For months, The Real Sabu, as he called himself on Twitter, boasted, cursed and egged on his followers to take part in computer attacks against private companies and government agencies worldwide.
“Don’t give in to these people,” he wrote, ridiculing “cowards” in the federal government. “Fight back. Stay strong.” It turns out that Sabu had become an informant for federal law enforcement authorities. On Tuesday, in what could be one of the biggest breakthroughs in the government crackdown on a loose, large confederation of politically inspired ‘hacktivists,’ he was unmasked and revealed to have helped authorities catch several fellow hackers in Europe and the United States.
Four men in Britain and Ireland were charged Tuesday with computer crimes; a fifth man was arrested Monday in Chicago. Court papers identified Sabu as Hector Xavier Monsegur, 28, of New York. He pleaded guilty in August to a dozen counts of conspiracy to attack computers. He had operated since then as usual – as The Real Sabu, instigating attacks and quoting revolutionaries online.
The prosecutions are part of a wave of coordinated efforts by law enforcement officials worldwide to rein in a leaderless, multinational movement called Anonymous, which has drawn attention for its protests against the Church of Scientology and in support of the whistle-blower site WikiLeaks.
It has spawned spinoffs with different names and insignias, among them LulzSec, which claimed to target computer security companies for laughs, or lulz, and of which Sabu was a prominent, outspoken member.
Just last week, Interpol announced the arrests of 25 people suspected of being Anonymous members in Europe. Sabu reacted to that news on Twitter by urging others to attack Interpol’s website. Monsegur’s base of operations seems to have been his late grandmother’s sixth-floor apartment in a public-housing project in Manhattan. He was apparently self-trained, and he appears to have been equally skilled at hacking and deceiving his fellow hackers. His demise, if nothing else, will sow even more distrust and dissension in the ranks of Anonymous.
“It is going to be very difficult for Anonymous to recover from such a breach of trust,” said Mikko Hypponen, a security researcher at F-Secure Labs in Helsinki.
Whether this will temper the larger hacktivist cause remains to be seen. Anonymous is a decentralised movement that is, broadly speaking, against state institutions and the companies that work with them, and they have embraced an ever-shifting variety of causes, from animal rights to democracy in the Middle East. Their ranks are steadily replenished with people of varying skills. Their targets have included Fox News, Sony, the government contractor HBGary and the FBI. Their favoured tactics are either to start brute-force attacks aimed at slowing or shutting down sites, or to break into computer systems and expose embarrassing communications.
Gabriella Coleman, an anthropologist who studies the Anonymous movement and teaches at McGill University, said she expected the latest prosecutions would likely have ‘a chilling effect’ on their hacking tactics. “These are moments of massive reflection – who are we, what do we want to be?” she said of Anonymous.
The group’s members may have gotten wind of a crackdown as early as last week, when a Twitter post warned: “The FBI is planning a massive sweep this weekend.”
The group’s latest highly publicised breach was of the geopolitical analysis firm Stratfor. Its system was first penetrated in December, and the hackers exposed its customers’ names and email addresses. Then, starting last week, its internal communications were released on the Internet by a new partner, WikiLeaks.
On Monday night, the FBI arrested Jeremy Hammond, 27, of Chicago, in connection with the Stratfor breach. Hammond is charged with stealing credit card information and using some of it to rack up more than $700,000 in charges.
Hammond’s neighbours described him as a friendly man who dressed eccentrically, sometimes wearing mismatched shoes and, other times, suspenders. Hammond’s eccentricities apparently involved previous run-ins with the FBI. In 2006, he was convicted of having hacked into a political group’s computer server and stolen credit card numbers. He was sentenced to 24 months in prison.
Separate indictment
Also charged in a separate indictment were two Britons, Ryan Ackroyd, 23, and Jake Davis, 29. Davis, who was known by his nickname Topiary and was as loquacious on Twitter as Monsegur, was arrested in July in the Shetland Islands. Also charged in US district court for the southern district of New York were Darren Martyn, 25, whose nicknames included Pwnsauce, and Donncha O’Cearrbhail, 19, who was known as Palladium.
All four men are accused of hacking into the computer systems of, among others, Fox Broadcasting, Sony Pictures Entertainment and PBS over the past year. (Fox News first reported the prosecutions Tuesday.)
O’Cearrbhail is separately charged with breaching the personal email account of an Irish law enforcement official and using it to covertly record a conference call in January in which authorities from several countries, including FBI agents, were discussing investigations of Anonymous and other hacktivist groups. Monsegur, for his part, was described as a smart, politically motivated hacker who had steered clear of trouble with law enforcement – unlike his father, a Bronx resident who was convicted of selling heroin and spent seven years in prison.
A family member who did not want to be identified said Monsegur had been close to his grandmother, whose apartment in the Jacob Riis Houses became his home and his workshop. He has been living there with his girlfriend’s two children, a person in law enforcement said. Online, Monsegur was generating international mayhem, according to the complaint, participating in an attack on PayPal, defacing the website of the prime minister of Tunisia and breaking into the government of Yemen’s computers. His role, court documents say, was to act as a “rooter,” identifying vulnerabilities in the target’s computer system.
As is common in cases involving informants, a federal judge will eventually decide whether Monsegur will be sentenced to jail or to what extent his punishment will be reduced in exchange for his cooperation.
In the days just before his guilty plea was announced, Monsegur – or Sabu on Twitter – was his usual bombastic self. “You think arresting my people will stop our idea? Our love and solidarity will not cease but will be empowered. We are stronger than the gov,” he wrote last week. His last post, on Monday afternoon, was adapted from a quote from Marxist activist Rosa Luxemburg, in German. “The revolution says I am, I was, I will be,” it said.
