FBI nabs LulzSec leaders as spokesman Sabu is revealed as informant

Threat of prison turned hacktivist leader, who gathered evidence on colleagues for months

FoxNews is reporting that five remaining leaders and members of the LulzSec hacktivist group were arrested by the FBI this morning with the help of Sabu, a LulzSec member who has been helping the FBI secretly for the past eight months.

Fox identifies Sabu as Hector Xavier Monsegur, 28, an unemployed father of two living in a public housing project on New York's Lower East Side.

Monsegur, according to Fox, worked with the FBI for more than eight months to gather evidence against other members of LulzSec, most of whom were arrested this morning.

    Among those indicted for conspiracy and other hacking-related charges were:
  • Ryan Ackroyd, aka "Kayla" of London;
  • Jake Davis, aka “Topiary,” of London;
  • Darren Martyn, aka "pwnsauce," who lives in Ireland
  • Donncha O’Cearrbhail, aka "palladium," also of Ireland;
  • Jeremy Hammond aka "Anarchaos," of Chicago.

LulzSec was a spin-off group from the Anonymous hacktivist collective, which went on a high-profile campaign over hack attacks designed more for their propaganda value than definable results, though LulzSec'ers frequently posted sensitive or personal information about both members of law-enforcement agencies and of commercial sites its members had cracked.

LulzSec's reign of annoyance ticked off elder members of the hacking community, who regarded them as poseurs and script-kids who attracted trouble for other hackers by choosing targets likely to launch reprisals and bragging about skill they did not have.

"We're just fed up of people thinking anon/lulzsec are hackers when clearly they are just DDoSers and SQLi skids," hacker group TeamPoison tweeted at the time.

Turning Sabu into "a rat'

The FBI "secretly" arrested Sabu in June, according to information given by the FBI to FoxNews, pressured him into pleading guilty to 12 hack-related charges and turned him using the threat of a two-year prison sentence that would force him to pay a higher price than his reluctance to help the FBI build a case against other members of LulzSec.

"He didn’t go easy,” an unnamed official told Fox. "It was because of his kids. He didn’t want to go away to prison and leave them. That’s how we got him."

For eight months Sabu worked either from FBI offices or from a laptop provided by the FBI that gave investigators a real-time view of what Sabu was doing.

FBI agents took Sabu's original laptop as evidence, probing data on it using encryption keys Sabu provided.

During the time he worked for the FBI Sabu participated in several e-mail interviews with tech media outlets, though the answers provided came either directly from FBI agents or with their approval of each before Sabu sent the answers himself.

The interviews were filled with deliberate misinformation designed to preserve Sabu's cover as a snitch and allow the FBI to manipulate other members of LulzSec into helping unwittingly in the investigation.

Sabu gathers evidence, does favors for FBI, keeps CIA from being embarrassed

Among the more humiliating favors Sabu was compelled to perform was to save the CIA from its own humiliation after members of LulzSec launched a DDOS attack that froze and threatened to crash it.

"We told Sabu to tell them to stop," an official said. "'It’s embarrassing for the CIA,' we told Sabu, 'Make them stop, now.’”

Sabu sent out the order: “You’re knocking over a bee’s nest,” he warned his associates. “Stop.”

They did. – FoxNews March 6, 2012

LulzSec attacked CIA.gov in June of last year, though only for a few hours.

Anonymous, the hacktivist group from which LulzSec split off and then rejoined, also attacked CIA.gov, fitfully though successfully, last month as retaliation for the shutdown of MegaUpload.

Sabu gathered leads on other potential targets from other LulzSec members, passing along tips on government sites that were particularly vulnerable or were the target of imminent attacks.

He also, according to Fox, fact-checked LuzSec claims to have penetrated various government web sites to give FBI agents guidance on which required quick responsed. LulzSec hacktivists rarely stole or destroyed information after penetrating the secure sites, FBI officials told Fox.

The 51-day hacking spree against targets such as the U.S. Senate, FBI, CIA and various commercial sites put LulzSec on the target list of almost every federal law enforcement agency with any cybersecurity capabilities at all.

Other hackers and hacking groups, including WebNinjas, TheJester and TeamP0is0n also helped the FBI, though covertly, by doxing or exposing the home domain names, email or text correspondence and sometimes street addresses and proper names of LulzSec members, including Sabu.

The FBI did not identify the information that led it to Sabu, though other members of LulzSec were arrested last fall after revealing themselves in a variety of relatively simplistic ways.

The five arrested this morning face a variety of charges, including conspiracy, illegal intrusion into protected sites, data theft and identity theft.

The FBI views the arrests as "chopping the head off LulzSec," according to one Fox source. The organization that called itself LulzSec claimed to have disbanded in June, though individual members continued their activites as individuals or members of Anonymous as well as continuing to work with extant LulzSec members, giving the group de facto life long after members retired the name to try to escape heat from the FBI and other groups.

The revelation that Sabu turned his coat to help gather evidence on other hackers isn't likely to go down well with other LulzSec'ers or hackers who view themselves as fringers too radical for the comparatively careful and purposeful operations launched by Anonymous.

"You might be a messiah in the hacking community but you’re still a rat,” one investigator told Fox.

Another, apparently believing Sabu and LulzSec remain leaders of the skeptical, meritocratic, script-kid-dismissing upper echelons of the hacking community, predicted the revelation would have an even greater impact:

"When people in the hacking community realize their God has actually been cooperation with the government, it’ll be sheer terror," Fox quoted him as saying.

As of press time today, Anonymous, WebNinjas, TheJester and TeamP0is0n had not made any public admission of their terror.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies