Anonymous superhacker turned FBI informant Sabu remains defiant over snitching

Controversial hacker-turned-informant Hector Xavier Monsegur is unrepentant in first television interview, saying he ‘didn’t point fingers at anybody’

Hector Xavier Monsegur, the charismatic former Anonymous hacker who engaged in defiant political acts around the world from his Lower East Side apartment before becoming an FBI informant, has spoken out in his own defence, insisting that he was not responsible for the arrests of several of his “hacktivist” peers.

In an interview with Charlie Rose on CBS News, Monsegur, who operated under the internet handle “Sabu”, responded to his many detractors in the hacking underworld, who see him as a “rat” or super-snitch. He said that his three-year turn as an informant for federal agents did not entail fingering anybody or handing over names of his Anonymous fellows.

“It wasn’t a situation where I identified anybody. I didn’t point my fingers at anybody. My cooperation entailed logging and providing intelligence. It didn’t mean ‘Can you please tell me the identity of all your mates,’” he said.

Monsegur was sentenced in May to time served – equivalent to seven months – despite the fact that federal prosecutors estimated he had notched up more than $50m in damages in his Anonymous hacks. The judge thanked him for his “extraordinary cooperation”.

That cooperation involved helping the FBI nail eight prominent Anonymous and LulzSec hackers including Jeremy Hammond, the then No 1 most-wanted cybercriminal in the world on the FBI’s wish list, who is now serving a 10-year sentence for his role in breaching the private intelligence firm Stratfor.

Sealed court documents obtained by Motherboard have revealed that Monsegur was directing Hammond and other hackers to attack Brazilian government and corporate websites at a time when he was secretly working for the FBI, raising questions about the extent of his activities globally on behalf of the bureau.

Gabriella Coleman, an anthropologist at McGill University who is the leading academic expert on Anonymous, said that she was struck by Monsegur’s failure to offer an apology to his former peers in the hacking world. “His defiance is what made him such a valuable asset to the FBI, but it is this same defiant attitude – his refusal to apologize or accept even an iota of responsibility –that has made him a pariah in the wider Anonymous community,” Coleman told the Guardian.

Coleman’s new book, Hacker, Hoaxer, Whistleblower, Spy, which gives the most detailed version yet of the Anonymous story, was based in no small part on extensive interviews with Monsegur – at a time when she was unaware that he was an FBI informant. In a recent blog post she remembered his “defiant and revolutionary attitude. His calls for people to rise up were routinely directed towards his ‘brothers’ and ‘sisters’.”

Yet his substantial impact on the Anonymous underworld was made from a tiny apartment in the impoverished projects of the Lower East Side, where his self-taught facility with computers led him into hackingto help his grandmother pay her bills by stealing credit card information. He was at the forefront of audacious raids such as the posting of an Anonymous open letter on the website of the Tunisian prime minister during the 2011 uprisings, hacks into major companies such as Visa, Mastercard and PayPal in protest against their refusal to take donations to WikiLeaks, and a breach of the FBI subsidiary Infragard, which is what finally led federal agents to his door.

Of the Tunisian hack, he told CBS News: “It was amazing. I saw finally I was able to do something that contributed to society regardless that I was at home in the Lower East Side in the projects behind a computer.”

Dressed in a brown check shirt and brown trousers, with his beard and hair closely cropped, Monsegur looked relaxed and confident during the interview. Asked whether he had feared getting caught when he was at the height of his Anonymous activities, he replied: “Not necessarily. After you’ve been hacking for so long, you reach a point of no return. Regardless of you fearing they are going to get you one day, it’s too late.”

 

Sabu chat logs show vast scale of Brazil hacks orchestrated while FBI informant

Hector Xavier Monsegur worked with Anonymous collective
Chats under seal but obtained by Motherboard online magazine

Hector Xavier Monsegur, known as 'Sabu'
Hector Xavier Monsegur, known as ‘Sabu’, leaves court after having been granted a sentence of time served. Photograph: Andrew Gombert/EPA

Previously unpublished chat logs between Hector Xavier Monsegur, the super-hacker known as “Sabu”, and fellow members of the Anonymous collective have revealed the vast scale of breaches Monsegur orchestrated on government and business websites in Brazil at a time when he was acting as an informant for the FBI.

The suspicion has long been floated that the FBI may have used Monsegur to instigate cyber-attacks by a network of international hackers on foreign governments and commercial targets. The claim was raised by another prominent Anonymous and LulzSec hacker, Jeremy Hammond, as he was sentenced to 10 years in prison.

But the newly-published chats, which are under seal in the US federal courts but were obtained by Vice’s online magazine Motherboard, give chapter and verse on how Monsegur directly incited Anonymous hackers to attack Brazilian sites. The targets included the server of the Brazilian federal military policy, other government sites, the media empire Globo and hundreds of commercial outlets.

“Hit these bitches for our Brazilian squad,” Monsegur told Hammond in a private chat disclosed by Motherboard. In another he said: “Work on the gov.”

The Vice report, written by Daniel Stuckey and Andrew Blake, also reveals that Monsegur was aware of the huge scale of what he was fomenting.

“What we are doing is so massive,” he wrote to Hammond.

The targeting of foreign sites was “something WikiLeaks couldn’t have done”. Yet Monsegur encouraged all these actions after he was approached by FBI agents in his Manhattan apartment on 7 June 2011, at which point he immediately turned informant, as the US government has itself confirmed.

Such were the lengths to which the FBI went to monitor Monsegur’s online activities over the following months, including setting up cameras in his apartment, that it is unlikely anything the hacker-turned-informant did would have gone unnoticed by his official handlers.

Monsegur, whose work as an informant helped to convict Hammond and at least seven other prominent Anonymous hackers in the US, UK and Ireland, was allowed by a federal judge last month to walk free on time served. The judge, Loretta Preska, repeatedly praised Monsegur for his “extraordinary cooperation” with the FBI.

The Motherboard chats show that Monsegur pointed an inner circle of AntiSec hackers towards Brazilian sites that could be breached, as well as passing on details of targets to a network of hackers operating inside the country.

“I’m about to get brazillians [sic] to go in a rampage,” he said to Hammond in one private chat.

In a chat with a different unidentified hacker, Monsegur said: “we gave them root on brazils biggest media site globo. So lets see how they handle it.”

In January 2012, seven months into his new role as FBI informant, Sabu sent a hacker going by the internet handle “hard366” a long list of potential targets attached to the domain .gov.br .

According to the Motherboard disclosures, Monsegur told the hacker: “do whatever you want, its yours brother… this is a real server ready for defacement.”

 

LulzSec’s Sabu: ‘ask me about the CIA’

When the Guardian spoke to the hacker last year, he was keen to discuss claims he worked for the authorities
Hector Xavier Monsegur
Hector Xavier Monsegur, AKA Sabu. An unemployed man from New York who is allegedly the mastermind of international hacking group, LulzSec

Last July the Guardian was investigating the elusive, mysterious individuals behind LulzSec and Anonymous – the loose hacker groups who had suddenly become front page news, as they led a wave of cyber attacks against a range major corporations and law enforcement. One individual, or one hacker name, stood out: Sabu, a proflic hacker often referred to as the leader of the groups.

Getting to Sabu was not easy; he was well aware of the illegal nature of his activities. But that month, the Guardian had a stroke of luck. Sabu objected violently to a piece we had carried, examining – and shooting down – allegations from a rival pro-US hacker that Sabu was using Anonymous and Lulzsec to push an extreme Islamic agenda.

He asked me to join him in an off-the-record internet chat – a conversation that happened seven weeks after Sabu, now unmasked as Hector Xavier Monsegur, had already been picked up by the FBI.

Given the latest revelations about Sabu’s activities, that he worked as an informer from after his arrest on 7 June until just a few days ago, I think it is appropriate to publish a few extracts from our conversation.

Sabu – and we cannot even be sure that our correspondant was the real Monsegur and not a US agent – was not representing himself accurately to the newspaper. If anything, he was testing the Guardian out, openly flirting with the notion that he worked for the CIA – and then inviting me to knock him down.

Less than three weeks later, Monsegur pleaded guilty to 12 counts relating to computer hacking in secret, which carry a maximum sentence of 124 years and six months. But there is no sign in the logs of a man under pressure.

Sabu began by denouncing the Guardian’s publication of the vague allegations of the supposed Islamic links of the hacker community. Then he switched tack, asking why the paper hadn’t published rumours linking him to the CIA, arguing that would amount to an equivalent and equally inaccurate allegation. Given what we know now, the swerve is particularly noteworthy.

In case it is not obvious, my online name is <jamesrbuk>.

<SABU> OK. I’m waiting for the article discussing the potential of me being the leader of a CIA blackops operation and me denying it.

<SABU> can we work on it now?

<SABU> I’ll begin my message

<SABU> <jamesrbuk> : I thank you for brining up this serious allegation but I deny being part of the CIA or any black operations unit/organization.

<SABU> I am an activist and security researcher. Not a CIA operative

Moments later, I strayed even closer to what had become Sabu’s emerging double life (remember, the indictments released yesterday refer to Monsegur only being a member of Anonymous until 7 June 2011, the day of his arrest). I linked a recent Guardian story – unaware of any ironies – suggesting the FBI had managed to recruit a full quarter of all US hackers as informants:

<SABU> The CIA has done more blackops and terror operations than al-qaeda could ever do

<SABU> so, lets be realistic

<jamesrbuk> Something we covered: http://www.theguardian.com/technology/2011/jun/06/us-hackers-fbi-informer

<SABU> That has literally nothing to do with what I’m talking about

<SABU> and I must say if your article is correct – the FBI is doin a very bad job at recruiting informants.

<jamesrbuk> Well, you were mentioning CIA blackops/etc. It’s related.

<SABU> No it is not

At the time, I was bemused if not baffled by our exchange – and totally unable to see any motivation for Sabu’s keenness that we start publishing what seemed to amount to little more than conspiracy theories about the operations of Anonymous and Lulzsec.

With hindsight, I wonder whether Sabu was trying in some way to set out a warning, or red flag to other hackers. Or perhaps he was goading me to see if I actually believed he might be a turncoat. Either way, these were signals I missed at that the time.

My other thought, looking back on the logs, is whether Sabu was thinking aloud as to why he was being asked to become an FBI informant rather than being publicly prosecuted. Here’s more; here Sabu says some are claiming he had been working “with the CIA” although having closely followed the debate at the time this is not an allegation I can recall having seen aired:

<SABU> When can I expect an article discussing the idea of me being with the CIA and my denial?

<SABU> I’m eager to see this happen.

<jamesrbuk> So I see. May I ask why?

<SABU> Hmm…? is it not obvious?

<jamesrbuk> Not totally. And I’d prefer to hear rather than jump to wrong conclusions

<SABU> There is no wrong conclusion if you have been a part of this conversation

<SABU> You just said there was a claim that I may be a terrorist. You “researched” it and wrote the article

<SABU> There re claims I am with the CIA pushing to get tighter / stricter cyber-laws passed

<SABU> its literally the same shit, two different extremes.

Then, intriguingly, he goes onto say that UK and US goverments have been involved in covert operations, before going to say that he could not be linked to terrorism. Anonymous or LulzSec would not carry out their operations so publicly if they had an ulterior motive.

<SABU> The people are aware that our governments in the UK and the US have involved themselves in black operations in the past. it makes a lot of sense if lets say a rogue group of hackers suddenly began attaking national interests — spawning a massive overhaul of internet security, theoretically.

<SABU> you’re telling me thats not worse than some random jihadist who barely knows how to use a computer in the first place, “hacking”/

<SABU> Also heres where your entire point is flawed into oblivion

<SABU> why would a terrorist release and dump 90,000 INTELLIGENCE COMMUNITY MILITARY PERSONELL PASSWORDS AND EMAILS when they can just intercept military intelligence communications for the next year using this data ?

<SABU> Why would osama bin laden go through all the work of hacking booz allan [a US government and defence consultancy], just to post a pastebin with an ascii art mocking the security of federal contractors.

<SABU> Be realistic.

<SABU> Think.

Even as an FBI informer, Sabu would not be in a position to have evidence to back up his theories that the CIA were angling for a tightening of US cyber laws. Those co-operating with the authorities to mitigate their sentancing are rarely handed US government secrets. Instead, what’s interesting is Sabu’s internal reasoning for why – hypothetically at least – a compromised organisation (as we know now LulzSec was) might be allowed to continue.

One factor in the decision to make some of this public was an unusual comment towards the end of the conversation, in which Sabu advised me to make sure I kept a log, or transcript, of the chat for later use:

<SABU> AS FOR THE LOG I don’t do interviews or usually paste chatlogs so I’m keeping it privately

<SABU> so I suggest you do the same

At this stage, surely Sabu would have known, or at least suspected, that his agreement to turn evidence against other members of Lulzsec would eventually become public. Re-reading this now, one wonders if he was hoping that some of our conversation would eventually become public too – an interview, in effect, at the point when he couldn’t speak for himself.

Just over a fortnight after these published exchanges, we now know that Monsegur – aka Sabu – secretly pleaded guilty to 12 counts of computer hacking.

From June to March this year, he – and his FBI handlers – were party to details, often in advance, of hacking attacks including the interception of an FBI conference call, and the seizure of 5m emails from the servers of UK intelligence firm Stratfor, which are currently being published by WikiLeaks.

On Tuesday, charges were lain against five individuals alleged to be core members of Anonymous and Lulzsec – and the man behind Sabu was finally publicly unmasked as a 28-year-old unemployed Puerto Rican living in New York.

Annunci

Rispondi

Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione / Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione / Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione / Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione / Modifica )

Connessione a %s...