Betrayed by Their Chief: LulzSec Don Helps FBI Take Down his Underlings
March 6, 2012 3:25 PM
comment(s) - last by
Did veteran member of Anonymous and LulzSec play Bendedict Arnold to his band of rogues?
No hacker group ignited controversy or captured the attention of the tech community quite like
. Formed in May 2011, the group consisted of veteran hackers from the greater
collective, which in turn was born out of the image board
-- a landing spot for millions of internet-enthusiasts. 2011 was truly an incredible year for
, with high profile hacks on the Japan's Sony Corp. (TYO:6758) and even U.S. government agencies [
I. The End of
But the defiant band of rogues began to crumble in late July with the
arrest of a 16-year-old alleged
in South London. Soon afterwards, 18-year-old Jake Davis (handle: "Topiary"/"atopiary") -- an even more active
core member -- was
in the small Shetland Islands north-east coast of Scotland.
Jake Davis, aka "Topiary" -- a young veteran of
was among the first of last year's high-profile arrests.
[Image Source: Financial Times (left); Michael Mayer (right)]
Not long after, Darren Martyn (handle: "pwnsauce"/ "raepsauce" / "networkkitten"; location: Ireland), Donncha O'Cearrbhail (handle: "palladium"; location: Ireland); and Jeremy Hammond (handle:"Anarchaos" / "sup_g" / "CredibleThreat" / etc.; location: Chicago, Ill.)
all were brought into custody
. "Anarchaos", it should be noted, was a late joiner who
attack on Stratfor
, which stole over $700,000 USD from individual victims in the public.
But the highest profile catch yet came this Tuesday, with the reported arrest of Ryan Ackroyd (handle: "Kayla" / "lol" / "lolspoon"; location: London). Kayla, age 23, was reportedly second in command of the group, contributing key work, such as a vulnerability discovery that allow
's hack of the U.S. Senate servers.
Those arrests only left one top
member unmentioned -- its chief, "Sabu". Well, if reports are correct, 28-year-old Hector Xavier Monsegur -- an unemployed father of two from New York City, New York -- is "Sabu". And according to an press release by the
U.S. Federal Bureau of Investigation
, the leader of
has not only been tracked down by federal agents, but he was responsible for carefully snaring his underlings into federal custody in exchange for leniency.
According to Mr. Monsegur's guilty plea, filed in
Southern District of New York
federal court, the feds tracked Sabu to a housing project on New York's Lower East Side.
II. From Hacker "God" to "Snitch"
At the time black-hat hackers of all levels were enraptured by Mr. Monsegur alter ego "Sabu" -- a key figure in
, etc. An unnamed "law enforcement official"
by Fox News recalls, "In half the world he was a god. If he thought what you did was good, you’d rise up in the [hacker] community—once he blessed you, basically."
Hacker "messiah" Hector Monsegur, handle "Sabu" was a top leader in
and beloved. But he turned in his own, to save his own skin and protect his children.
[Image Source: Fox News]
affiliated New York area hacker recalls, "He's a rockstar. All the girls, you buy them a drink, but all they want to talk about is Sabu, Sabu, Sabu.... And what really sucks is he really is that good."
It wasn't easy for the FBI to convince this cyberpunk "messiah" to play Benedict Arnold on the underlings who worshipped him. But in the end the FBI says it was Mr. Monsegur's children who swayed him.
Recalls an official involved in the operation, "He didn't go easy. It was because of his kids. He didn't want to go away to prison and leave them. That’s how we got him. He really cares about these kids. They’re young [and] he is really worried about what will happen."
So he agreed to play mole not for profit, like
's fictional "Cypher", but for his family's sake.
From there on out, he was all in, in terms of assisting the feds.
Set to work, Mr. Monsegur spent most of his waking hours at FBI office facility. He disguised his location by secure routing. To avoid suspicious he stuck to his old schedule -- online between 8 to 16 hours at night, chatting with his cohorts, receiving information on vulnerabilities, and coordinating attacks.
LulzSec reportedly operated less like an "organization without a leader" and more like a mafia, led by its don, "Sabu". Unfortunately for the mafioso, their don was secretly snitching on them.
[Image Source: LulzSec]
Except, now he was working for the FBI to both mitigate those attacks and gather incriminating evidence -- and more important "dox" (gain the real world identity) -- his underlings.
In June, not long after his detainment he received word that his minions were in the process of carrying out a
successful distributed denial of service attack
U.S. Central Intelligence Agency
. His new FBI handlers pleaded with him. Recalls an agent, "We told Sabu to tell them to stop. 'It's embarrassing for the CIA,' we told Sabu, 'Make them stop, now.'"
It was one of the few times the FBI resorted to forcing Sabu to blatantly "404" (cancel) and attack. Sabu told the members of
, sternly, "You're knocking over a bee’s nest. Stop."
And like petulant children, the hackers complied, entrusting the veteran judgment of their fearless leader. They appeared never to suspect his true motives for calling off the assault.
III. Sabu Proves a Loyal Agent to the Feds
On Aug. 15 Mr. Monsegur entered his guilty plea on ten hacking related criminal charges -- three counts of computer hacking conspiracy, five counts of computer hacking, one count of computer hacking in furtherance of fraud, one count of conspiracy to commit access device fraud, one count of conspiracy to commit bank fraud, and one count of aggravated identity theft.
The charges could have landed him in prison for 124 years and 6 months. But his extreme cooperation may earn him a sentence of anywhere from months, to a few years, with closely watched probation.
After his plea Mr. Monsegur turned over his aged laptop with missing left Shift, 'L', and '7' keys. He also handed over encryption keys, giving the feds access to logged conversations that would help incriminate his cohorts.
"Sabu" was allowed to stay at home with his children and pet pitbull in exchanging for cooperating with the FBI in sabotaging attacks and snitching on his hacker underlings. [Image Source: Fox News]
As a reward for his loyal cooperation, he was allowed to begin working for home. He received a special FBI laptop equipped with real-time video monitoring software. Watched at all times by an on-duty handler, "Sabu" was able to spend time with his children and his white pit bull, which he bought shortly after his arrest.
Back at home, he watched as his lieutenants continued to offer him vulnerabilities, eager to please their hacker king. The FBI grimly allowed Sabu to carry out attacks based on the information, in order to avoid suspicion. But the agency says that the hacker was extremely helpful in trying to save the targets from damage, before he green lit operations against them.
For example, in August he learned Anonymous was preparing to
attack 70 police agencies
that used a Missouri hosting company. He worked with the serving company to explain and try to mitigate the vulnerabilities his colleagues had discovered. The ISP was just one out 300 global government agencies and private sector business that Mr. Monsegur, under FBI guidance, secretly helped to protect.
The efforts didn't always work. In order to protect their star witness, the FBI grimly watched as a handful of "
" attacks succeeded with startling results.
IV. Guilty Hacker Helped Mitigate Financial Impact of His Underlings Attacks
Sabu also worked with federal agents to fact checking his subordinates attack claims. For example, if one of them stated that they hacked Sony, he would verify the exact extent of the damage, as some attacks proved worthless dead ends, from a damage perspective, but could still swing a major corporations stock value by millions of dollars if a non-expert public took the information out of context and panicked.
Hackers didn't seem to realize his true motive in posting this information was not to spread the glory of
, but rather to mitigate the damage to their victims. Likewise the FBI allowed him to post carefully engineered comments to Twitter and give carefully worded press interviews. The interviews were designed to both dupe the media into believe that Sabu was still black hat (to protect his cover) and to lull (pun) his teammates into a false sense of security.
"Sabu" helped provide the FBI with the evidence needed to put over a half-dozen or more of his colleagues behind bars. [Image Source: AP]
In the end the scheme worked -- nearly every single member of
has been arrested, as well as dozens of members of
V. Why Sabu's Betrayal is No Great Surprise, and What it Means
Back at the start of Aug. 2011, contemplating the possibility that tflow could be a turncoat, I
The question of how police tracked Mr. Davis to the remote Shetland Islands remains a compelling one, particularly when he had seemingly been doing such a solid job in avoiding being doxed.
This possibility is interesting, as
betrayal from friends is one of the most common ways savvy hackers have been caught in the past
. For all their hard work to obfuscate their true identity, it can all be for naught if a trusted colleague starts to sing as part of a plea deal.
That statement proved fortuitous.
Now as we look back on the crazy story of Sabu, his betrayal, and the fall of
, we turn to examine what impact this all will have on both Mr. Monsegur, his cohorts, and the hacker communit/
i. Impact on the Reputation of "Sabu"
The FBI is crowing about the victory. Says one source, "[The international charges] are devastating to [LulzSec]. We're chopping off the head."
For Mr. Monsegur the unsealed testimony and new arrests almost certainly will seal his new status as the world’s most hated hacker in the black hat community. Comments one source, "You might be a messiah in the hacking community but you’re still a rat."
While some may disavow the developments and cry conspiracy or commiserate with Mr. Monsegur's noble instinct to protect his children, most who buy the story will likely gain a newfound hate for their once-messiah, a hatred as black as their metaphorical hats. The community does not take kindly to former hackers who cooperate with federal agents to turn in young rogues -- just ask
informant Bradley Manning
and for doing so
received death threats
and the titles of "snitch" and "world's most hated hacker".
Now Mr. Lamo may pass on the latter distinction to Sabu. In fact, the community may find a new level of revulsion at the actions of Sabu, given that unlike Mr. Lamo, he did not (at least at first) approach the feds out of his own vindications and heartfelt beliefs -- rather he "snitched" to save his own skin.
ii. Impact on the Arrested
For Mr. Monsegur's cohorts, they will inevitably be held up as martyrs to the "evil" of the U.S. government and global corporations. Most face 5-10 years in prison, with Kayla potentially facing a longer sentence.
Ultimately other hackers have been in individuals like Mr. Ackeroyd's shoes -- facing spending their late twenties in federal prison after a youthful spree of rebellious hacking. And invariably, yet more individuals to come will find themselves in this familiar position.
Judging by past cases, most of these hackers go on to become productive citizens, many of whom end up working as security consultants for the government/businesses, or working as journalists.
The damage done by
is estimated by the FBI and others to be somewhere in the billions of dollars range. While they may not admit it, many of these individuals may look back at this dubious distinction with a degree of pride, even as they clean up and go on to more noble pursuits.
iii. Impact on Anonymous
And speaking of pride, there are some powerful lessons to be observed here about
and the hacker youth movement in general. First, while attacks of past and present often were fueled to a degree by individuals' political or social vindications, almost always the biggest driver was pride -- a desire for attention and glory.
Anonymous claims to have no leaders, yet time and again leaders emerge.
[Image Source: Flickr]
These traits are exemplified in
's much beloved
, a fame and fortune seeking "leaks" site brainchild of ex-Australian college professor Julian Assange who resorted to creative Hollywood editing to make U.S. attacks on armed militants
look like the murder of unarmed civilians
regarding the unedited "Collateral Murder" video).
Julian Assange doctored and manipulated reality for his own fame and glory. The idealistic members of
must be careful not to stoop to the same lows. [Getty Images/AFP]
The site's publications -- much of which were exagerrated or doctored -- could well end up
, a prospect that allegedly delights
founder who is quoted by a prestigious British journalist (and supported by several other journalists who were at the meeting) as stating that those who cooperate with U.S. forces in the Middle East are traitors to the their people and "
deserve to die
" (Assange denies saying this
calling the journalists liars
's favorite "hacktivist" site willing to stoop to blatant lies for fame and profit, one has to wonder whether some members of the idealist collective aren't willing to willing to go just as far. It all comes down to pride.
As they say, "Pride cometh before the fall."
And fall they inevitably do.
iv. Idealism Falls Short of Reality With
to be different. It preached to the outside world that its members sought no glory for their actions and were merely part of a pure-hearted collectionist movement to change society via hactivism.
Among the group's more idealistic members this certainly would hold true. However, many members privately -- within the group's IRC channels, message-boards, and their ilk -- are just as big glory seekers as blacks hats of 80s or 90s.
claims to be "a group with out a leader". Again, this is a half-truth, which only holds amongst casual and more idealistic members. Among the core hackers of the
movement, there are leaders.
Again, the group's more idealistic members would argue that these more structured subgroups are not really
, but at a certain point you're just arguing semantics. Between Dec. 2010 and May 2011 "Sabu" lead "topiary", "kayla", "pwnsauce", and "palladium" in attacks on government contractor HBGary, Inc., Irish political party Fine Gael, and on News Corp. (
) subsidiary Fox,
stealing an "X-Factor" contestant database
At the end of the day, when you look back at this amazing story, it's striking that
and its splinter group
under Sabu were not acting as "groups without a leader", but rather were behaving like the loyal subjects of a mafia don.
learned the hard way that anonymity is a knowledge-based illusion.
[Image Source: Jason Mick/DailyTech]
The crushing blow of disillusionment is hardened even more by the fact that the one-time don went on to betray his most trusted subjects. States one FBI agent, "When people in the hacking community realize their God has actually been cooperation with the government, it’ll be sheer terror."
Suddenly, some members of
may be realizing that they may not be as anonymous as they thought, and that cause still brings effect -- even in the era of digital anonymity.
This article is over a month old, voting and posting comments is disabled
RE: Doctoring a video is wrong
3/8/2012 12:31:30 AM
you did an amazing analysis.. thank you.
I still wonder why so many people seem to be blind by patriotism than actually try to read all sides, process the information, and make a real choice based on the information at hand.
Most people I've seen on these politics.. just go on to protect "their team", their "hero", their "candidate" or their "interests".
“So far we have not seen a single Android device that does not infringe on our patents." -- Microsoft General Counsel Brad Smith
Anonymous Hack on Stratfor Produces Over 50,000 Credit Card Numbers
December 28, 2011, 11:36 AM
More Anonymous and LulzSec Folks End up in Prison Awaiting Charges
September 23, 2011, 9:51 AM
Did LulzSec Member Sing on Fellow Chief? New Details on Topiary Emerge
August 1, 2011, 10:00 PM
EDITORIAL: Mystery Abounds in Arrest of Accused LulzSec Member
July 29, 2011, 1:10 AM
"Pwnies" are the Grammies of the Hacker World
July 27, 2011, 4:21 PM
America's Largest Cable Company, Comcast, Sees Internet Subscriptions Pass TV
May 4, 2015, 2:46 PM
Microsoft "Welcomes Developers" to Its New "Edge Browser" (Codename: Spartan)
April 29, 2015, 7:25 PM
Tech's Biggest Loser on Tax Day: eBay Pays Nearly 99 Percent Tax Rate
April 15, 2015, 3:28 PM
Death and Dragons -- Report Claims Game of Thrones Hit by Piracy "Tidal Wave"
April 10, 2015, 8:37 AM
Court Blocks Twitter and YouTube in Turkey After Pro-Communist Attack in Istanbul
April 6, 2015, 10:53 AM
In Graphics and Quotes: $10.4 Billion Charter & Bright House Merger
April 2, 2015, 5:19 PM
Most Popular Articles
Worst Kept Secret -- $35 Million Anonymous Sharing App Startup Shuts Down
April 30, 2015, 7:33 AM
Microsoft "Welcomes Developers" to Its New "Edge Browser" (Codename: Spartan)
April 29, 2015, 7:25 PM
China's Tencent Gets in on the Kardashian Empire w/ $126 Million Glu Investment
April 30, 2015, 8:28 AM
Windows 10 Build 10061: A Quick Review
April 27, 2015, 10:57 AM
Report: Apple Pulls the Plug on Apple Watch Store Launch
April 16, 2015, 3:18 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2015 DailyTech LLC. -
Terms, Conditions & Privacy Information