FBI’s ‘Sabu’ Hacker Was a Model Informant

March 9, 2012

The Wall Street Journal on March 8, 2012 released the following:

“By CHAD BRAY

As soon as he was caught, an influential computer hacker agreed to become a government informant and “literally worked around the clock” to help federal agents nab an elusive collective of alleged cyber criminals who have launched online attacks against companies, governments and individuals.

The new details, revealed in court documents made public on Thursday, show how quickly investigators were able to turn 28-year-old Hector Xavier Monsegur against his fellow alleged hackers.

Known as “Sabu” in hacking circles, he was placed under supervision by Federal Bureau of Investigation agents shortly after he was arrested at 10:15 p.m. on June 7 last year. His file was sealed by a judge.

“Since literally the day he was arrested, the defendant has been cooperating with the government proactively,” sometimes staying up all night engaging in conversations with co-conspirators to help the government build cases against them, Assistant U.S. Attorney James Pastore said at a secret bail hearing on Aug. 5, 2011, according to a transcript released on Thursday.

The investigation led to the unveiling of criminal charges on Tuesday against a group of men allegedly behind Lulz Security, or LulzSec. The group, formed last May, claimed responsibility for a series of brazen online attacks including hacking computer servers of television network PBS in retaliation for a “Frontline” episode about WikiLeaks, and stealing personal information from about 100,000 customers of hacked Sony Pictures.

In addition to the Sony and PBS attacks, LulzSec has claimed responsibility for attacks on the U.S. Senate and InfraGard, an affiliate of the Atlanta chapter of the FBI. Those attacks were all cited in Tuesday’s charging documents.

Mr. Monsegur, a few days after his bail hearing in August, pleaded guilty to 12 criminal charges, including three counts of conspiracy to engage in computer hacking, computer hacking in furtherance of fraud, conspiracy to commit access device fraud, conspiracy to commit bank fraud and aggravated identity theft. He faces up to 124 years in prison. A lawyer for Mr. Monsegur declined to comment Thursday.

On Aug. 10, 2011, a federal prosecutor in Los Angeles who was working on the case asked that details for charges against Mr. Monsegur in Los Angeles remain secret. In a document, Assistant U.S. Attorney Stephanie S. Christensen said other hackers were aware of Mr. Monsegur’s true identity, even though he often used a nickname or online personality while communicating with them. She said if news of his arrest were made public, he might be identified as a cooperator. She noted that the hackers monitored public court dockets.

“The FBI has informed me that the hackers are known to take steps against those who cooperate with the government,” Ms. Christensen said. She pointed to a practice known as “Doxing” where hackers post personal details about a person for public consumption online. “The publicly available information may then be used to harass the cooperator and the cooperator’s family in a variety of ways,” she said. “This obviously creates danger for the cooperator, the cooperator’s family, and law enforcement.”

Prosecutors, who said Mr. Monsegur was kept under close surveillance during the investigation—with software installed on his computer to track his online activity and video surveillance set up in his home—also said that Mr. Monsegur agreed to cooperate at “a significant amount of personal risk” to himself. Mr. Monsegur, who was unemployed at the time, is a foster parent to two nieces.

Some hackers retaliate against cooperators by ordering hundreds of pizzas to their house or calling in hostage situations and having a SWAT team show up, Mr. Pastore said.

During the investigation, Mr. Monsegur, who lived in and worked from a public-housing project in New York City, received information on a day-to-day basis of “upwards of two dozen vulnerabilities” in computer systems from a network of cybercriminals, Mr. Pastore said in court documents released Thursday. The FBI was able to identify more than 150 security vulnerabilities at the time, allowing companies to prevent a hack before it occurred or mitigate harm from prior hacking activity, he said.

Ultimately, federal agents were able to thwart more than 300 attacks that other hackers were planning as a result of information provided by Mr. Monsegur, according to a person familiar with the matter.

LulzSec is one of several shadowy hacker groups that have sprung to global prominence over the past year and are loosely organized, often with no central leadership. Mr. Monsegur is described in charging documents as an “influential” member of three such hacking organizations—LulzSec and two others known as Anonymous and Internet Feds. Charges against a total of six men were announced on Tuesday, after which Mr. Monsegur’s identity was revealed.”

————————————————————–

Douglas McNabb – McNabb Associates, P.C.’s
Federal Criminal Defense Attorneys Videos:

Federal Crimes – Be Careful

Federal Crimes – Be Proactive

Federal Crimes – Federal Indictment

Federal Crimes – Detention Hearing

————————————————————–

To find additional federal criminal news, please read Federal Crimes Watch Daily.

Douglas McNabb and other members of the U.S. law firm practice and write and/or report extensively on matters involving Federal Criminal Defense, INTERPOL Red Notice Removal, International Extradition and OFAC SDN Sanctions Removal.

The author of this blog is Douglas McNabb. Please feel free to contact him directly at mcnabb@mcnabbassociates.com or at one of the offices listed above.


LulzSec hacker opens up over drinks, says FBI informant leader ‘took one for team’

March 8, 2012

Fox News on March 7, 2012 released the following:

“Written By Jana Winter

The notorious hacker who helped the FBI bring down his worldwide empire is a martyr who took the rap for the crimes of his colleagues, a LulzSec member told FoxNews.com over beers at a Manhattan dive bar, just hours after learning the news about the shadowy figure known online as “Sabu.”

“People are freaking out. Everyone’s totally freaking out,” the hacker said. “Everyone’s in shock.”

While some see Sabu, whose real name is Hector Xavier Monsegur, as a Judas, it seemed that at least in the early shellshocked hours, Sabu’s followers remained loyal to their leader.

“Bill Gates, Steve Jobs, Sabu — I mean of our generation, he’s going to remembered in history,” the LulzSec hacker said, nursing a beer hours after learning the organization had been dealt the cruelest blow of all. “No one is going to forget him. He’s going to be remembered in history.”

LulzSec is believed responsible for computer attacks that crippled banks, multi-national corporations and even governments. Fox, Sony and MasterCard were among its corporate scalps, and the international collective also mounted damaging attacks on servers of Yemen, Zimbabwe and even the CIA, taunting its targets from afar as it brought their websites down.

The hacker described the reactions of the stunned community as news of FoxNews.com’s report outing Sabu as a months-long cooperating witness reverberated online throughout the hacking community on Tuesday. The report detailed how Monsegur has worked for the feds for the last eight months, manipulating his minions with misinforming tweets, warning them off of targets and ultimately unmasking top lieutenants for authorities.Yet some of the hackers who have taken orders from him still believe in the 28-year-old welfare dad who lived in a housing project on New York’s Lower East Side.

In fact, the revered hacking honcho “took one for the team” by copping to hacks done by others, and some believe he even may have tried to warn his people as the FBI watched his every move, the hacker told FoxNews.com, while noting Monsegur “never warned anyone to my knowledge.”

At the bar, the hacker explained how many in the community had come to this conclusion.

The immediate response of the community was to pore over Monsegur’s court records when they were unsealed, looking for clues. The long list of hacks he confessed to included attacks mounted by his legions, which some believed showed he was taking not just credit, but blame.

“He is taking one for the team, protecting the community by sacrificing himself,” the hacker said. “These were hacks that everyone did — not Sabu. He admits to everything so the community is safe. That’s what a lot of people think.”

But even if Monsegur wasn’t directly responsible for some of LulzSec’s hacks, he always played a role. The hacker told FoxNews Sabu passed along links, provided real time assistance with hacks and gave specific directions.

“Sabu says, ‘Do this, do that,’” the hacker explained. “He did everything. He was our leader, so anything you wanted to do you had to get permission, Sabu’s approval.”

Since the guidance always came online, Sabu’s army of hackers knows it is likely their own identities may have been exposed through correspondence captured on Sabu’s FBI-controlled computer.

“Everyone talked to him,” the hacker said. “Everyone. Everyone is really scared.”

“People talked to him like this: ‘Okay, this is how I hacked X company. This is when I am going to hack X. This is the step-by-step of what I’m doing while hacking a system.’

“Sabu has all this (on servers),” the hacker said. “Or really, the FBI has all of this.”

Still reeling from the betrayal, hackers sifted through logs of Sabu’s correspondence following his June 7 arrest. For the next 30 days, the cyberspace mastermind went dark, arousing suspicions he’d been found out by the feds. But he resurfaced on the web in August, just after entering a hushed-up guilty plea to charges of identity theft. None seemed to know he had been flipped, although his new BlackBerry aroused suspicion among some within the hacking community. From that point on, the group that struck fear in the hearts of corporations, banks and even governments, was being led by a turncoat.

On one blog, Sabu’s disciples claimed he had tried to warn his cohorts with a cryptic message: “You don’t know who is your friend, don’t trust anybody,” he purportedly posted just before he took his plea deal.

Still, the hacking community isn’t unanimous in its view of Sabu. There is anger, fear and disbelief, hackers told FoxNews.com. When asked directly if the hacker was personally afraid of being connected to Sabu while he was working for the feds, the hacker took a swig of beer, and sighed.

“Yes,” the hacker said. “Yes I am.””

————————————————————–

Douglas McNabb – McNabb Associates, P.C.’s
Federal Criminal Defense Attorneys Videos:

Federal Crimes – Be Careful

Federal Crimes – Be Proactive

Federal Crimes – Federal Indictment

Federal Crimes – Detention Hearing

————————————————————–

To find additional federal criminal news, please read Federal Crimes Watch Daily.

Douglas McNabb and other members of the U.S. law firm practice and write and/or report extensively on matters involving Federal Criminal Defense, INTERPOL Red Notice Removal, International Extradition and OFAC SDN Sanctions Removal.

The author of this blog is Douglas McNabb. Please feel free to contact him directly at mcnabb@mcnabbassociates.com or at one of the offices listed above.


Was Anonymous’ Hacker-Informant Sabu A Tool Of FBI Entrapment?

March 7, 2012

Forbes on March 7, 2012 released the following:

“Andy Greenberg, Forbes Staff

In a typical criminal conspiracy takedown, lower-level minions are flipped to inform on a crime syndicate’s boss. But in the investigation of LulzSec, the hacker splinter group that broke off from Anonymous last summer, the FBI seems to have found a snitch in none other than the conspiracy’s ringleader and organizer, the 28-year-old hacker known as Sabu.

Which raises a strange question: As the FBI worked to take down the radical hacktivist group over the last months, was it also egging it on?

Yesterday it was revealed that Hector Xavier Monsegur, the alleged hacker known as Sabu, had been acting as a government informant since as early as last June, helping to provide the FBI with information that led to three more arrests of alleged LulzSec-related hackers yesterday, along with new charges against two of the other related defendants. The help of the Spanish-speaking Monsegur may have even aided the arrest of 25 other alleged members of Anonymous in Spain and South America late last month.

But criminal defense lawyers for those accused hackers are no doubt poring over his communications with their clients, and looking for evidence of entrapment: the defense that the U.S. government, with an influential member of Anonymous as their pawn, pushed hackers into the same illegal acts for which they’re now prosecuting them.

Months after Monsegur began cooperating with law enforcement, his Twitter feed (with 45,000 followers) continued to rally his hacktivist “brothers” to attack governments and private corporate targets. A message he wrote in late December asked for fellow hackers to give him stolen documents so that they could be published under the banner of “Antisec,” the sub-movement against the security industry in which he was a vocal organizer. “Leakers, security researchers or hackers who have vulnerabilities or leaked docs contact us,” Monsegur wrote.

After the assassination of Iranian nuclear scientists in January, he called for hacking attacks on Israel. “Since #israel started the week by blowing up Iranian nuclear scientists – how about we focus on disrupting their infrastructure?” he wrote to his followers.

As recently as last month, Monsegur was inciting attacks on Interpol in retaliation for arrests of his fellow anons. “Hackers of the world: Interpol has declared war on hackers,” he wrote. “Time to strike back. Infiltrate.” The denial of service attack on Interpol’s website that followed took the site down for around half an hour.“

And perhaps most significantly, Monsegur seems to have taken an active part in the attack on the private intelligence think tank Stratfor, whose millions of stolen emails are now being released by WikiLeaks. In fact, the indictment of 27-year old Chicagoan Jeremy Hammond, unsealed Tuesday, states that an informant under the name Cooperative Witness One or “CW-1″ in New York convinced Hammond to move stolen Stratfor data to a server that the informant provided. Given that there are no other indicted members of LulzSec in New York, CW-1 is no doubt Monsegur.

In other conversations between Monsegur and Hammond included in the indictment–and there’s no telling what Monsegur may have said that wasn’t quote by prosecutors–Monsegur explicitly encourages illegal hacking and disclosure of stolen info.

“Wanna release that list of 92% cracked Stratfor hashes?” he asks Hammond at one point. Hammond replies to Monsegur that it’s “Your call.”

“If I get raided anarchaos your job is to cause havok in my honor,” Monsegur tells Hammond later, using one of the hacker’s pseudonyms.

“It shall be so,” Hammond responds.

Whether this kind of encouragement and support for illegal hacking rises to the level of entrapment, however, is far from clear, says Electronic Frontier Foundation attorney Hanni Fakhoury. The legal definition of entrapment hinges on two separate issues: Inducement and predisposition. To meet the “inducement” requirement, the government must be actively “authorizing, directing or supervising” the defendant’s criminal behavior. And to pass the second criteria, the defendant has to be shown to have not had a predisposition to commit that crime without the government’s encouragement.

Fakhoury cautions that the case for any defendant associated with Monsegur would depend on the specific facts of that person’s behavior and communications with Monsegur. But he believes the first element of entrapment may strongly apply in some of the indicted hackers’ cases, while the predisposition case will be more difficult to argue. “I think inducement is pretty clear here,” says Fakhoury. “The government knew what [Monsegur] was doing. Much harder will be proving pre-disposition: that the defendants weren’t already predisposed to engage in that [illegal] behavior.”

Given that members of Anonymous often openly discuss their motivations and gain status in the group by acting on their own initiative, prosecutors may have an easy time showing that any defendants in Monsegur’s circle were already predisposed to hacking. “They’re pretty vocal about their tactics and their policies and what they want to do,” says Fakhoury. “A traditional entrapment case is someone who’s pressured into something. These individuals aren’t usually pressured, and they often make statements like ‘This is why I’m involved in Anonymous and this is what I’m doing.’”

In other areas, particularly domestic terrorism, the FBI has been known to weave complex scenarios around suspects to actively tempt them into committing crimes. In the case of the “Newburgh Five,” a group of New York men charged with plotting to bomb synagogues in the Bronx and shoot down military airplanes, the FBI informant in many respects functioned as the primary organizer of the plot, offering to supply the group with its explosives, a BMW, a $250,000 payment. As for the “terrorists” themselves, they were hardly capable of carrying out the attack on their own: None even had a driver’s license.

In another case, two activists at the Republican National Convention were arrested and convicted on terrorism charges for making Molotov cocktails. As laid out in the recent documentary “Better This World,” the pair had been mentored in radical activism for over a year by a well-known activist-turned-FBI-informant who encouraged them to abandon more pacificist measures.

Despite cases like these, none of the 10 terrorism prosecutions involving informants over the last decade has successfully used an entrapment defense. “In short, if a suspicion of entrapment seems a viable starting-point for a defense, forget it,” attorney Karen Greenberg wrote in an editorial in the Guardian. “Find another strategy with which to defend your client.”

In the case of Monsegur, the EFF’s Fakhoury says the case does indeed smell “fishy.” ”Is the government manufacturing crime in order to prevent it?” he asks. “Something about it definitely doesn’t seem right.”

And whether or not an entrapment defense will win out for any of Monsegur’s fellow hackers, Fakhoury expects the issue to appear in their upcoming trials. “I don’t think this will necessarily be that successful a defense,” he says. “But it’s one that should absolutely be raised by any good defense attorney.””

————————————————————–

Douglas McNabb – McNabb Associates, P.C.’s
Federal Criminal Defense Attorneys Videos:

Federal Crimes – Be Careful

Federal Crimes – Be Proactive

Federal Crimes – Federal Indictment

Federal Crimes – Detention Hearing

————————————————————–

To find additional federal criminal news, please read Federal Crimes Watch Daily.

Douglas McNabb and other members of the U.S. law firm practice and write and/or report extensively on matters involving Federal Criminal Defense, INTERPOL Red Notice Removal, International Extradition and OFAC SDN Sanctions Removal.

The author of this blog is Douglas McNabb. Please feel free to contact him directly at mcnabb@mcnabbassociates.com or at one of the offices listed above.


EXCLUSIVE: Infamous international hacking group LulzSec brought down by own leader

March 6, 2012

Fox News on March 6, 2012 released the following:

“By Jana Winter

EXCLUSIVE: Law enforcement agents on two continents swooped in on top members of the infamous computer hacking group LulzSec early this morning, and acting largely on evidence gathered by the organization’s brazen leader — who sources say has been secretly working for the government for months — arrested three and charged two more with conspiracy.

Charges against four of the five were based on a conspiracy case filed in New York federal court, FoxNews.com has learned. An indictment charging the suspects, who include two men from Great Britain, two from Ireland and an American in Chicago, is expected to be unsealed Tuesday morning in the Southern District of New York.

“This is devastating to the organization,” said an FBI official involved with the investigation. “We’re chopping off the head of LulzSec.”

The offshoot of the loose network of hackers, Anonymous, believed to have caused billions of dollars in damage to governments, international banks and corporations, was allegedly led by a shadowy figure FoxNews.com has identified as Hector Xavier Monsegur. Working under the Internet alias “Sabu,” the unemployed, 28-year-old father of two allegedly commanded a loosely organized, international team of perhaps thousands of hackers from his nerve center in a public housing project on New York’s Lower East Side. After the FBI unmasked Monsegur last June, he became a cooperating witness, sources told FoxNews.com.

“They caught him and he was secretly arrested and now works for the FBI,” a source close to Sabu told FoxNews.com.

Monsegur pleaded guilty Aug. 15 to 12 hacking-related charges and information documenting his admissions is expected to be unsealed in Southern District Court on Tuesday.

As a result of Monsegur’s cooperation, which was confirmed by numerous senior-level officials, the remaining top-ranking members of LulzSec were arrested or hit with additional charges Tuesday morning. The five charged in the LulzSec conspiracy indictment expected to be unsealed were identified by sources as: Ryan Ackroyd, aka “Kayla” and Jake Davis, aka “Topiary,” both of London; Darren Martyn, aka “pwnsauce” and Donncha O’Cearrbhail, aka “palladium,” both of Ireland; and Jeremy Hammond aka “Anarchaos,” of Chicago.

Hammond was arrested on access device fraud and hacking charges and is believed to have been the main person behind the devastating December hack on U.S. security company Stratfor. Millions of emails were stolen and then published on Wikileaks; credit card numbers and other confidential information were also stolen, law enforcement sources told FoxNews.com.

The sources said Hammond will be charged in a separate indictment, and they described him as a member of Anonymous.

The others are all suspected members of LulzSec, the group that has wreaked havoc on U.S. and foreign government agencies, including the CIA and FBI, numerous defense contractors, financial and governmental entities and corporations including Fox and Sony.

Ackroyd, who is suspected of using the online handle “Kayla,” is alleged to be Monsegur’s top deputy. Among other things, Kayla identified vulnerabilities in the U.S. Senate’s computer systems and passed the information on to Sabu. Kayla was expected to be taken into custody on Tuesday.

A spokeswoman for the Southern District and U.S. Attorney Preet Bharara declined comment.
Monsegur’s attorney did not return FoxNews.com’s repeated requests for comment.”

————————————————————–

Douglas McNabb – McNabb Associates, P.C.’s
Federal Criminal Defense Attorneys Videos:

Federal Crimes – Be Careful

Federal Crimes – Be Proactive

Federal Crimes – Federal Indictment

Federal Crimes – Detention Hearing

————————————————————–

To find additional federal criminal news, please read Federal Crimes Watch Daily.

Douglas McNabb and other members of the U.S. law firm practice and write and/or report extensively on matters involving Federal Criminal Defense, INTERPOL Red Notice Removal, International Extradition and OFAC SDN Sanctions Removal.

The author of this blog is Douglas McNabb. Please feel free to contact him directly at mcnabb@mcnabbassociates.com or at one of the offices listed above.