in avoiding being doxed. 
....
This possibility is interesting, as betrayal from friends is one of the most common ways savvy hackers have been caught in the past.  For all their hard work to obfuscate their true identity, it can all be for naught if a trusted colleague starts to sing as part of a plea deal.

That statement proved fortuitous.

Now as we look back on the crazy story of Sabu, his betrayal, and the fall of LulzSec, we turn to examine what impact this all will have on both Mr. Monsegur, his cohorts, and the hacker communit/Anonymous.

i. Impact on the Reputation of "Sabu"

The FBI is crowing about the victory.  Says one source, "[The international charges] are devastating to [LulzSec].  We're chopping off the head."

For Mr. Monsegur the unsealed testimony and new arrests almost certainly will seal his new status as the world’s most hated hacker in the black hat community.  Comments one source, "You might be a messiah in the hacking community but you’re still a rat."

While some may disavow the developments and cry conspiracy or commiserate with Mr. Monsegur's noble instinct to protect his children, most who buy the story will likely gain a newfound hate for their once-messiah, a hatred as black as their metaphorical hats.  The community does not take kindly to former hackers who cooperate with federal agents to turn in young rogues -- just ask Adrian Lamo, who turned in Wikileaks informant Bradley Manning and for doing so received death threats and the titles of "snitch" and "world's most hated hacker".  

Now Mr. Lamo may pass on the latter distinction to Sabu.  In fact, the community may find a new level of revulsion at the actions of Sabu, given that unlike Mr. Lamo, he did not (at least at first) approach the feds out of his own vindications and heartfelt beliefs -- rather he "snitched" to save his own skin.

ii. Impact on the Arrested

For Mr. Monsegur's cohorts, they will inevitably be held up as martyrs to the "evil" of the U.S. government and global corporations.  Most face 5-10 years in prison, with Kayla potentially facing a longer sentence.

Ultimately other hackers have been in individuals like Mr. Ackeroyd's shoes -- facing spending their late twenties in federal prison after a youthful spree of rebellious hacking.  And invariably, yet more individuals to come will find themselves in this familiar position.  

Judging by past cases, most of these hackers go on to become productive citizens, many of whom end up working as security consultants for the government/businesses, or working as journalists.

The damage done by LulzSec is estimated by the FBI and others to be somewhere in the billions of dollars range.  While they may not admit it, many of these individuals may look back at this dubious distinction with a degree of pride, even as they clean up and go on to more noble pursuits.

iii. Impact on Anonymous

And speaking of pride, there are some powerful lessons to be observed here about Anonymous and the hacker youth movement in general.  First, while attacks of past and present often were fueled to a degree by individuals' political or social vindications, almost always the biggest driver was pride -- a desire for attention and glory.

Anonymous demonstrators
Anonymous claims to have no leaders, yet time and again leaders emerge.
[Image Source: Flickr]

These traits are exemplified in Anonymous's much beloved Wikileaks, a fame and fortune seeking "leaks" site brainchild of ex-Australian college professor Julian Assange who resorted to creative Hollywood editing to make U.S. attacks on armed militants look like the murder of unarmed civilians (see the scandal regarding the unedited "Collateral Murder" video).  

Julian Assange
Julian Assange doctored and manipulated reality for his own fame and glory.  The idealistic members of Anonymous must be careful not to stoop to the same lows. [Getty Images/AFP]

The site's publications -- much of which were exagerrated or doctored -- could well end up costing lives, a prospect that allegedly delights WikiLeaks founder who is quoted by a prestigious British journalist (and supported by several other journalists who were at the meeting) as stating that those who cooperate with U.S. forces in the Middle East are traitors to the their people and "deserve to die" (Assange denies saying this calling the journalists liars).

With Anonymous's favorite "hacktivist" site willing to stoop to blatant lies for fame and profit, one has to wonder whether some members of the idealist collective aren't willing to willing to go just as far.  It all comes down to pride. 

As they say, "Pride cometh before the fall."

And fall they inevitably do.

iv. Idealism Falls Short of Reality With Anonymous

Anonymous was supposed to be different.  It preached to the outside world that its members sought no glory for their actions and were merely part of a pure-hearted collectionist movement to change society via hactivism.

Among the group's more idealistic members this certainly would hold true.  However, many members privately -- within the group's IRC channels, message-boards, and their ilk -- are just as big glory seekers as blacks hats of 80s or 90s.

Likewise, Anonymous claims to be "a group with out a leader".  Again, this is a half-truth, which only holds amongst casual and more idealistic members.  Among the core hackers of the Anonymous movement, there are leaders.  

Again, the group's more idealistic members would argue that these more structured subgroups are not really Anonymous, but at a certain point you're just arguing semantics.  Between Dec. 2010 and May 2011 "Sabu" lead "topiary", "kayla", "pwnsauce", and "palladium" in attacks on government contractor HBGary, Inc., Irish political party Fine Gael, and on News Corp. (NWS) subsidiary Fox, stealing an "X-Factor" contestant database.

At the end of the day, when you look back at this amazing story, it's striking that Anonymous and its splinter group LulzSec under Sabu were not acting as "groups without a leader", but rather were behaving like the loyal subjects of a mafia don.

Anonymous
Members of LulzSec learned the hard way that anonymity is a knowledge-based illusion.
[Image Source: Jason Mick/DailyTech]

The crushing blow of disillusionment is hardened even more by the fact that the one-time don went on to betray his most trusted subjects.  States one FBI agent, "When people in the hacking community realize their God has actually been cooperation with the government, it’ll be sheer terror."

Suddenly, some members of Anonymous may be realizing that they may not be as anonymous as they thought, and that cause still brings effect -- even in the era of digital anonymity.

Sources: FBI, Fox [1], [2]



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Doctoring a video is wrong
By EricMartello on 3/7/2012 4:00:20 AM , Rating: -1
quote:
BACKGROUND:
1. Wikileaks has a multi-million dollar budget. Assange estimated the site costs $31M USD a year to run.
2. Most of its hosting comes from volunteers.
3. Wikileaks has less than 10 paid employees.
4. The site has received a great deal of free legal representation.
5. The site does not publish even high level details of its finances!
6. Where is the money going?


Doesn't this remind you of another wiki site? Oh yeah, sounds a lot like wikipedia. I think point #5 should be "low level" details, meaning more specificity. High level detail would be something broad like "admin expenses".

quote:
7. Over 95 percent of the leaks on the site pertain to the U.S., despite most of the admins being non-U.S. residents.


The USA is also the only "super power" currently standing. Anything as controversial as this about the USA will resonate worldwide. If they were talking about some no-name country like Canada then nobody would care.

quote:
8. The U.S. only spends 43 percent of the world's military expenditures.
9. The U.S. has less than a fifth the world's GDP.
10. Statistics show Wikileaks clearly to be targeting the U.S. -- why?


Because what's going on in the USA tends to affect the rest of the world, and Wikileaks wants to hit the largest audience possible with each "leak".

quote:
11. Despite its controversial objectives, the site offers no assurance that it does not accept money from nation states in exchange for engaging in for-profit espionage.


Most wealthy people who would want to fund something like wikileaks would probably not want to be associated with them directly and officially due to the controversial objectives.

quote:
12. Assange has actively opposed other transparency sites.
13. Assange has threatened to sue sites that "steal" and publish his stolen data.


One could argue that he is protecting his sources and it would be justified. As for his data being stolen...that's a matter of perspective. Stolen, obtained - it's all the same.

quote:
Now on to the publication:
COLLATERAL MURDER:

1. The full tape shows militants armed with RPGs and AK-47s.


It shows "what appear to be" objects "shaped like weapons".

quote:
2. At least one of the RPGs spotted was allegedly traced to an attack from a week before that wounded U.S. soldiers.


Was this confirmed from the helicopter or after the fact?

quote:
3. The chopper pilots surveyed the armed insurgents.
4. The soldier opened fire on the armed combatants.
5. A soldier cried "break" during the firefight.


The soldiers opened fire on what they perceived to be someone aiming an RPG at their helicopter. Was it an RPG or a camera zoom lens? That's just something you'll have to decide yourself.

quote:
Wikileaks:
1. Full video in hand, Assange edits out the scenes that show the RPGs and AK-47s and in its press releases and interviews says that the U.S. killed "unarmed combatants".


In none of the scenes were there ever weapons confirmed; they were presumed to be armed by the men on the heli. There actually were photographers there who were unarmed, and they were killed by the US soldiers.

quote:
2. His spliced video made it look like the decision to open fire was a split second one.


Don't tell me you never tried to sensationalize any of your posts here on DT.

quote:
3. He subtitled the soldier's cry "break" to read "prick" as if the soldier was swearing at the people he was attacking.


Does that matter one way or the other? The end result remains unchanged.

quote:
4. Wikileaks initially refused to release the unedited footage.


Maybe they wanted to avoid having it turned into a youtube remix.

quote:
Now with that in mind my questions for anyone who still supports the site:
1. How can you construe this as anything BUT misinformation?


I can construe it as biased information, but it's not misinformation because it is fundamentally true that US soldiers killed unarmed news reporters mistaken as insurgents.

quote:
2. Do you realize Wikileaks profited off this misinformation?


http://www.stopbigmedia.com/chart.php

quote:
3. Do you realize the impact that this work of altered reality had on the U.S.'s reptutation in the Middle East?


The US isn't held in high esteem beyond its own borders and understandably so. Should the US even be in the middle east? I'm with Ron Paul on this one. We shouldn't be getting involved in other countries' affairs.

quote:
4. Do you realize that the medieval mindset of some in the Middle East encourages them to kill if they feel threatened?


Wouldn't you? We have the second amendment for a reason and it's not so we can buy guns and shoot bottles and cans.

quote:
5. Do you thus realize that Wikileaks' clear misinformation will likely lead to deaths and or injuries?


You say "doctored" video, which means he replaced the real footage with something that never happened, i.e. a forgery. That's not the case - he edited the video to sensationalize it...that is a practice used daily by many US news outlets.

The anti-US sentiment in the middle east is largely a result of our constant interference with their countries. Why are we there? Because that's where most of the oil is. It's an active war zone; and while this video may have been a squirt of lighter fluid on the fire, it's hardly the catalyst.


RE: Doctoring a video is wrong
By Ringold on 3/7/2012 8:31:59 AM , Rating: 2
Haha, wow. First of all, if Wikileaks was intended to do good, the most good to be done on the margin would be to expose government abuse where abuse is still endemic, not in a relatively benign land like the US. Instead 95% of its efforts are targeted there. The EU as a bloc also represents something of an economic super-power, even if it has no military capacity worth noting. Russia is still heavily engaged, and China is in just about everyones business, doing all sorts of sketchy things in African countries and municipalities that are probably not sophisticated enough to resist their pressure. Why not shine the light there?

Tbh, your post made me think of Hitler apologists. He's got caught manipulating and what most people would consider lying, what's he gotta do, eat a baby on live TV? And a telephoto lense or an RPG? WTF? Have you ever seen the two? There's quite a massive difference in size and shape, and it also suggests you think the soldier involved would open fire on a journalist, which perhaps really betrays your misguided anti-Americanism?


RE: Doctoring a video is wrong
By EricMartello on 3/7/12, Rating: -1
RE: Doctoring a video is wrong
By Belard on 3/7/2012 9:51:27 AM , Rating: 3
Editing of video / audio to change the facts is wrong, period. When you go to court, they (lawyers / Judges) and to see the whole video. There could be request to see a "cut down" version, as long as it doesn't change he facts.

For example: A video shows John punches Bob in the face, he goes down nose bleeding. See, proof of assault has taken place, John is bad - must go to jail.

But what about the 1-2 minutes before that. John walks in, minding his own business. Bob starts calling John names, pushing him, punching him. Laughing... he takes John's wallet. John gets up, punches Bob in the face, etc.

An edit here and there can change the story.

A good example are the ACORN videos that Andrew Breitbart and James O'Keefe put together that showed their audience what they wanted to see. But NOT what actually happened.

Or the "Proof NAACP Awards Racism" in which he edited the video of Shirley Sherrod speaking about not wanting to help out a white family. Watch the whole UN-EDITED video, Her father was murdered why white supremacist. She thought about it, got over that event and got help to the white family who had nothing to do with her father.

When a person does SUCH things, that is past Expressing an opinion. Its called LYING. Anyone who does such things have no credibility and people who defend such actions are just blind sheep,


By EricMartello on 3/7/2012 8:13:40 PM , Rating: 1
quote:

For example: A video shows John punches Bob in the face, he goes down nose bleeding. See, proof of assault has taken place, John is bad - must go to jail.

But what about the 1-2 minutes before that. John walks in, minding his own business. Bob starts calling John names, pushing him, punching him. Laughing... he takes John's wallet. John gets up, punches Bob in the face, etc.


What if there was no video about the preceding 1-2 minutes and the recording starts where John punches Bob? For example, they were outside of a bar where there are no security cameras, and then came inside where they were on camera?

Does the lack of footage change the facts of the matter?

People need to be wise enough to take anything presented to them as "fact" with a grain of salt. If they really care, they should do their own research...but without actually being there and witnessing the entire event it's hard to definitely say what happened.

Also, as I said before, news outlets (this site included) routinely sensationalize reports to get more people reading/watching. It's misleading and deceptive, but quite commonplace. I don't think anyone can really condemn wikileaks for playing the game the same way it has been played for years.


RE: Doctoring a video is wrong
By Belard on 3/7/2012 4:22:55 PM , Rating: 2
Editing of video / audio to change the facts is wrong, period. When you go to court, they (lawyers / Judges) and to see the whole video. There could be request to see a "cut down" version, as long as it doesn't change he facts.

For example: A video shows John punches Bob in the face, he goes down nose bleeding. See, proof of assault has taken place, John is bad - must go to jail.

But what about the 1-2 minutes before that. John walks in, minding his own business. Bob starts calling John names, pushing him, punching him. Laughing... he takes John's wallet. John gets up, punches Bob in the face, etc.

An edit here and there can change the story.

A good example are the ACORN videos that Andrew Breitbart and James O'Keefe put together that showed their audience what they wanted to see. But NOT what actually happened.

Or the "Proof NAACP Awards Racism" in which he edited the video of Shirley Sherrod speaking about not wanting to help out a white family. Watch the whole UN-EDITED video, Her father was murdered why white supremacist. She thought about it, got over that event and got help to the white family who had nothing to do with her father.

When a person does SUCH things, that is past Expressing an opinion. Its called LYING. Anyone who does such things have no credibility and people who defend such actions are just blind sheep,


RE: Doctoring a video is wrong
By tamalero on 3/8/2012 12:31:30 AM , Rating: 2
you did an amazing analysis.. thank you.

I still wonder why so many people seem to be blind by patriotism than actually try to read all sides, process the information, and make a real choice based on the information at hand.
Most people I've seen on these politics.. just go on to protect "their team", their "hero", their "candidate" or their "interests".


"Nowadays you can buy a CPU cheaper than the CPU fan." -- Unnamed AMD executive














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki