One of the world’s most-wanted hackers secretly became an FBI informant last year, providing evidence that led to charges yesterday against five other suspected leaders of the Anonymous international hacking group.
In a major blow to Anonymous, which has attacked the websites of government agencies and companies around the world, U.S. authorities revealed that a leading hacker “Sabu” was Hector Xavier Monsegur and that he was arrested at his small apartment in a Manhattan housing complex last June.
At a secret court hearing on Aug. 15, 2011, Monsegur, 28, pleaded guilty to each of the 12 computer crimes and agreed to cooperate with authorities in exchange for leniency, according to a transcript that was made public on Tuesday.
U.S. prosecutors and the FBI on Tuesday announced charges against five other men, including two in Britain and two in Ireland who were all previously arrested.
The fifth was Jeremy Hammond, known as “Anarchaos,” who was arrested in Chicago on Monday on charges of hacking into Strategic Forecasting Inc, or “Stratfor”, a global intelligence and research firm, in December 2011.
All six were top members of LulzSec, an offshoot of the loose-knit international cyber-activist group Anonymous.
“These cyber criminals affiliated themselves with Anonymous in different ways. They are not Anonymous today, they have been identified and charged,” said a law enforcement official, who did not want to be identified as the investigation was ongoing.
LulzSec and Anonymous have taken credit for carrying out attacks against the CIA, Britain’s Serious Organized Crime Agency, Japan’s Sony Corp, Mexican government websites and the national police in Ireland. Other victims included Rupert Murdoch’s UK newspaper arm News International, Fox Broadcasting and Sony Pictures Entertainment.
Cyber security experts said the arrests were a major setback for Anonymous and other hacking groups affiliated with it.
“Sabu was seen as a leader … Now that Anonymous realizes he was a snitch and was working on his own for the Fed, they must be thinking: ‘If we can’t trust Sabu, who can we trust?'” said Mikko Hypponen, chief research officer at Finnish computer security company F-Secure.
“It’s probably not going to be the end of Anonymous, but it’s going to take a while for them to recover, especially from the paranoia,” Hypponen said.
Other experts said it remained to be seen if the arrests would put an end to illegal hacking by Anonymous affiliates.
“You always worry in these things that they’ve got the guys at the fringes of the group,” said Stewart Baker, a former senior official at the Department of Homeland Security and now a cyber security expert at the law firm Steptoe and Johnson.
Online chat rooms favored by Anonymous filled on Tuesday with bile and worry about who would be next. One member warned that Monsegur had better have good FBI bodyguards, while others said the arrests could prompt retaliatory attacks.
The Anonymous-affiliated Twitter account @YourAnonNews called Monsegur a “traitor” and played down the charges, claiming “we don’t have a leader”.
The hacking movement he helped foment was still in action after his exposure. Late on Tuesday, hackers acting in the name of Antisec broke into websites owned by Panda Security, which had helped police investigate Anonymous before recent arrests in Europe.
The hackers left profanity-laden criticism of both the Spain-based company and Sabu. “Yeah yeah we know Sabu snitched on us”, they wrote. “Love to those who fight for something they believe in”.
Born in New York, Monsegur attended college and worked at technology jobs, displaying a rare combination of hacking talent, working-class sensibility and political conviction. He said he first hacked for a cause more than a decade ago when he interfered with communications during controversial U.S. Navy bombing exercises in Vieques, Puerto Rico.
According to a posting on an online chat room in September that appears to include “Sabu,” he was asked what advice he would give new hackers.
“Stick to yourselves,” replied “Sabu.” “If you are in a crew – keep your opsec up 24/7. Friends will try to take you down if they have to.”
As a leader of Lulz Security (LulzSec), Monsegur took responsibility for attacks on the websites of eBay’s PayPal, MasterCard Inc and Visa Inc between December 2010 and June 2011, according to court papers.
He is free on a US$50,000 bond. One of the charges carries a possible maximum prison term of 30 years.
Representatives of the companies, which had been targeted because they refused to process donations to WikiLeaks, declined to comment on the arrests
Monsegur also identified himself as a member of hacking group “Internet Feds” while Hammond said he was a member of another Anonymous affiliate, “AntiSec,” officials said.
A criminal complaint quotes one of Hammond’s postings as saying, “We call upon all allied battleships, all armies from darkness, to use and abuse these password lists and credit card information to wreak unholy havoc upon systems and personal email accounts of these rich and powerful oppressors.”
Lawyers for Monsegur and Hammond did not immediately return calls seeking comment on the charges.
U.S. authorities said the cyber attacks had affected more than 1 million people and the computer systems of foreign governments, such as Algeria, Yemen and Zimbabwe.
Authorities said Monsegur and three of the charged men raided personal information about 70,000 potential contestants on Fox Television show “X-Factor.”
In another example of the hacking, officials said defendants and others broke into computer servers of HBGary company in California and Colorado, including about 60,000 emails and posted them on a file-sharing website.
In a May 2011 hack on Sony Pictures, some of the defendants stole confidential information of about 100,000 users of the Sony Pictures website, including passwords, email addresses, home addresses and dates of birth.
“I personally participated in cyber attacks on the systems of HBGary and Fox, resulting in a loss of more than $5,000, and I knew my conduct was illegal,” Monsegur confessed in August at his plea proceeding.
Last summer, as part of a coordinated law enforcement raid on the group, British police arrested Jake Davis, another suspected member of LulzSec who went by the nickname “Topiary.”
One of the cases announced on Tuesday was against Davis, a teenager accused of computer attacks on Sony, UK crime and health authorities, and Rupert Murdoch’s UK newspaper arm News International, a unit of News Corp.
Davis is believed to have controlled the main Twitter account of Lulz Security, which the group used to publish data obtained by hacking into corporate and government networks.
LulzSec has more than 350,000 followers on Twitter.
Last month, Anonymous published a recording of a confidential call on Jan. 17 between the FBI and London detectives in which the agents discussed action against hackers. One of the six arrested on Tuesday was Donncha O’Cearrbhail, 19, of Ireland, who was charged over the telephone intercept.