Sabu's sordid story detailed in FBI indictment

Filed Under: Data loss, Featured, Law & order

Federal Marshall badge courtesy of ShutterstockAs Graham wrote earlier today, Hector Xavier Monsegur (a/k/a “Sabu,” a/k/a “Xavier DeLeon,” a/k/a “Leon”) and five co-conspirators were arrested this morning in connection with hacks under the banners of Anonymous, Internet Feds and LulzSec.

Sabu plead guilty to 12 counts in the indictment in addition to having cooperated with the FBI since June 7, 2011. He faces a maximum sentence of 124 years and 6 months in prison.

The FBI broke down Sabu's activities into sections based on his affiliations with different groups over the last two years.

Count one charges him with Conspiracy to Engage in Computer Hacking during his association with Anonymous from December 2010 through early 2011.

Operation Tunisia PosterThis includes participating in the DDoS attacks against Mastercard, Visa and PayPal; DDoSing, hacking and defacing computers owned by the Tunisian government; DDoSing Algerian government websites; DDoSing and hacking Yemeni government websites; and breaking into Zimbabwe government websites and attempting to steal confidential email.

Count two charges Sabu with Conspiracy to Engage in Computer Hacking during his escapades with an Anonymous splinter group called Internet Feds.

He admits to hacking HB Gary and HB Gary Federal; stealing confidential information, emails, and data from rootkit.com; and defacing Aaron Barr's Twitter account.

Other crimes committed by Internet Feds include unauthorized access to systems at publisher The Tribune Company and unauthorized access to systems at Fox Broadcasting, resulting in publication of personal information about aspiring contestants for Fox's X-Factor.

The third count includes the charges related to Sabu's activities while heading up LulzSec (Lulz Security). Sabu's LuzSec co-conspirators include Kayla, Topiary, TFlow, Pwnsauce and AVUnit.

The third count includes the attack on PBS after it aired a Frontline episode about Bradley Manning and the WikiLeaks saga.

Lulz banner from PBS hack

Sabu next targeted Sony Pictures, gaining unauthorized access and stealing confidential data. Around the same time he began targeting Sony Music based on a tip on a vulnerability from a LulzSec supporter.

He proceeded to compromise Sony Music Belgium and Sony Music The Netherlands and steal data, including upcoming release dates for albums they publish. He also passed along a vulnerability found in Sony Music Russia to other members of the group.

Infragard logoSabu also admitted to hacking FBI affiliate Infragard Atlanta and security firm Unveillance. He thieved usernames, passwords and confidential data; defaced the Infragard website; and stole the emails of Unveillance's CEO.

Other charges under the third count are hacking the US Senate's website based on a tip about a vulnerability and stealing confidential data, as well as compromising software firm Bethesda Software and publishing stolen usernames, passwords and emails.

The incidents sparking the first three counts have already been reported by the media, but count four is where the story starts to get interesting. Those who have supported these groups' efforts and given them attention on Twitter and elsewhere should be advised that Sabu was not just in it for the lulz.

Count four charges Sabu with Computer Hacking in Furtherance of Fraud. He hacked into the computers of an auto parts company and proceeded to manipulate its systems to ship himself four automobile engines, together worth approximately $3450 USD.

ID Theft image courtesy of ShutterstockCount five is for Conspiracy to Commit Access Device Fraud, otherwise known as credit card fraud. Sabu stole credit card information from two of the organizations he breached and purchased purloined cards on underground "carder" forums.

He used these cards to pay at least $1000 USD in personal bills and sold cards to others to enable them to make fraudulent charges to the victims.

Count six is for Conspiracy to Commit Bank Fraud. Sabu had acquired the bank account numbers, routing numbers, social security numbers, names and addresses of more than a dozen victims and provided this information to his co-conspirators, who used it to commit bank fraud.

Last but not least, count seven is for Aggravated Identity Theft related to counts five and six. This enables the US government to seize assets equal to the personal gain Sabu enjoyed from his crimes and for proceeds attained by others based on his actions.

Those arrested today are lucky President Obama's proposed cybercrime legislation that added computer crimes to the Racketeer Influenced and Corrupt Organizations (RICO) Act had not been written into law. Many of the charges against LulzSec members would have qualified for far harsher punishments.

Those who suggest Sabu's actions were just hacktivism or "for the lulz" need to recognize that Sabu wasn't a Robin Hood who nobly gave voice to a cause, but a thief who admitted to lining his own pockets.

EFF logoFree speech is an important issue and we should all be on guard to protect it, exercise it and lawfully fight for it, on and offline.

People who wish to support digital freedom should contribute their time and money to organizations like the Electronic Frontier Foundation, or donate their mad computer skillz to Hackers for Charity.

However, the actions of Sabu and his co-conspirators are not the way forward. Hopefully the prominence of this case will inspire those passionate about political and social causes to take a different path.

Don't be a Sabu... These stories take too long to write.

Federal Marshall badge and ID Theft image courtesy of Shutterstock.

, , , , , , , ,

You might like

10 Responses to Sabu's sordid story detailed in FBI indictment

  1. VFAC · 923 days ago

    "Don't be a Sabu... These stories take too long to write."

    That the criminal hackers get more media attention and hence notoriety is part of the problem is it not ?

    Perhaps there should be a convention among security journalists to maintain a 1:1 word ratio between good hackers (security engineers) and bad ones...

    • Chester Wisniewski · 923 days ago

      I agree. Believe me, we try. I will do my part from the CanSecWest security conference this week by writing as much as I can about the latest research from experienced security professionals.

  2. tsp · 923 days ago

    I'm glad anonymous/lulzsec brought security front and center in 2011, my phone has been ringing off the hook from headhunters looking for security folks

  3. Richard · 923 days ago

    "... Conspiracy to Engage in Computer Hacking ... this includes participating in the DDoS attacks..."

    Really? DDoS == Hacking now?

  4. Sharp · 923 days ago

    I don't see our government any better than Sabu. Here is a guy lining his pockets but fighting for people to stand up. Actually spending his time to learn and update the people as a whole with security concerns, and showing there is no absolute security.

    Our government lines their pockets with our money, and make dumb laws that benefit only them. It's even written into our founding documents that congress will not make laws for just the people, or just for congress, yet manage to do this every day in every bill they pass. Not only that, but they would rather lie to our faces and tell use we are secure, when really there are enough flaws that our government system is failing due to the people in office.

  5. mike · 923 days ago

    "He faces a maximum sentence of 124 years and 6 months in prison" not enough time for my tastes. He will prob get 5 years max. Sentences for hacking should have a minimum 10 years, like they do for bank robery.- no club fed, give em hard larbor!

  6. Mark · 923 days ago

    @Richard

    This is a little closer to real hacking, by about half an inch:

    Web Page Blocked

    Access to the web page you were trying to visit has been blocked in accordance with company policy. Please contact your system administrator if you believe this is in error.

    User: 10.x.x.x

    URL: http://www.hackersforcharity.org/

    Category: hacking

    Sadly I'm way out in the boonies and this is my home internet access. The lazy cable monkeys think security is a toaster, and they don't care about scorched toast.

  7. John · 922 days ago

    If you are an agent of law enforcement, who do you go after, and why? Some of the guys well known to Spamhaus have managed to defraud many simple-minded folks for many years - but they live in less cooperative jurisdictions and probably have serious muscle to deter unwelcome attention.

    However, if you put egg on the face of the Senate website, are a bit of a loner with a spelling problem, and live in a country friendly to the US, then all leave will be cancelled until they've nailed you.

  8. kenedy123 · 922 days ago

    He admits to hacking HB Gary and HB Gary Federal; stealing confidential information, emails, and data from rootkit.com.

    • Guest · 753 days ago

      Which means he ridiculed a company that worked on defaming activists and journalists. The real criminal here is Aaron Barr - and I'm glad he and his company were humiliated that much, not only because of what they were up to, but also because they proved to be completely incompetent when it comes to security. I mean, come ON... An admin got PHISHED????

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.