The one tiny slip that put LulzSec chief Sabu in the FBI's pocket
IRC relays 'infiltrated by the feds'
How Monsegur's role became public
Police detained five men largely based on information supplied by Monsegur. Following these arrests the indictment against Monsegur was unsealed on Tuesday and his admission to a string of computer hacking, conspiracy and fraud charges – as well as his role as an informant – became public knowledge for the first time. According to the indictment, Monsegur's role was to look for vulnerabilities in websites that were then exploited either by himself or other alleged hackers in LulzSec or Anonymous.
In the unsealed indictment, Monsegur pleaded guilty to taking part in the hack attack against HB Gary, stealing information about X-Factor contestants after breaking into systems at Fox, as well as hacks against FBI-affiliated computer security association Infraguard. Hacks against PBS and Sony Pictures also appear on the charge sheet.
He has also pleaded guilty to using stolen credit card information to pay for car parts valued at $3,450. Monsegur also admitted profiting by selling on the login details of compromised bank accounts, a form of aggravated identity theft.
The FBI said that information supplied by Monsegur allowed it to charge four men with offences linked to LulzSec and another US man regarding the high-profile hack on Stratfor, the private-sector intelligence firm, as explained in a statement here.
Ryan Ackroyd (AKA Kayla), 23, of Doncaster, United Kingdom, Jake Davis (AKA Topiary), 29, of Lerwick, Shetland Islands, Darren Martyn (AKA pwnsauce), 25, of Galway, Ireland, and Donncha O’Cearrbhail (AKA palladium), 19, of Birr, Ireland, were charged with various offences connected to LulzSec. The quartet are accused of conspiring to hack Fox Broadcasting Company, Sony Pictures Entertainment, and the Public Broadcasting Service (PBS).
O’Cearrbhail was further charged in a separate case with intentionally disclosing an unlawfully intercepted wire communication - a conference call between law enforcement officers on both sides of the Atlantic discussing investigations against members of Anonymous that was leaked by the hacktivist collective last month.
It now seems likely that those taking part in the call were likely tipped off that an eavesdropper was on the line or at least that the leaked excerpt was screened by Monsegur and his FBI handlers.
A fifth suspect – Jeremy Hammond (AKA Anarchaos), 27, of Chicago, Illinois – was arrested on access device fraud and hacking charges, and is suspected of involvement in the December Anonymous hack on security intelligence outfit Stratfor.
LulzSec began as a splinter group separated off from anarchic online collective Anonymous prior to mounting scores of high-profile hacks over a seven-week period before disbanding in late June last year, shortly after Monsegur's initial arrest. Its targets included HB Gary Federal, defence contractors, police departments, FBI-affiliated security firms, the CIA, the US Senate, online gaming operations including EVE Online and corporations including Fox, News Corporation, Sony and many others.
Website defacement and the extraction and release of sensitive information siphoned away from insecure systems were among the activists group's typical tactics.
After disbanding the group returned to the Anonymous fold, most notably taking part in OpAntiSec operations designed to expose poor corporate security and show support for various political causes including the Occupy movement and the Arab Spring protests, among others.
Sabu signed off from his @AnonymousSabu account hours before news of Monsegur's arrest – and co-operation with the FBI – became public knowledge with a quote from Marxist revolutionary Rosa Luxemburg. The German message translates as: "The revolution says I am, I was, I will be." ®
1It's unclear at the time of writing whether this compromised access was linked to the July 2011 arrest of a 19-year-old from Essex, who allegedly ran an IRC channel used by LulzSec.
2Sabu took his handle from a New York-born pro-wrestler who billed himself as a Saudi Arabian to incite jingoistic crowds. "Sabu the Elephant Boy" played the bad guy in bouts and had a reputation for shedding as much blood as he drew during his heyday in the '80s and '90s. Sabu also means father in Arabic but that seems to have been something of a coincidence.
3The close monitoring is at least partially explained by the case of Albert Gonzalez, a cybercrook who went on to mastermind the multi-million Heartland Systems and TJ Maxx credit card frauds at the same time as working as an US Secret Service informant. Gonzalez was jailed for 20 years in March 2010.
Sponsored: Global DDoS threat landscape report