NEW YORK — The shadowy underworld of Internet hackers was rocked by news Tuesday that one of the world’s most-wanted and most-feared computer vandals has been an FBI informant for months and helped authorities build a case against five alleged comrades.
The FBI said it captured the legendary hacker known as “Sabu” last June, and he turned out to be Hector Xavier Monsegur, 28, a self-taught, unemployed computer programmer with no college education, living on welfare in public housing in New York.
His exploits made him a hero to some in cyberspace until he made a rookie mistake — he posted something online without cloaking his IP address, or computer identity — and someone tipped off the FBI.
Soon after his arrest, he pleaded guilty and began spilling secrets, leading to charges Tuesday against five people in Europe and the U.S., including a Chicago man, and preventing more than 300 attacks along the way, authorities said.
Law enforcement officials said it marked the first time core members of the loosely organized worldwide hacking group Anonymous have been identified and charged in the U.S.
Investigators said Monsegur and the other defendants were all associated with the group, and some were also part of the elite spinoff organization that Monsegur formed last May, Lulz Security or LulzSec. “Lulz” is Internet slang for “laughs” or “amusement.”
Monsegur and the other defendants were accused in court papers of hacking into corporations and government agencies around the world, including the U.S. Senate, filching confidential information, defacing websites and temporarily putting victims out of business. Authorities said their crimes affected more than 1 million people.
Prosecutors said that among other things, the hackers, with Monsegur as their ringleader, disrupted websites belonging to Visa, Mastercard and Paypal in 2010 and 2011 because the companies refused to accept donations to Wikileaks, the organization that spilled a trove of U.S. military and diplomatic secrets.
Also, prosecutors said, Monsegur and the others attacked a PBS website last May and planted a false story that slain rapper Tupac Shakur was alive in New Zealand. Investigators said it was retaliation for what the hackers perceived to be unfavorable news coverage of Wikileaks on the PBS program “Frontline.”
But it was the arrest of Monsegur that sent shockwaves through the Anonymous movement, where many described him as a leader and one of the collective’s most skilled hackers.
Some Anonymous members put on a brave face.
“Anonymous is a hydra, cut off one head and we grow two back,” read one defiant message posted to Twitter.
But the atmosphere in one of the group’s chat rooms had an edge of panic. One Anonymous supporter discussed cleaning the group’s hard drive. Another warned that if Sabu is cooperating, then “we are all going to have the FBI at are (sic) door.”
A Twitter account associated with Monsegur has some 45,000 followers and regularly spouts expletive-filled anti-government messages. His last tweet on Monday was in German and described the federal government as being run by “cowards.” It was apparently aimed at concealing his role as an informant.
“Don’t give in to these people,” the message read. “Fight back. Stay strong.”
Monsegur pleaded guilty in August to charges that included conspiracy to commit hacking, admitting he obtained dozens of credit card numbers online and gave them to others or used them to pay his bills.
His deal with prosecutors requires his full cooperation and testimony at any trial. In return, he gets leniency from a potential prison sentence of more than 120 years. He is free on $50,000 bail.
Also charged with conspiracy to commit computer hacking were Ryan Ackroyd, 23, of Doncaster, England; Jake Davis, 29, of Lerwick, Scotland; Darren Martyn, 25, of Galway, Ireland; Donncha O’Cearrbhail, 19, of Birr, Ireland; and Jeremy Hammond, 27, of Chicago. The Europeans were previously arrested in separate hacking cases, though two of them were re-arrested on Tuesday.
Hammond, who was arrested Monday, appeared before a federal judge in Chicago and was ordered transferred to New York. Hammond was charged with crimes related to the hacking in December of Strategic Forecasting Inc., a global intelligence firm in Austin, Texas, that affected up to 860,000 victims.
In July, when LulzSec’s attacks were grabbing world headlines, someone alleged that Sabu was Monsegur and posted personal details about him on the Internet. Sabu took to Twitter to deny it.
Barrett Brown, a former journalist who became closely associated with Anonymous, said Sabu’s cooperation with the FBI could do serious damage to Anonymous.
“He was an admired Anon,” he said. “He’s been a leader. People came to him with information. God knows what else he told them.”
___
Associated Press writer Satter reported from London. Also contributing were Associated Press writers Colleen Long and David B. Caruso in New York and Michael Tarm in Chicago.
Doxed: how Sabu was outed by former Anons long before his arrest
By Peter Bright |see link for full story
http://arstechnica.com/tech-policy/news/2012/03/doxed-how-sabu-was-outed-by-former-anons-long-before-his-arrest.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss
Doxed: how Sabu was outed by former Anons long before his arrest
When the FBI arrested LulzSec leader Hector “Sabu” Monsegur, they did so in a hurry—hours before the arrest, Sabu was doxed, his identity posted to the Internet. With his name public, federal agents feared that he would start destroying evidence to protect himself, so they ended their covert surveillance and moved in, according to Fox News.
Efforts to name and shame the LulzSec crew during its 50-day rampage were common. Many of these doxings were inaccurate, a result of faulty inferences or deliberate attempts to mislead on the part of the LulzSec hackers.
But not all were wrong. In fact, the game of doxing Sabu was over before it had even started. He was correctly doxed more than two months before his arrest—in fact, more than a month before LulzSec had even started publicly operating.
This first doxing happened after a group of former Anonymous members, displeased at the moralizing direction that Anonymous had taken and at Sabu’s leadership role, decided to take action. Speaking to Gawker almost one year ago, the dissident group calling itself Backtrace Security announced that it was going to post chat transcripts and information about the identies of Anonymous members.
Several days later, it followed through on its promise, releasing IRC logs called “consequences.pdf” (MD5 checksum: a4084efa1713447d295919b4670769da) and a file called”namshub.pdf” (MD5 checksum: 042a645a1bf4cdfb433887424455234e) that showed a spreadsheet of online names, real names, locations, and other evidence about Anonymous members. (The files have now been pulled, allegedly at the “request of the Federal Bureau of Investigation.”)
While at least some of the information in namshub.pdf is incorrect—subsequent arrests have established the real identities of Topiary and Kayla, and they don’t match Backtrace’s claims—one name stands out. Sabu is identified as “Hector Xavier Montsegur.” This is slightly misspelled, but it’s the right name nonetheless. The document also claimed, correctly, that Sabu lives on New York City’s Lower East Side.
The PDFs garnered some attention at the time—they even resulted in Backtrace Security being doxed—but apparently not enough attention to force the FBI’s hand.
Backtrace then decided to out Sabu again. Early in the evening of June 7, the day of Sabu’s arrest, the Twitter account belonging to Backtrace Security wrote: “Hector Xavier Montsegur -aka Xavier de Leon – aka (Sabu).” The same misspelling, but the same correct name.