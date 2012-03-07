* Leading hacker "Sabu" turned FBI "mole" after 2011 arrest
* "Sabu" pleaded quilty to 12 charges, led to 5 more arrests
* Arrests major blow to Anonymous-cyber security experts
* Investigation shows more than 1 mln hacking victims
By Basil Katz and Grant McCool
NEW YORK, March 6 One of the world's
most-wanted hackers secretly became an FBI informant last year,
providing evidence that led to charges on Tuesday against five
other suspected leaders of the Anonymous international hacking
group.
In a major blow to Anonymous, which has attacked the
websites of government agencies and companies around the world,
U.S. authorities revealed that a leading hacker "Sabu" was
Hector Xavier Monsegur and that he was arrested at his small
apartment in a Manhattan housing complex last June.
At a secret court hearing on Aug. 15, 2011, Monsegur, 28,
pleaded guilty to each of the 12 computer crimes and agreed to
cooperate with authorities in exchange for leniency, according
to a transcript that was made public on Tuesday.
U.S. prosecutors and the FBI on Tuesday announced charges
against five other men, including two in Britain and two in
Ireland who were all previously arrested.
The fifth was Jeremy Hammond, known as "Anarchaos," who was
arrested in Chicago on Monday on charges of hacking into
Strategic Forecasting Inc, or "Stratfor", a global intelligence
and research firm, in December 2011.
All six were top members of LulzSec, an offshoot of the
loose-knit international cyber-activist group Anonymous.
"These cyber criminals affiliated themselves with Anonymous
in different ways. They are not Anonymous today, they have been
identified and charged," said a law enforcement official, who
did not want to be identified as the investigation was ongoing.
LulzSec and Anonymous have taken credit for carrying out
attacks against the CIA, Britain's Serious Organized Crime
Agency, Japan's Sony Corp, Mexican government websites
and the national police in Ireland. Other victims included
Rupert Murdoch's UK newspaper arm News International, Fox
Broadcasting and Sony Pictures Entertainment.
Cyber security experts said the arrests were a major setback
for Anonymous and other hacking groups affiliated with it.
"Sabu was seen as a leader ... Now that Anonymous realizes
he was a snitch and was working on his own for the Fed, they
must be thinking: 'If we can't trust Sabu, who can we trust?'"
said Mikko Hypponen, chief research officer at Finnish computer
security company F-Secure.
"It's probably not going to be the end of Anonymous, but
it's going to take a while for them to recover, especially from
the paranoia," Hypponen said.
Other experts said it remained to be seen if the arrests
would put an end to illegal hacking by Anonymous affiliates.
"You always worry in these things that they've got the guys
at the fringes of the group," said Stewart Baker, a former
senior official at the Department of Homeland Security and now a
cyber security expert at the law firm Steptoe and Johnson.
INFORMANT HACKER "TRAITOR"
Online chat rooms favored by Anonymous filled on Tuesday
with bile and worry about who would be next. One member warned
that Monsegur had better have good FBI bodyguards, while others
said the arrests could prompt retaliatory attacks.
The Anonymous-affiliated Twitter account @YourAnonNews
called Monsegur a "traitor" and played down the charges,
claiming "we don't have a leader".
The hacking movement he helped foment was still in action
after his exposure. Late on Tuesday, hackers acting in the name
of Antisec broke into websites owned by Panda Security, which
had helped police investigate Anonymous before recent arrests in
Europe.
The hackers left profanity-laden criticism of both the
Spain-based company and Sabu. "Yeah yeah we knowSabu snitched
on us", they wrote. "Love to those who fight for something they
believe in".
Born in New York, Monsegur attended college and worked at
technology jobs, displaying a rare combination of hacking
talent, working-class sensibility and political conviction. He
said he first hacked for a cause more than a decade ago when he
interfered with communications during controversial U.S. Navy
bombing exercises in Vieques, Puerto Rico.
According to a posting on an online chat room in
September that appears to include "Sabu," he was asked what
advice he would give new hackers.
"Stick to yourselves," replied "Sabu." "If you are in a crew
- keep your opsec up 24/7. Friends will try to take you down if
they have to."
As a leader of Lulz Security (LulzSec), Monsegur took
responsibility for attacks on the websites of eBay's
PayPal, MasterCard Inc and Visa Inc between
December 2010 and June 2011, according to court papers.
He is free on a $50,000 bond. One of the charges carries a
possible maximum prison term of 30 years.
Representatives of the companies, which had been targeted
because they refused to process donations to WikiLeaks, declined
to comment on the arrests
A MILLION VICTIMS
Monsegur also identified himself as a member of hacking
group "Internet Feds" while Hammond said he was a member of
another Anonymous affiliate, "AntiSec," officials said.
A criminal complaint quotes one of Hammond's postings as
saying, "We call upon all allied battleships, all armies from
darkness, to use and abuse these password lists and credit card
information to wreak unholy havoc upon systems and personal
email accounts of these rich and powerful oppressors."
Lawyers for Monsegur and Hammond did not immediately return
calls seeking comment on the charges.
U.S. authorities said the cyber attacks had affected more
than 1 million people and the computer systems of foreign
governments, such as Algeria, Yemen and Zimbabwe.
Authorities said Monsegur and three of the charged men
raided personal information about 70,000 potential contestants
on Fox Television show "X-Factor."
In another example of the hacking, officials said defendants
and others broke into computer servers of HBGary company in
California and Colorado, including about 60,000 emails and
posted them on a file-sharing website.
In a May 2011 hack on Sony Pictures, some of the defendants
stole confidential information of about 100,000 users of the
Sony Pictures website, including passwords, email addresses,
home addresses and dates of birth.
"I personally participated in cyber attacks on the systems
of HBGary and Fox, resulting in a loss of more than $5,000, and
I knew my conduct was illegal," Monsegur confessed in August at
his plea proceeding.
Last summer, as part of a coordinated law enforcement raid
on the group, British police arrested Jake Davis, another
suspected member of LulzSec who went by the nickname "Topiary."
One of the cases announced on Tuesday was against Davis, a
teenager accused of computer attacks on Sony, UK crime and
health authorities, and Rupert Murdoch's UK newspaper arm News
International, a unit of News Corp.
Davis is believed to have controlled the main Twitter
account of Lulz Security, which the group used to publish data
obtained by hacking into corporate and government networks.
LulzSec has more than 350,000 followers on Twitter.
Last month, Anonymous published a recording of a
confidential call on Jan. 17 between the FBI and London
detectives in which the agents discussed action against hackers.
One of the six arrested on Tuesday was Donncha O'Cearrbhail, 19,
of Ireland, who was charged over the telephone intercept.