Sophos Cloud Optix
The former LulzSec leader “Sabu” (aka Hector Xavier Monsegur) coordinated hundreds of attacks against foreign government computers throughout 2012 while working as an FBI informant, according to a New York Times investigation.
It has long been known that Sabu began helping the FBI shortly after his June 7 2011 arrest, but the full details of what this entailed have been kept out of the public domain until now, with court documents surrounding his sentencing being heavily redacted.
Now, according to an interview the New York Times conducted with former Anonymous hacker Jeremy Hammond, as well as the paper’s access to some less-redacted court documents, it’s claimed that Sabu worked with the FBI while organising hundreds of cyber attacks on foreign computers in countries including Brazil, Iran, Nigeria, Pakistan, Syria and Turkey.
Although the court documents do not explicitly confirm that Sabu was organising attacks at the FBI’s request, they do make it clear that they took place in January 2012, six months after his arrest, and two months before he was unmasked as an informant.
Monsegur wasn’t directly involved in any of the attacks himself, preferring instead to encourage fellow Anonymous hackers to do the dirty work for him.
In addition to Hammond, who first worked with Monsegur on the Stratfor hack, other hacktivists were allegedly called upon to breach the security of specific foreign web addresses supplied by Sabu.
A vulnerability in web-hosting software allowed the attackers to obtain backdoor access to sites and steal information including emails and databases which were then uploaded to a server ostensibly run by Monsegur but in fact much more likely under the control of the FBI. From court statements:
Exploiting a vulnerability in a popular web hosting software, the informant directed at least one hacker to extract vast amounts of data - from bank records to login information - from the government servers of a number of countries and upload it to a server monitored by the FBI.
Monsegur appears to have held a specific interest in Syrian websites, including various banks and ministries under the government of President Bashar al-Assad with the sentencing statement saying that:
The F.B.I. took advantage of hackers who wanted to help support the Syrian people against the Assad regime, who instead unwittingly provided the U.S. government access to Syrian systems.
Hammond is currently serving a 10-year sentence at a federal prison in Kentucky after pleading guilty last month to hacking Stratfor as well as other websites within the United States. Details of his attacks against foreign entities are covered by a protective order imposed by the judge at his trial.
Monsegur is due to appear in a New York court in two weeks time when Judge Loretta Preska will sentence him for multiple counts of conspiracy to engage in computer hacking.
Sabu’s sentencing has been delayed on multiple occasions since his first appearance in court in August 2011, during which the FBI praised his proactive cooperation.
And considering Sabu’s other work with the FBI, which included handing over information about his fellow LulzSec comrades, his sentencing hearing – scheduled for 8 May 2014 – is likely to leave him facing a heavily reduced amount of jail time.