Arrests Sow Mistrust Inside a Clan of Hackers
Share with others:
For months, The Real Sabu, as he called himself on Twitter, boasted, cursed and egged on his followers to take part in computer attacks against private companies and government agencies worldwide.
"Don't give in to these people," he wrote on Monday, ridiculing "cowards" in the federal government. "Fight back. Stay strong."
It turns out that Sabu had become an informant for federal law enforcement authorities. On Tuesday, in what could be one of the biggest breakthroughs in the government crackdown on a loose, large confederation of politically inspired "hacktivists," he was unmasked and revealed to have helped the authorities catch several fellow hackers in Europe and the United States.
Four men in Britain and Ireland were charged Tuesday with computer crimes; a fifth man was arrested Monday in Chicago.
Court papers identified Sabu as Hector Xavier Monsegur, 28, of New York. He pleaded guilty last August to a dozen counts of conspiracy to attack computers. He had operated since then as usual -- as The Real Sabu, instigating attacks and quoting revolutionaries online.
The prosecutions are part of a wave of coordinated efforts to rein in a leaderless, multinational movement called Anonymous, which has drawn attention for its protests against the Church of Scientology and in support of the whistle-blower site WikiLeaks. It has spawned spinoffs with different names and insignias, among them LulzSec, which claimed to attack computer security companies for laughs, or lulz, and of which Sabu was a prominent, outspoken member.
Just last week, Interpol announced the arrests of 25 people suspected of being Anonymous members in Europe. Sabu reacted to that news on Twitter by urging others to attack Interpol's Web site.
Mr. Monsegur's base of operations seems to have been his late grandmother's sixth-floor apartment in a public-housing project on the Lower East Side of Manhattan. He was apparently self-trained, and he appears to have been equally skilled at hacking and deceiving his fellow hackers. His downfall, if nothing else, will sow even more distrust and dissension in the ranks of Anonymous.
"It is going to be very difficult for Anonymous to recover from such a breach of trust," said Mikko Hypponen, a security researcher at F-Secure Labs in Helsinki. "You can see the Anonymous people now looking left and right and realizing, if they couldn't trust Sabu, who can they trust?"
Whether this will temper the larger hacker cause remains to be seen. Anonymous is a decentralized movement that is, broadly speaking, opposed to state institutions and the companies that work with them, and its members have embraced an ever-shifting variety of causes, including animal rights and democracy in the Middle East.
The ranks are steadily replenished with people of varying skills. The targets have included Fox News, Sony, the government contractor HBGary and the Federal Bureau of Investigation. Favored tactics are either to start brute-force attacks aimed at slowing or shutting down sites, or to break into computer systems and expose embarrassing communications.
Gabriella Coleman, an anthropologist who studies the Anonymous movement and teaches at McGill University in Montreal, said she expected the latest prosecutions would most likely have "a chilling effect" on their hacking tactics.
"These are moments of massive reflection -- who are we, what do we want to be?" she said of Anonymous.
The group's latest highly publicized breach was of the geopolitical analysis firm Stratfor. Its system was first penetrated last December, and the hackers exposed its customers' names and e-mail addresses. Then, starting last week, its internal communications were released on the Internet by a new partner, WikiLeaks.
On Monday night, the F.B.I. arrested Jeremy Hammond, 27, of Chicago, in connection with the Stratfor breach. Mr. Hammond is charged with stealing credit card information and using some of it to rack up more than $700,000 in charges.
Mr. Hammond's neighbors on Tuesday described him as a friendly man who dressed eccentrically, sometimes wearing mismatched shoes and, other times, suspenders. He sat on the front porch of the red brick house where he rented a first-floor apartment, and sometimes played the banjo and made up songs about the goings-on on the street.
Mr. Hammond's eccentricities apparently involved previous run-ins with the F.B.I. In 2006, he was convicted of having hacked into a political group's computer server and stolen credit card numbers. He was sentenced to 24 months in prison.
Also charged in a separate indictment were two Britons, Ryan Ackroyd, 23, and Jake Davis, 29. Mr. Davis, who was known by his nickname Topiary and was as loquacious on Twitter as Mr. Monsegur, was arrested last July in the Shetland Islands.
Also charged in Federal District Court for the Southern District of New York were Darren Martyn, 25, whose nicknames included Pwnsauce, and Donncha O'Cearrbhail, 19, who was known as Palladium.
All four men are accused of hacking into the computer systems of, among others, Fox Broadcasting, Sony Pictures Entertainment and PBS over the last year. (Fox News first reported the prosecutions on Tuesday.)
Mr. O'Cearrbhail is separately charged with breaching the personal e-mail account of an Irish law enforcement official and using it to covertly record a conference call in January in which authorities from several countries, including F.B.I. agents, were discussing investigations of Anonymous and other hacktivist groups.
Mr. Monsegur, for his part, was described as a smart, politically motivated hacker who had steered clear of trouble with the law -- unlike his father, a Bronx resident who was convicted of selling heroin and spent seven years in prison.
A family member who did not want to be identified said that Mr. Monsegur was tall and heavy, and known for being into computers, video games and cars. He had been close to his grandmother, whose apartment in the Jacob Riis Houses became his home and his workshop. He has been living there with his girlfriend's two children, a person in law enforcement said.
Online, Mr. Monsegur was generating international mayhem, according to the complaint, participating in an attack on PayPal, defacing the Web site of the prime minister of Tunisia and breaking into the government of Yemen's computers. His role, court documents say, was to act as a "rooter," identifying vulnerabilities in the target's systems.
Some residents of the housing complex were shocked to hear of the charges. "I don't believe it," said Jaime Reyes, who said he had known Mr. Monsegur for many years, adding: "He was a good kid." Mr. Reyes said Mr. Monsegur seemed to be off at work a lot, and when he was home he was busy taking care of the children. "The way I see him, if somebody was a hacker, they would be home all day," he said.
As is common in cases involving informants, a federal judge will eventually decide whether Mr. Monsegur will be sentenced to jail or to what extent his punishment will be reduced in exchange for his cooperation.
In the days just before his guilty plea was announced, Mr. Monsegur -- or Sabu on Twitter -- was his usual bombastic self. "You think arresting my people will stop our idea? Our love and solidarity will not cease but will be empowered. We are stronger than the gov," he wrote last week.
His last post, on Monday afternoon, was adapted from a quote from the Marxist activist Rosa Luxemburg, in German. "The revolution says I am, I was, I will be," it said.
Reporting was contributed by Nicole Perlroth, Steven Yaccino, Alex Vadukul and Tim Stelloh.
First Published March 7, 2012 12:00 am