An insight into the Anonymous hacker-turned-informant

By Dan Kaplan on Mar 8, 2012 8:23 AM
Filed under Security

Did Sabu's snitching kill the hacktivist movement?

One of the most visible members of Anonymous and LulzSec is a snitch.

His name is Hector Monsegur, a 28-year-old living in the housing projects on New York's Lower East Side. But to most people, he's Sabu, one of the major mouthpieces of the Anonymous movement who was responsible, according to authorities, for a number of high-profile hacks. 

But since he was arrested in early June, he's been working with the FBI to rat out his fellow Anons, all the while continuing to urge on his Twitter supporters, as recently as last week, to infiltrate police and government agencies around the world.

"He was admired and disliked, just like any prominent figure in Anonymous," Barrett Brown, an unofficial spokesman with Anonymous and founder of the online activist group Project PM, said on Tuesday.

Monsegur pleaded guilty in August to 12 hacking charges, including his role in attacks on HBGary, Sony Pictures, Fox, InfraGard and PBS, in addition to government systems in Algeria, Yemen and Tunisia, according to an FBI news and U.S. attorney's office release.

The federal complaint against Monsegur was unsealed on Tuesday. It details the alleged actions of Monsegur from December 2010, when he helped launch distributed denial-of-service attacks against companies, such as MasterCard, out of support for WikiLeaks, until June 7 of last year.

When he was picked up by authorities, Monsegur was helping to lead LulzSec, a tight-knit but highly skilled offshoot of Anonymous.

Monsegur faces up to 124 1/2 years in prison, but will likely cut a deal that will result in far less time. According to the FBI, his statements helped law enforcement charge five other people on Monday with roles in hacks.

They were: Ryan Ackroyd (aka kayla), 23, of the U.K.; Darren Martyn (aka pwnsauce), 25, of Ireland; Donncha O'Cearrbhail (aka palladium), 19, of Ireland and Jeremy Hammond (aka anarchaos), 27, of Chicago. In addition, Jake Davis (aka topiary), who was arrested in July for his alleged involvement with LulzSec, faces additional charges.

Two of the defendants were responsible for highly publicised recent attacks. Hammond helped break into the databases of global affairs firm Stratfor to steal millions of corporate emails, hundreds of thousands of records on clients and tens of thousands of credit card numbers, authorities said.

O'Cearrbhail is also accused of hijacking the personal email account of an Irish police agent to retrieve information that enabled him to dial in to an FBI-Scotland Yard conference call and record it.

But while Tuesday's news sent shockwaves across the security industry and hacking community, Sabu's identity was accurately doxed months earlier in a number of posts.

There was also suspicion that he was working with authorities. In an exchange posted Aug. 16 to Pastebin, Sabu and a hacker using the alias "Virus" held a lengthy and heated online conversation.

At one point, Virus offered a prescient comment: "I'm absolutely positive you already got raided, and are setting your friends up and when they're [authorities] done draining you for information and arrests they'll sentence you."

Brown, the Anonymous operative, said he recently worked with Monsegur in an IRC channel to dissect and analyse the Stratfor emails. He said he trusted Monsegur and now is "trying to assess what the deal is entirely."

On Tuesday morning, federal agents raided Brown's apartment in Dallas, as well as the home of his mother, where he was staying. On Monday, he was tipped off about the raid, so was able to secure his laptops before the authorities showed up.

Brown, one of the most visible faces of Anonymous, said this is the first time he has ever been contacted by law enforcement related to his association.

He said he doesn't anticipate any Anonymous-led intrusions coming to a halt.

"Stuff is going to keep happening and probably there will be reaction to this in particular, against the feds," Brown predicted.

Jeffrey Carr, founder and CEO of security firm Taia Global, which closely monitors the actions of Anonymous, agreed that little is likely to change as a result of the Sabu revelations. But the incident may force the loose-knit hacktivist collective to implement better internal security measures to ensure others aren't trusted while at the same time serving as informants.

"Anonymous has the same problem many corporations have," Carr said. "How to defend against the insider threat."

Mikko Hypponen, chief research officer of anti-virus firm F-Secure, said he interacted with Monsegur in 2005 when the hacker discovered a vulnerability in an F-Secure gateway product, which he responsibly disclosed.

But he became upset when he didn't hear back from the company, which occurred because he was emailing an account that wasn't regularly monitored. The pair later squabbled over Twitter when Monsegur, who at that time was working with the FBI, accused F-Secure of supporting the controversial Stop Online Piracy Act (SOPA).

"This guy is really unpredictable," Hypponen said.

As for the future of Anonymous, Hypponen said he thinks the news may have a detrimental effect, at least in the short term.

"It will spread paranoia within the Anonymous movement," he said. "Now they will be thinking, 'Who else is snitching?' If you can't trust Sabu, who else can't you trust?"

Some of the more reliable Anonymous Twitter accounts took the news in stride.

"Don't you get it by now?" one tweeted. "Anonymous is an idea. Anonymous is a movement. It will keep growing, adapting and evolving, no matter what."

This article originally appeared at scmagazineus.com

 
Follow us on Facebook and Twitter
 

Copyright © SC Magazine, US edition

An insight into the Anonymous hacker-turned-informant
 
 
 
 
 
Top Stories
 
10 things we learned this week
Dick's chic Move, how Microsoft Finnish-ed Nokia and more family time for $1.29m.
 
100 Android apps, 150m downloads exposed to Heartbleed
Affected apps include chart toppers in the Google Play store.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Latest Comments
Polls
Are Chromebooks ready for the enterprise?

CRN Magazine

Issue: 325 | March 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.