Feeds

Who is the mystery sixth member of LulzSec?

And, hang on, what happened to all the loot...

Using blade systems to cut costs and sharpen efficiencies

Tradecraft

The Guardian published leaked logs from LulzSec's main IRC channel in late June 2011. The six appeared prominently in these discussions as well an FBI indictment against Monsegur unsealed months later.

Digital sleuthing by various parties – most notably BackTrace Security and patriots hacker The Jester (th3j35t3r) – led to the public fingering of Monsegur as Sabu. Monsegur was far from the only person named as Sabu - The Jester previously named an innocent Portuguese web designer as a suspect, for example (he later apologised for his error). Pastebin was full of various documents giving multiple "identities" and background details for supposed members of LulzSec and Anonymous for months during 2011. It's doubtful if any of these clues would provide useful leads towards Avunit's real identity.

Police latched onto Monsegur, an unemployed 28-year-old from New York, after he made the mistake of logging into an IRC chat server used by LulzSec without using the Tor anonymisation service - and just days after LulzSec had attacked the Feds.

This lead allowed the FBI to request IP address records from ISPs in order to track down Monsegur's location to a flat he shared with two nieces on Manhattan's Lower East Side, as The Guardian explains in more depth here.

Fellow travellers

As well as the core, founder members of LulzSec, several alleged hackers got involved later and went on to play key roles in LulzSec-related ops or those involving the later AntiSec movement, which sought to expose and lambast the poor security of IT security and intelligence outfits after Lulzsec officially disbanded.

Donncha O’Cearrbhail (AKA palladium), 19, of Birr, Ireland, allegedly taped a conference call between law enforcement officers on both sides of the Atlantic discussing investigations against members of Anonymous that was leaked by the hacktivist collective back in February 2012. He is also charged over the LulzSec-run attacks against Fox Broadcasting Company, Sony Pictures Entertainment, and the Public Broadcasting Service as well as the Fine Gael hack.

Cody Kretsinger, 25, from Decatur, Illinois - better known to his fellow LulzSec cohorts as "Recursion" - was jailed for a year in April for hacking into Sony Pictures Entertainment's computer systems after earlier pleading guilty to the attack.

Last month, Australian Federal Police arrested Matthew Flannery, 24, from Sydney, Australia. Flannery (Aush0k) subsequently said he was "in charge" of LulzSec, a claim doubted by many. So far he has been linked only to a hack attack against a small Australian local government website.

Another hacking suspect – Jeremy Hammond (AKA Anarchaos), 27, of Chicago, Illinois – was arrested on access device fraud and hacking charges in March 2012, and is suspected of playing the central role in the Anonymous hack on security intelligence outfit Stratfor in December 2011.

This was an AntiSec and not a LulzSec operation. But Monsegur, by this time apparently acting as an FBI snitch, tried to persuade the hackers who carried out the raid to store emails looted from Stratfor on a server controlled by the Feds. Information coaxed out of Hammond by Monsegur led directly to Hammond's arrest, the FBI said.

WikiLeaks began publishing emails from Stratfor in February 2012 to expose "how a private intelligence agency works, and how they target individuals for their corporate and government clients".

The whistleblowing site declined to explain how it came by the "Global Intelligence Files" but the dates covered by the emails - from July 2004 to late December 2011 - are consistent with the hacktivists' ransacking of Stratfor back in December 2011.

Another interesting unanswered question, raised by Charles Arthur in The Guardian, is what become of the Bitcoins that LulzSec invited supporters to donate to the cause at the height of their infamy.

At the time each Bitcoin was worth between $6 and $10, and Davis estimated that the group had about $18,000 donated by its supporters. At current prices those funds would be worth 10 times more, or around $180,000. The coins were initially held in multiple wallets but have since been transferred into a single wallet, Hypponen told The Guardian, suggesting that a single person might control the stash.

If we were tying the loose ends of a crime novel, we would assign Avunit the role of custodian of this stash, on behalf of his former partners in crime. But since LulzSec's members never met except online - at least until many of them were put together in a UK court dock this week - and never knew each others' identities, this idea is perhaps fanciful. ®

Boost IT visibility and business value

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.