“13 alleged hackers indicted in attacks on sites unkind to file sharing, WikiLeaks”

October 3, 2013

The Washington Post on October 3, 2013 released the following:

By Matt Zapotosky

“Federal prosecutors have charged 13 alleged members of the hacking group Anonymous in connection with cyberattacks that the collective launched in 2010 against ­anti-piracy groups and financial institutions unwilling to process donations to WikiLeaks.

The indictment returned Thursday in U.S. District Court in Alexandria charges the 13 men with conspiring to intentionally cause damage to protected computers. Prosecutors accused the men of participating in a series of cyberattacks that briefly disrupted Mastercard’s and Visa’s Web sites and also targeted the Web sites of anti-piracy groups across the world.

Detailed in 28 pages, the charges are the latest in the Justice Department’s effort to root out cybercrime by prosecuting hackers across the country — especially those affiliated with Anonymous. Last year, federal prosecutors charged five alleged Anonymous members who they say stole confidential information from U.S. companies and temporarily shut down government Web sites. This year, prosecutors charged a journalist who they say worked with the group to modify a story on the Los Angeles Times’ Web site.

Anonymous is a loosely knit group with no clear leaders that is generally interested in promoting a more freewheeling Internet. Those indicted Thursday range in age from 21 to 65 and are spread across the country, including one man from the D.C. area.

The allegations in this case stem from a series of cyberattacks that began in September 2010, when members of Anonymous decided to retaliate for the shuttering of Pirate Bay, a popular Sweden-based file-sharing site, according to the indictment. Dubbed “Operation Payback” by those who participated in it, the attacks drew national and international attention as the hackers briefly disrupted the Web sites for Mastercard and Visa because they had stopped processing payments to WikiLeaks.

The effort was not overly sophisticated, but it was effective. The group posted messages on online bulletin boards urging supporters to install a program called a Low Orbit Ion Cannon and then, at a specified time, unleash the program on a particular Web site’s IP address, according to the indictment. That sends an overwhelming amount of Internet traffic to the targeted site and possibly disrupts or shuts it down, according to the indictment. The technique is referred to as a Distributed Denial of Service, or DDoS, attack.

For months, according to the indictment, the hackers, who see some copyright laws as unjust, targeted the Web sites of companies and people they thought were opposed to file sharing. They attacked the sites of those that have been the faces of anti-piracy in the United States — the Recording Industry Association of America and the Motion Picture Association of America — and the sites of their equivalents worldwide. They attacked the sites of law firms helping in anti-piracy cases. They attacked the site of the U.S. Copyright Office. They even attacked the site of rocker Gene Simmons, who has spoken out against music piracy.

Gregg Housh, an Internet activist and former Anonymous member who still watches the group’s activity, said the attacks started as a protest of anti-piracy efforts but evolved as those involved learned of major companies’ refusal to process WikiLeaks donations. He said the recent indictment was unlikely to deter Anonymous hackers, but instead would “fire up the base, a lot.”

“I think it’s just going to turn into a rally of support, not people being scared,” Housh said, “and that’s exactly what they don’t want.”

Housh defended Operation Payback — of which he said he had no part — as an effort to re-create a traditional protest online. He noted that customers’ abilities to use their credit cards were not affected; only the credit card companies’ Web sites were shut down.

“Something has to be done to come up with a way to protest online that everyone doesn’t end up getting thrown in jail,” he said.

Prosecutors identified those charged as Dennis Owen Collins, 52, of Toledo; Jeremy Leroy Heller, 23, of Takoma Park; Zhiwei Chen, 21, of Atlanta; Joshua S. Phy, 27, of Gloucester, N.J.; Ryan Russell Gubele, 27, of Seattle; Robert Audubon Whitfield, 27, of Georgetown, Tex.; Anthony Tadros, 22, of Storrs Mansfield, Conn.; Geoffrey Kenneth Commander, 65, of Hancock, N.H.; Phillip Garrett Simpson, 28, of Tucson; Austen L. Stamm, 26, of Beloit, Kan.; Timothy Robert McClain, 26, of Clemson, S.C.; Wade Carl Williams, 27, of Missoula, Mont.; and Thomas J. Bell, 28, of Rockland, Mass.”

US v Collins Case No 1-13-cr-00383-LO

————————————————————–

Douglas McNabb – McNabb Associates, P.C.’s
Federal Criminal Defense Attorneys Videos:

Federal Crimes – Be Careful

Federal Crimes – Be Proactive

Federal Crimes – Federal Indictment

Federal Crimes – Detention Hearing

————————————————————–

To find additional federal criminal news, please read Federal Criminal Defense Daily.

Douglas McNabb and other members of the U.S. law firm practice and write and/or report extensively on matters involving Federal Criminal Defense, INTERPOL Red Notice Removal, International Extradition Defense, OFAC SDN Sanctions Removal, International Criminal Court Defense, and US Seizure of Non-Resident, Foreign-Owned Assets. Because we have experience dealing with INTERPOL, our firm understands the inter-relationship that INTERPOL’s “Red Notice” brings to this equation.

The author of this blog is Douglas C. McNabb. Please feel free to contact him directly at mcnabb@mcnabbassociates.com or at one of the offices listed above.


Second accused LulzSec hacker arrested in Sony Pictures breach

August 29, 2012

Chicago Tribune on August 28, 2012 released the following:

“Steve Gorman
Reuters

LOS ANGELES (Reuters) – A second suspected member of the clandestine hacking group LulzSec was arrested on Tuesday on charges he took part in an extensive computer breach of Sony Pictures Entertainment, the FBI said.

Raynaldo Rivera, 20, of Tempe, Arizona, surrendered to U.S. authorities in Phoenix six days after a federal grand jury in Los Angeles returned an indictment charging him with conspiracy and unauthorized impairment of a protected computer.

If convicted, Rivera faces up to 15 years in prison.

The indictment, unsealed on Tuesday, accuses Rivera and co-conspirators of stealing information from Sony Corp’s Sony Pictures’ computer systems in May and June 2011 using an “SQL injection” attack against the studio’s website, a technique commonly employed by hackers.

The indictment said Rivera then helped to post the confidential information onto LulzSec’s website and announced the intrusion via the hacking group’s Twitter account.

While Rivera was the only person named in the indictment, the FBI said his co-conspirators included Cody Kretsinger, 24, a confessed LulzSec member who pleaded guilty in April to federal charges stemming from his role in the Sony attack.

Following the breach, LulzSec published the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony, and publicly boasted of its exploits.

“From a single injection we accessed EVERYTHING,” the hackers said in a statement at the time. “Why do you put such faith in a company that allows itself to become open to these simple attacks?”

Authorities have said the Sony breach ultimately cost the company more than $600,000.

LulzSec, an underground group also known as Lulz Security, is an offshoot of the international hacking collective Anonymous and has taken credit for such cyber incursions on a number of government and private sector websites.

The latest indictment says Rivera, who went by the online nicknames of “neuron,” “royal” and “wildicv,” is suspected of using a proxy server in a bid to conceal his Internet Protocol, or IP, address, and avoid detection.

Court documents revealed in March that an Anonymous leader known as Sabu, whose real name is Hector Monsegur, had pleaded guilty to hacking-related charges and provided information on his cohorts to the FBI.

That same month, five other suspected leaders of Anonymous, all them alleged to be LulzSec members as well, were charged by federal authorities with computer hacking and other offenses.

An accused British hacker, Ryan Cleary, 20, was indicted by a federal grand jury in June on charges related to LulzSec attacks on several media companies, including Sony Pictures.

Kretsinger, who pleaded guilty to the same two charges now facing Rivera, is slated to be sentenced on October 25. A federal prosecutor said he would likely receive substantially less than the 15-year maximum prison term carried by those offenses.

Anonymous and its offshoots focused initially on fighting attempts at Internet regulation and the blocking of free illegal downloads but have since taken aim at the Church of Scientology, global banking and other targets.

Anonymous, and LulzSec in particular, became notorious in late 2010 when they launched what they called the “first cyber war” in retaliation for attempts to shut down Wikileaks.”

————————————————————–

Douglas McNabb – McNabb Associates, P.C.’s
Federal Criminal Defense Attorneys Videos:

Federal Crimes – Be Careful

Federal Crimes – Be Proactive

Federal Crimes – Federal Indictment

Federal Crimes – Detention Hearing

————————————————————–

To find additional federal criminal news, please read Federal Criminal Defense Daily.

Douglas McNabb and other members of the U.S. law firm practice and write and/or report extensively on matters involving Federal Criminal Defense, INTERPOL Red Notice Removal, International Extradition Defense, OFAC SDN Sanctions Removal, International Criminal Court Defense, and US Seizure of Non-Resident, Foreign-Owned Assets. Because we have experience dealing with INTERPOL, our firm understands the inter-relationship that INTERPOL’s “Red Notice” brings to this equation.

The author of this blog is Douglas C. McNabb. Please feel free to contact him directly at mcnabb@mcnabbassociates.com or at one of the offices listed above.


Three Charged with Allegedly Making Threats Against University of Pittsburgh

August 16, 2012

The Federal Bureau of Investigation (FBI) on August 15, 2012 released the following:

“PITTSBURGH— A federal grand jury in the Western District of Pennsylvania today returned two indictments charging a resident of Dublin, Ireland, with a series of crimes related to e-mailed threats targeting the University of Pittsburgh, three federal courthouses, and a federal officer. A third indictment charges two Ohio men for additional online threats against the university, announced U.S. Attorney David J. Hickton.

A 35-count indictment named Adam Stuart Busby, 64, of Dublin, as the sole defendant. According to the indictment, from March 30, 2012 until April 21, 2012, Busby sent more than 40 e-mails targeting the University of Pittsburgh campus. The e-mailed bomb threats resulted in more than 100 evacuations at the University of Pittsburgh, greatly disrupting the university community. The indictment charges Busby with 17 counts of wire fraud, 16 counts of maliciously conveying false information in the form of bomb threats, and two counts of international extortion.

A separate but related four-count indictment alleges that on June 20 and 21, 2012, Busby maliciously conveyed false information through the Internet claiming bombs had been placed at U.S. courthouses located in Pittsburgh, Erie, and Johnstown, Pennsylvania. In addition, Busby is charged with threatening David J. Hickton, a federal officer, while he was engaged in the performance of his official duties.

A one-count indictment named Alexander Waterland, 24, of Loveland, Ohio; and Brett Hudson, 26, of Hillsboro, Ohio, as defendants. According to the indictment, between April 25, 2012 and May 23, 2012, Waterland and Hudson engaged in a conspiracy targeting the University of Pittsburgh with interstate threats claiming they were associates of the computer hacking group Anonymous. The threats—posted on YouTube by a user calling himself “AnonOperative13,” sent via e-mail, and publicized via Twitter—attempted to extort the chancellor of the university into placing an apology on the university’s website. The threats claimed that if the chancellor did not comply with their demands, confidential information stored on the computer servers of the University of Pittsburgh would be released.

The maximum penalty for wire fraud is 20 years in prison. The maximum penalty for maliciously conveying false information is 10 years in prison. The maximum penalty for extortionate threats is two years in prison. Because all counts charged are felonies, the maximum fine on each count is $250,000. The law provides for a maximum sentence of five years in prison, a fine of $250,000, or both for Waterland and Hudson. Under the federal sentencing guidelines, the actual sentence imposed would be based upon the seriousness of the offenses and the prior criminal history, if any, of the defendants.

Assistant U.S. Attorney James T. Kitchen is prosecuting these cases on behalf of the government.

The FBI, the Western Pennsylvania Joint Terrorism Task Force, and the University of Pittsburgh Police Department conducted the investigation leading to the indictment in these cases.

An indictment is an accusation. A defendant is presumed innocent unless and until proven guilty.”

————————————————————–

Douglas McNabb – McNabb Associates, P.C.’s
Federal Criminal Defense Attorneys Videos:

Federal Crimes – Be Careful

Federal Crimes – Be Proactive

Federal Crimes – Federal Indictment

Federal Crimes – Detention Hearing

Federal Mail Fraud Crimes

————————————————————–

To find additional federal criminal news, please read Federal Criminal Defense Daily.

Douglas McNabb and other members of the U.S. law firm practice and write and/or report extensively on matters involving Federal Criminal Defense, INTERPOL Red Notice Removal, International Extradition Defense, OFAC SDN Sanctions Removal, International Criminal Court Defense, and US Seizure of Non-Resident, Foreign-Owned Assets. Because we have experience dealing with INTERPOL, our firm understands the inter-relationship that INTERPOL’s “Red Notice” brings to this equation.

The author of this blog is Douglas C. McNabb. Please feel free to contact him directly at mcnabb@mcnabbassociates.com or at one of the offices listed above.


Briton Accused of Hacking Fox, PBS Websites

June 14, 2012

ABC News on June 14, 2012 released the following:

“By SHAYA TAYEFE MOHAJER Associated Press

A 20-year-old Briton suspected of links to the hacking group Lulz Security is accused of cracking into websites for a Fox reality TV show, a venerable news show and other sites to deface them or steal personal information, federal prosecutors said Wednesday.

A federal grand jury indicted Ryan Cleary on conspiracy and hacking charges for allegedly hacking sites for the talent competition “The X-Factor,” the site for “PBS NewsHour,” Sony Pictures and others.

The indictment filed Tuesday alleges Cleary and his co-conspirators would identify security vulnerabilities in companies’ computer systems and use them to gain unauthorized access and, often, cause mayhem.

In a separate and similar case filed against Cleary in the United Kingdom in 2011, he faces allegations that he and others hacked a law enforcement agency, the Serious Organized Crime Agency, and various British music sites — all while he was still a teenager.

Cleary was taken into custody in March and remains in custody in the United Kingdom, said Laura Eimiller, FBI spokeswoman.

In one instance, the U.S. indictment alleges, Cleary conspired to steal the confidential information of people who registered to get information on auditions for the Fox talent competition “The X-Factor.”

That hack was the first to be claimed by LulzSec, an offshoot of the larger hacking group Anonymous, in tweets about its international hacking spree that began in May 2011.

Later that month, LulzSec claimed to have hacked the website of the Public Broadcasting Service, where a phony news story was posted claiming the dead rapper Tupac Shakur was alive and living in New Zealand.

The post caused a stir on the site for “PBS NewsHour,” an award-winning broadcast news show, and came after the network aired a documentary on WikiLeaks founder Julian Assange that was deemed critical. PBS’ ombudsman at the time defended the program’s treatment of Assange as “tough but proper.”

The indictment also alleges LulzSec and Cleary hacked into the computer systems of Sony Pictures Entertainment Inc. in June 2011 to steal confidential information of users who had registered on the company’s website.

Cleary faces a maximum of 25 years if convicted on all charges.

Calls and emails to Fox, Sony and “The NewsHour” seeking comment and confirmation were not immediately returned Wednesday.

An after-hours call to Cleary’s legal representative in London was not returned. It was not immediately clear who would represent him in the United States.

LulzSec also has claimed responsibility for hacking incidents not listed in Cleary’s indictment, including hacking the CIA’s public-facing website and the Atlanta chapter of an FBI partner organization called InfraGard.”

————————————————————–

Douglas McNabb – McNabb Associates, P.C.’s
Federal Criminal Defense Attorneys Videos:

Federal Crimes – Be Careful

Federal Crimes – Be Proactive

Federal Crimes – Federal Indictment

Federal Crimes – Detention Hearing

————————————————————–

To find additional federal criminal news, please read Federal Criminal Defense Daily.

Douglas McNabb and other members of the U.S. law firm practice and write and/or report extensively on matters involving Federal Criminal Defense, INTERPOL Red Notice Removal, International Extradition Defense, OFAC SDN Sanctions Removal, International Criminal Court Defense, and US Seizure of Non-Resident, Foreign-Owned Assets. Because we have experience dealing with INTERPOL, our firm understands the inter-relationship that INTERPOL’s “Red Notice” brings to this equation.

The author of this blog is Douglas C. McNabb. Please feel free to contact him directly at mcnabb@mcnabbassociates.com or at one of the offices listed above.


‘LulzSec Reborn’ claims attack on military dating site

March 28, 2012

The Washington Post on March 28, 2012 released the following:

“By Hayley Tsukayama

Last summer, the Anonymous offshoot known as LulzSec announced it was retiring after 50 days of hacktivist attacks on targets ranging from Sony to the Central Intelligence Agency.

Now, following the arrests of some of the group’s most prominent members, a group of hackers has taken up the LulzSec banner and vowed to begin attacking sites under the name “LulzSec Reborn.”

The group’s first target was a dating site called militarysingles.com, which caters to members of the armed forces. The hacking group claims to have stolen 170,000 records from the Web site Sunday, subsequently posting users’ personal information online.

A representative from the Web site did not respond to a request for comment. But the CEO of the parent company told the Los Angeles Times that the company has put measures in place to secure its data. The executive, Robert Goebel, said the Web site had been down over the weekend and that he does not believe the site was actually hacked.

“Regardless of whether it was a true claim or false claim, we’re treating it as though it’s true just to be safe,” Goebel told the paper.

The hack may not be confirmed, but in a tweet on what appears to be the group’s Twitter feed, the hackers posted a link to a defaced Web page under the militarysingles.com domain name that references the group by name.

Several members of LulzSec and Anonymous who made a splash with attacks last year have been arrested in the United States and in Europe, as investigators move to crack down on the loosely organized hacking collective.

Far from discouraging the hackers, the arrests have prompted a new surge of attacks with targets ranging from the Pope to a Spanish security firm that reportedly worked with the Federal Bureau of Investigation to arrest the leaders of LulzSec.”

————————————————————–

Douglas McNabb – McNabb Associates, P.C.’s
Federal Criminal Defense Attorneys Videos:

Federal Crimes – Be Careful

Federal Crimes – Be Proactive

Federal Crimes – Federal Indictment

————————————————————–

To find additional federal criminal news, please read Federal Crimes Watch Daily.

Douglas McNabb and other members of the U.S. law firm practice and write and/or report extensively on matters involving Federal Criminal Defense, INTERPOL Red Notice Removal, International Extradition and OFAC SDN Sanctions Removal.

The author of this blog is Douglas C. McNabb. Please feel free to contact him directly at mcnabb@mcnabbassociates.com or at one of the offices listed above.


FBI Top Cyber Cop: U.S. Outgunned in Hacker War

March 28, 2012

The Wall Street Journal on March 27, 2012 released the following:

“U.S. Outgunned in Hacker War

By DEVLIN BARRETT

WASHINGTON—The Federal Bureau of Investigation’s top cyber cop offered a grim appraisal of the nation’s efforts to keep computer hackers from plundering corporate data networks: “We’re not winning,” he said.

Shawn Henry, who is preparing to leave the FBI after more than two decades with the bureau, said in an interview that the current public and private approach to fending off hackers is “unsustainable.” Computer criminals are simply too talented and defensive measures too weak to stop them, he said.

His comments weren’t directed at specific legislation but came as Congress considers two competing measures designed to buttress the networks for critical U.S. infrastructure, such as electrical-power plants and nuclear reactors. Though few cybersecurity experts disagree on the need for security improvements, business advocates have argued that the new regulations called for in one of the bills aren’t likely to better protect computer networks.

Mr. Henry, who is leaving government to take a cybersecurity job with an undisclosed firm in Washington, said companies need to make major changes in the way they use computer networks to avoid further damage to national security and the economy. Too many companies, from major multinationals to small start-ups, fail to recognize the financial and legal risks they are taking—or the costs they may have already suffered unknowingly—by operating vulnerable networks, he said.

“I don’t see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it’s an unsustainable model. Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security,” Mr. Henry said.

James A. Lewis, a senior fellow on cybersecurity at the Center for Strategic and International Studies, said that as gloomy as Mr. Henry’s assessment may sound, “I am actually a little bit gloomier. I think we’ve lost the opening battle [with hackers].” Mr. Lewis said he didn’t believe there was a single secure, unclassified computer network in the U.S.

“There’s a kind of willful desire not to admit how bad things are, both in government and certainly in the private sector, so I could see how [Mr. Henry] would be frustrated,” he added.

High-profile hacking victims have included Sony Corp., SNE +2.05% which said last year that hackers had accessed personal information on 24.6 million customers on one of its online game services as part of a broader attack on the company that compromised data on more than 100 million accounts. Nasdaq OMX Group Inc., NDAQ -0.04% which operates the Nasdaq Stock Market, also acknowledged last year that hackers had breached a part of its network called Directors Desk, a service for company boards to communicate and share documents. HBGary Federal, a cybersecurity firm, was infiltrated by the hacking collective called Anonymous, which stole tens of thousands of internal emails from the company.

Mr. Henry has played a key role in expanding the FBI’s cybersecurity capabilities. In 2002, when the FBI reorganized to put more of its resources toward protecting computer networks, it handled nearly 1,500 hacking cases. Eight years later, that caseload had grown to more than 2,500.

Mr. Henry said FBI agents are increasingly coming across data stolen from companies whose executives had no idea their systems had been accessed.

“We have found their data in the middle of other investigations,” he said. “They are shocked and, in many cases, they’ve been breached for many months, in some cases years, which means that an adversary had full visibility into everything occurring on that network, potentially.”

Mr. Henry said that while many company executives recognize the severity of the problem, many others do not, and that has frustrated him. But even when companies build up their defenses, their systems are still penetrated, he said. “We’ve been playing defense for a long time. …You can only build a fence so high, and what we’ve found is that the offense outpaces the defense, and the offense is better than the defense,” he said.

Testimony Monday before a government commission assessing Chinese computer capabilities underscored the dangers. Richard Bejtlich, chief security officer at Mandiant, a computer-security company, said that in cases handled by his firm where intrusions were traced back to Chinese hackers, 94% of the targeted companies didn’t realize they had been breached until someone else told them. The median number of days between the start of an intrusion and its detection was 416, or more than a year, he added.

In one such incident in 2010, a group of Chinese hackers breached the computer defenses of the U.S. Chamber of Commerce, a major business lobbying group, and gained access to everything stored on its systems, including information about its three million members, according to several people familiar with the matter.

In the congressional debate over cybersecurity legislation, the Chamber of Commerce has argued for a voluntary, non-regulatory approach to cybersecurity that would encourage more cooperation and information-sharing between government and business.

Matthew Eggers, a senior director at the Chamber, said the group “is urging policy makers to change the ‘status quo’ by rallying our efforts around a targeted and effective information-sharing bill that would get the support of multiple stakeholders and come equipped with ample protections for the business community.”

The FBI’s Mr. Henry said there are some things companies need to change to create more secure computer networks. He said their most valuable data should be kept off the network altogether. He cited the recent case of a hack on an unidentified company in which he said 10 years worth of research and development, valued at more than $1 billion, was stolen by hackers.

He added that companies need to do more than just react to intrusions. “In many cases, the skills of the adversaries are so substantial that they just leap right over the fence, and you don’t ever hear an alarm go off,” he said. Companies “need to be hunting inside the perimeter of their network,” he added.

Companies also need to get their entire leadership, from the chief executive to the general counsel to the chief financial officer, involved in developing a cybersecurity strategy, Mr. Henry said. “If leadership doesn’t say, ‘This is important, let’s sit down and come up with a plan right now in our organization; let’s have a strategy,’ then it’s never going to happen, and that is a frustrating thing for me,” he said.”

————————————————————–

Douglas McNabb – McNabb Associates, P.C.’s
Federal Criminal Defense Attorneys Videos:

Federal Crimes – Be Careful

Federal Crimes – Be Proactive

Federal Crimes – Federal Indictment

————————————————————–

To find additional federal criminal news, please read Federal Crimes Watch Daily.

Douglas McNabb and other members of the U.S. law firm practice and write and/or report extensively on matters involving Federal Criminal Defense, INTERPOL Red Notice Removal, International Extradition and OFAC SDN Sanctions Removal.

The author of this blog is Douglas C. McNabb. Please feel free to contact him directly at mcnabb@mcnabbassociates.com or at one of the offices listed above.


FBI’s ‘Sabu’ Hacker Was a Model Informant

March 9, 2012

The Wall Street Journal on March 8, 2012 released the following:

“By CHAD BRAY

As soon as he was caught, an influential computer hacker agreed to become a government informant and “literally worked around the clock” to help federal agents nab an elusive collective of alleged cyber criminals who have launched online attacks against companies, governments and individuals.

The new details, revealed in court documents made public on Thursday, show how quickly investigators were able to turn 28-year-old Hector Xavier Monsegur against his fellow alleged hackers.

Known as “Sabu” in hacking circles, he was placed under supervision by Federal Bureau of Investigation agents shortly after he was arrested at 10:15 p.m. on June 7 last year. His file was sealed by a judge.

“Since literally the day he was arrested, the defendant has been cooperating with the government proactively,” sometimes staying up all night engaging in conversations with co-conspirators to help the government build cases against them, Assistant U.S. Attorney James Pastore said at a secret bail hearing on Aug. 5, 2011, according to a transcript released on Thursday.

The investigation led to the unveiling of criminal charges on Tuesday against a group of men allegedly behind Lulz Security, or LulzSec. The group, formed last May, claimed responsibility for a series of brazen online attacks including hacking computer servers of television network PBS in retaliation for a “Frontline” episode about WikiLeaks, and stealing personal information from about 100,000 customers of hacked Sony Pictures.

In addition to the Sony and PBS attacks, LulzSec has claimed responsibility for attacks on the U.S. Senate and InfraGard, an affiliate of the Atlanta chapter of the FBI. Those attacks were all cited in Tuesday’s charging documents.

Mr. Monsegur, a few days after his bail hearing in August, pleaded guilty to 12 criminal charges, including three counts of conspiracy to engage in computer hacking, computer hacking in furtherance of fraud, conspiracy to commit access device fraud, conspiracy to commit bank fraud and aggravated identity theft. He faces up to 124 years in prison. A lawyer for Mr. Monsegur declined to comment Thursday.

On Aug. 10, 2011, a federal prosecutor in Los Angeles who was working on the case asked that details for charges against Mr. Monsegur in Los Angeles remain secret. In a document, Assistant U.S. Attorney Stephanie S. Christensen said other hackers were aware of Mr. Monsegur’s true identity, even though he often used a nickname or online personality while communicating with them. She said if news of his arrest were made public, he might be identified as a cooperator. She noted that the hackers monitored public court dockets.

“The FBI has informed me that the hackers are known to take steps against those who cooperate with the government,” Ms. Christensen said. She pointed to a practice known as “Doxing” where hackers post personal details about a person for public consumption online. “The publicly available information may then be used to harass the cooperator and the cooperator’s family in a variety of ways,” she said. “This obviously creates danger for the cooperator, the cooperator’s family, and law enforcement.”

Prosecutors, who said Mr. Monsegur was kept under close surveillance during the investigation—with software installed on his computer to track his online activity and video surveillance set up in his home—also said that Mr. Monsegur agreed to cooperate at “a significant amount of personal risk” to himself. Mr. Monsegur, who was unemployed at the time, is a foster parent to two nieces.

Some hackers retaliate against cooperators by ordering hundreds of pizzas to their house or calling in hostage situations and having a SWAT team show up, Mr. Pastore said.

During the investigation, Mr. Monsegur, who lived in and worked from a public-housing project in New York City, received information on a day-to-day basis of “upwards of two dozen vulnerabilities” in computer systems from a network of cybercriminals, Mr. Pastore said in court documents released Thursday. The FBI was able to identify more than 150 security vulnerabilities at the time, allowing companies to prevent a hack before it occurred or mitigate harm from prior hacking activity, he said.

Ultimately, federal agents were able to thwart more than 300 attacks that other hackers were planning as a result of information provided by Mr. Monsegur, according to a person familiar with the matter.

LulzSec is one of several shadowy hacker groups that have sprung to global prominence over the past year and are loosely organized, often with no central leadership. Mr. Monsegur is described in charging documents as an “influential” member of three such hacking organizations—LulzSec and two others known as Anonymous and Internet Feds. Charges against a total of six men were announced on Tuesday, after which Mr. Monsegur’s identity was revealed.”

————————————————————–

Douglas McNabb – McNabb Associates, P.C.’s
Federal Criminal Defense Attorneys Videos:

Federal Crimes – Be Careful

Federal Crimes – Be Proactive

Federal Crimes – Federal Indictment

Federal Crimes – Detention Hearing

————————————————————–

To find additional federal criminal news, please read Federal Crimes Watch Daily.

Douglas McNabb and other members of the U.S. law firm practice and write and/or report extensively on matters involving Federal Criminal Defense, INTERPOL Red Notice Removal, International Extradition and OFAC SDN Sanctions Removal.

The author of this blog is Douglas McNabb. Please feel free to contact him directly at mcnabb@mcnabbassociates.com or at one of the offices listed above.


LulzSec hacker opens up over drinks, says FBI informant leader ‘took one for team’

March 8, 2012

Fox News on March 7, 2012 released the following:

“Written By Jana Winter

The notorious hacker who helped the FBI bring down his worldwide empire is a martyr who took the rap for the crimes of his colleagues, a LulzSec member told FoxNews.com over beers at a Manhattan dive bar, just hours after learning the news about the shadowy figure known online as “Sabu.”

“People are freaking out. Everyone’s totally freaking out,” the hacker said. “Everyone’s in shock.”

While some see Sabu, whose real name is Hector Xavier Monsegur, as a Judas, it seemed that at least in the early shellshocked hours, Sabu’s followers remained loyal to their leader.

“Bill Gates, Steve Jobs, Sabu — I mean of our generation, he’s going to remembered in history,” the LulzSec hacker said, nursing a beer hours after learning the organization had been dealt the cruelest blow of all. “No one is going to forget him. He’s going to be remembered in history.”

LulzSec is believed responsible for computer attacks that crippled banks, multi-national corporations and even governments. Fox, Sony and MasterCard were among its corporate scalps, and the international collective also mounted damaging attacks on servers of Yemen, Zimbabwe and even the CIA, taunting its targets from afar as it brought their websites down.

The hacker described the reactions of the stunned community as news of FoxNews.com’s report outing Sabu as a months-long cooperating witness reverberated online throughout the hacking community on Tuesday. The report detailed how Monsegur has worked for the feds for the last eight months, manipulating his minions with misinforming tweets, warning them off of targets and ultimately unmasking top lieutenants for authorities.Yet some of the hackers who have taken orders from him still believe in the 28-year-old welfare dad who lived in a housing project on New York’s Lower East Side.

In fact, the revered hacking honcho “took one for the team” by copping to hacks done by others, and some believe he even may have tried to warn his people as the FBI watched his every move, the hacker told FoxNews.com, while noting Monsegur “never warned anyone to my knowledge.”

At the bar, the hacker explained how many in the community had come to this conclusion.

The immediate response of the community was to pore over Monsegur’s court records when they were unsealed, looking for clues. The long list of hacks he confessed to included attacks mounted by his legions, which some believed showed he was taking not just credit, but blame.

“He is taking one for the team, protecting the community by sacrificing himself,” the hacker said. “These were hacks that everyone did — not Sabu. He admits to everything so the community is safe. That’s what a lot of people think.”

But even if Monsegur wasn’t directly responsible for some of LulzSec’s hacks, he always played a role. The hacker told FoxNews Sabu passed along links, provided real time assistance with hacks and gave specific directions.

“Sabu says, ‘Do this, do that,’” the hacker explained. “He did everything. He was our leader, so anything you wanted to do you had to get permission, Sabu’s approval.”

Since the guidance always came online, Sabu’s army of hackers knows it is likely their own identities may have been exposed through correspondence captured on Sabu’s FBI-controlled computer.

“Everyone talked to him,” the hacker said. “Everyone. Everyone is really scared.”

“People talked to him like this: ‘Okay, this is how I hacked X company. This is when I am going to hack X. This is the step-by-step of what I’m doing while hacking a system.’

“Sabu has all this (on servers),” the hacker said. “Or really, the FBI has all of this.”

Still reeling from the betrayal, hackers sifted through logs of Sabu’s correspondence following his June 7 arrest. For the next 30 days, the cyberspace mastermind went dark, arousing suspicions he’d been found out by the feds. But he resurfaced on the web in August, just after entering a hushed-up guilty plea to charges of identity theft. None seemed to know he had been flipped, although his new BlackBerry aroused suspicion among some within the hacking community. From that point on, the group that struck fear in the hearts of corporations, banks and even governments, was being led by a turncoat.

On one blog, Sabu’s disciples claimed he had tried to warn his cohorts with a cryptic message: “You don’t know who is your friend, don’t trust anybody,” he purportedly posted just before he took his plea deal.

Still, the hacking community isn’t unanimous in its view of Sabu. There is anger, fear and disbelief, hackers told FoxNews.com. When asked directly if the hacker was personally afraid of being connected to Sabu while he was working for the feds, the hacker took a swig of beer, and sighed.

“Yes,” the hacker said. “Yes I am.””

————————————————————–

Douglas McNabb – McNabb Associates, P.C.’s
Federal Criminal Defense Attorneys Videos:

Federal Crimes – Be Careful

Federal Crimes – Be Proactive

Federal Crimes – Federal Indictment

Federal Crimes – Detention Hearing

————————————————————–

To find additional federal criminal news, please read Federal Crimes Watch Daily.

Douglas McNabb and other members of the U.S. law firm practice and write and/or report extensively on matters involving Federal Criminal Defense, INTERPOL Red Notice Removal, International Extradition and OFAC SDN Sanctions Removal.

The author of this blog is Douglas McNabb. Please feel free to contact him directly at mcnabb@mcnabbassociates.com or at one of the offices listed above.


Was Anonymous’ Hacker-Informant Sabu A Tool Of FBI Entrapment?

March 7, 2012

Forbes on March 7, 2012 released the following:

“Andy Greenberg, Forbes Staff

In a typical criminal conspiracy takedown, lower-level minions are flipped to inform on a crime syndicate’s boss. But in the investigation of LulzSec, the hacker splinter group that broke off from Anonymous last summer, the FBI seems to have found a snitch in none other than the conspiracy’s ringleader and organizer, the 28-year-old hacker known as Sabu.

Which raises a strange question: As the FBI worked to take down the radical hacktivist group over the last months, was it also egging it on?

Yesterday it was revealed that Hector Xavier Monsegur, the alleged hacker known as Sabu, had been acting as a government informant since as early as last June, helping to provide the FBI with information that led to three more arrests of alleged LulzSec-related hackers yesterday, along with new charges against two of the other related defendants. The help of the Spanish-speaking Monsegur may have even aided the arrest of 25 other alleged members of Anonymous in Spain and South America late last month.

But criminal defense lawyers for those accused hackers are no doubt poring over his communications with their clients, and looking for evidence of entrapment: the defense that the U.S. government, with an influential member of Anonymous as their pawn, pushed hackers into the same illegal acts for which they’re now prosecuting them.

Months after Monsegur began cooperating with law enforcement, his Twitter feed (with 45,000 followers) continued to rally his hacktivist “brothers” to attack governments and private corporate targets. A message he wrote in late December asked for fellow hackers to give him stolen documents so that they could be published under the banner of “Antisec,” the sub-movement against the security industry in which he was a vocal organizer. “Leakers, security researchers or hackers who have vulnerabilities or leaked docs contact us,” Monsegur wrote.

After the assassination of Iranian nuclear scientists in January, he called for hacking attacks on Israel. “Since #israel started the week by blowing up Iranian nuclear scientists – how about we focus on disrupting their infrastructure?” he wrote to his followers.

As recently as last month, Monsegur was inciting attacks on Interpol in retaliation for arrests of his fellow anons. “Hackers of the world: Interpol has declared war on hackers,” he wrote. “Time to strike back. Infiltrate.” The denial of service attack on Interpol’s website that followed took the site down for around half an hour.“

And perhaps most significantly, Monsegur seems to have taken an active part in the attack on the private intelligence think tank Stratfor, whose millions of stolen emails are now being released by WikiLeaks. In fact, the indictment of 27-year old Chicagoan Jeremy Hammond, unsealed Tuesday, states that an informant under the name Cooperative Witness One or “CW-1″ in New York convinced Hammond to move stolen Stratfor data to a server that the informant provided. Given that there are no other indicted members of LulzSec in New York, CW-1 is no doubt Monsegur.

In other conversations between Monsegur and Hammond included in the indictment–and there’s no telling what Monsegur may have said that wasn’t quote by prosecutors–Monsegur explicitly encourages illegal hacking and disclosure of stolen info.

“Wanna release that list of 92% cracked Stratfor hashes?” he asks Hammond at one point. Hammond replies to Monsegur that it’s “Your call.”

“If I get raided anarchaos your job is to cause havok in my honor,” Monsegur tells Hammond later, using one of the hacker’s pseudonyms.

“It shall be so,” Hammond responds.

Whether this kind of encouragement and support for illegal hacking rises to the level of entrapment, however, is far from clear, says Electronic Frontier Foundation attorney Hanni Fakhoury. The legal definition of entrapment hinges on two separate issues: Inducement and predisposition. To meet the “inducement” requirement, the government must be actively “authorizing, directing or supervising” the defendant’s criminal behavior. And to pass the second criteria, the defendant has to be shown to have not had a predisposition to commit that crime without the government’s encouragement.

Fakhoury cautions that the case for any defendant associated with Monsegur would depend on the specific facts of that person’s behavior and communications with Monsegur. But he believes the first element of entrapment may strongly apply in some of the indicted hackers’ cases, while the predisposition case will be more difficult to argue. “I think inducement is pretty clear here,” says Fakhoury. “The government knew what [Monsegur] was doing. Much harder will be proving pre-disposition: that the defendants weren’t already predisposed to engage in that [illegal] behavior.”

Given that members of Anonymous often openly discuss their motivations and gain status in the group by acting on their own initiative, prosecutors may have an easy time showing that any defendants in Monsegur’s circle were already predisposed to hacking. “They’re pretty vocal about their tactics and their policies and what they want to do,” says Fakhoury. “A traditional entrapment case is someone who’s pressured into something. These individuals aren’t usually pressured, and they often make statements like ‘This is why I’m involved in Anonymous and this is what I’m doing.’”

In other areas, particularly domestic terrorism, the FBI has been known to weave complex scenarios around suspects to actively tempt them into committing crimes. In the case of the “Newburgh Five,” a group of New York men charged with plotting to bomb synagogues in the Bronx and shoot down military airplanes, the FBI informant in many respects functioned as the primary organizer of the plot, offering to supply the group with its explosives, a BMW, a $250,000 payment. As for the “terrorists” themselves, they were hardly capable of carrying out the attack on their own: None even had a driver’s license.

In another case, two activists at the Republican National Convention were arrested and convicted on terrorism charges for making Molotov cocktails. As laid out in the recent documentary “Better This World,” the pair had been mentored in radical activism for over a year by a well-known activist-turned-FBI-informant who encouraged them to abandon more pacificist measures.

Despite cases like these, none of the 10 terrorism prosecutions involving informants over the last decade has successfully used an entrapment defense. “In short, if a suspicion of entrapment seems a viable starting-point for a defense, forget it,” attorney Karen Greenberg wrote in an editorial in the Guardian. “Find another strategy with which to defend your client.”

In the case of Monsegur, the EFF’s Fakhoury says the case does indeed smell “fishy.” ”Is the government manufacturing crime in order to prevent it?” he asks. “Something about it definitely doesn’t seem right.”

And whether or not an entrapment defense will win out for any of Monsegur’s fellow hackers, Fakhoury expects the issue to appear in their upcoming trials. “I don’t think this will necessarily be that successful a defense,” he says. “But it’s one that should absolutely be raised by any good defense attorney.””

————————————————————–

Douglas McNabb – McNabb Associates, P.C.’s
Federal Criminal Defense Attorneys Videos:

Federal Crimes – Be Careful

Federal Crimes – Be Proactive

Federal Crimes – Federal Indictment

Federal Crimes – Detention Hearing

————————————————————–

To find additional federal criminal news, please read Federal Crimes Watch Daily.

Douglas McNabb and other members of the U.S. law firm practice and write and/or report extensively on matters involving Federal Criminal Defense, INTERPOL Red Notice Removal, International Extradition and OFAC SDN Sanctions Removal.

The author of this blog is Douglas McNabb. Please feel free to contact him directly at mcnabb@mcnabbassociates.com or at one of the offices listed above.


EXCLUSIVE: Infamous international hacking group LulzSec brought down by own leader

March 6, 2012

Fox News on March 6, 2012 released the following:

“By Jana Winter

EXCLUSIVE: Law enforcement agents on two continents swooped in on top members of the infamous computer hacking group LulzSec early this morning, and acting largely on evidence gathered by the organization’s brazen leader — who sources say has been secretly working for the government for months — arrested three and charged two more with conspiracy.

Charges against four of the five were based on a conspiracy case filed in New York federal court, FoxNews.com has learned. An indictment charging the suspects, who include two men from Great Britain, two from Ireland and an American in Chicago, is expected to be unsealed Tuesday morning in the Southern District of New York.

“This is devastating to the organization,” said an FBI official involved with the investigation. “We’re chopping off the head of LulzSec.”

The offshoot of the loose network of hackers, Anonymous, believed to have caused billions of dollars in damage to governments, international banks and corporations, was allegedly led by a shadowy figure FoxNews.com has identified as Hector Xavier Monsegur. Working under the Internet alias “Sabu,” the unemployed, 28-year-old father of two allegedly commanded a loosely organized, international team of perhaps thousands of hackers from his nerve center in a public housing project on New York’s Lower East Side. After the FBI unmasked Monsegur last June, he became a cooperating witness, sources told FoxNews.com.

“They caught him and he was secretly arrested and now works for the FBI,” a source close to Sabu told FoxNews.com.

Monsegur pleaded guilty Aug. 15 to 12 hacking-related charges and information documenting his admissions is expected to be unsealed in Southern District Court on Tuesday.

As a result of Monsegur’s cooperation, which was confirmed by numerous senior-level officials, the remaining top-ranking members of LulzSec were arrested or hit with additional charges Tuesday morning. The five charged in the LulzSec conspiracy indictment expected to be unsealed were identified by sources as: Ryan Ackroyd, aka “Kayla” and Jake Davis, aka “Topiary,” both of London; Darren Martyn, aka “pwnsauce” and Donncha O’Cearrbhail, aka “palladium,” both of Ireland; and Jeremy Hammond aka “Anarchaos,” of Chicago.

Hammond was arrested on access device fraud and hacking charges and is believed to have been the main person behind the devastating December hack on U.S. security company Stratfor. Millions of emails were stolen and then published on Wikileaks; credit card numbers and other confidential information were also stolen, law enforcement sources told FoxNews.com.

The sources said Hammond will be charged in a separate indictment, and they described him as a member of Anonymous.

The others are all suspected members of LulzSec, the group that has wreaked havoc on U.S. and foreign government agencies, including the CIA and FBI, numerous defense contractors, financial and governmental entities and corporations including Fox and Sony.

Ackroyd, who is suspected of using the online handle “Kayla,” is alleged to be Monsegur’s top deputy. Among other things, Kayla identified vulnerabilities in the U.S. Senate’s computer systems and passed the information on to Sabu. Kayla was expected to be taken into custody on Tuesday.

A spokeswoman for the Southern District and U.S. Attorney Preet Bharara declined comment.
Monsegur’s attorney did not return FoxNews.com’s repeated requests for comment.”

————————————————————–

Douglas McNabb – McNabb Associates, P.C.’s
Federal Criminal Defense Attorneys Videos:

Federal Crimes – Be Careful

Federal Crimes – Be Proactive

Federal Crimes – Federal Indictment

Federal Crimes – Detention Hearing

————————————————————–

To find additional federal criminal news, please read Federal Crimes Watch Daily.

Douglas McNabb and other members of the U.S. law firm practice and write and/or report extensively on matters involving Federal Criminal Defense, INTERPOL Red Notice Removal, International Extradition and OFAC SDN Sanctions Removal.

The author of this blog is Douglas McNabb. Please feel free to contact him directly at mcnabb@mcnabbassociates.com or at one of the offices listed above.