Attacks/Breaches
5/27/2014
02:00 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

No More Jail Time: LulzSec's Sabu Sentenced to Time Served

The black hat hacker-turned FBI informant receives a lighter sentence after giving feds information on 300 possible hacks.

Nearly three years to the day after the infamous LulzSec leader "Sabu" was first questioned by the FBI and agreed to serve as an informant on his alleged co-conspirators, Hector Xavier Monsegur was finally sentenced today for his 12 counts of computer hacking conspiracies and related crimes, including the 2011 hacks of HB Gary Federal, HB Gary, Sony, Fox, and PBS.

Monsegur was sentenced to seven months, which was the time he had already served, so the former LulzSec leader was basically a free man today after possibly facing anywhere from 259 to 317 months for the charges against him.

A court filing by the US Attorney's Office in New York yesterday in advance of Sabu's sentencing asking for a more lenient sentence for Monsegur revealed just how significant his cooperation with the feds was. He helped the FBI stop or mitigate roughly 300 cyber attacks estimated at millions of dollars of potential loss. He also passed to the feds information on vulnerabilities in a US city water utility and a foreign energy firm that the feds were able to act upon in advance of any attacks.

Among the targeted organizations were the US military, US Congress, US Courts, NASA, international intergovernmental organizations, a television network, a security company, a video game manufacturer, and an electronics conglomerate, the filing said. "Notably, during the period of his cooperation, Monsegur received communications from hackers about vulnerabilities in computer systems, as well as computer hacks that were being planned or carried out by them. The FBI used this information, wherever feasible, to prevent or mitigate harm that otherwise would have occurred."

Sabu's sentencing has been delayed multiple times over the past three years, so today's hearing had long been anticipated. He had pled guilty in exchange for assisting the FBI in catching other members of LulzSec and Anonymous. His work with the feds resulted in the prosecution and conviction of eight members of the LulzSec collective, including Jeremy Hammond (at one time the most wanted cybercriminal in the world), who was recently sentenced to 120 months in prison.

According to the filing by US Attorney Preet Bharara, Monsegur was quick to agree to the FBI's terms when agents first questioned him on June 7, 2011. He handed over key information to law enforcement officials for their investigation and later confessed to other crimes the FBI had been unaware of previously.

According to the filing:

Working sometimes literally around the clock, at the direction of law enforcement, Monsegur engaged his co-conspirators in online chats that were critical to confirming their identities and whereabout. During some of the online chats, at the direction of law enforcement, Monsegur convinced LulzSec members to provide him digital evidence of the hacking activities they claimed to have previously engaged in, such as logs regarding particular criminal hacks.

Other times, at the direction of law enforcement, Monsegur asked seemingly innocuous questions designed to elicit information from his co-conspirators that, when coupled with other information obtained during the investigation, could be used to pinpoint their exact locations and identities. Monsegur's substantial proactive cooperation, as set forth more particularly below, contributed directly to the identification, prosecution, and conviction of eight of his co-conspirators, including Hammond.

Sabu and members of his family also faced threats when word got out that he had helped the FBI, the filing said. As a result, law enforcement officials moved Monsegur and some of his family members for their safety.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
5/28/2014 | 7:06:43 PM
Short time
Not much of a penalty considering the amount of time he was facing and the activities he was involved in. Granted his cooperation was extensive, but seven months doesn't seem like much.

BP
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
5/28/2014 | 4:56:40 PM
Re: Back online
This is a dangerous precedent. Sabu is a criminal, but it has been judged as an hero.
You can trust who has betrayed his beliefs?
We will heve 100, 1000 other SABU in the incoming months ... but they will not mitigate hacktivism cyber threat for sure.
The only way to face hacktivism is to listen their voice ... you cannot arrest an ideology.
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
5/28/2014 | 3:09:36 PM
Re: Back online
@Whoopty  That's a great point. I wonder if he'll go into witness protection. And I also wonder how good the US marshalls are at the electronic side of witness protection. I mean, if anyone could track down a person who changed their identity, it's a team of criminal hackers.
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
5/28/2014 | 3:07:42 PM
Re: Romancing the Hack
@Kelly  Yeah, that struck me too, as long as you choose to believe that he really did flip as quickly and eagerly as they said he did. Still, if you were facing over 20 years in prison, you'd probably want to do whatever you could to lighten your sentence.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
5/28/2014 | 12:20:49 PM
Re: Back online
Good point, @Whoopty. He may want/need to stay under the radar for a very long time.
Whoopty
50%
50%
Whoopty,
User Rank: Moderator
5/28/2014 | 12:17:56 PM
Back online
I wonder if he'll be taking his first tentative steps back online in the next few days. Considering he's rolled over on so many other hackers, he'll have to watch his digital back for a long time to come. Must be pretty nerve racking. 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
5/28/2014 | 7:50:38 AM
Re: Romancing the Hack
What was most interesting to me in this case was how quickly Sabu flipped, and also gave up info on other illegal hacks he had done that the the FBI didn't even know about. 
Christian Bryant
100%
0%
Christian Bryant,
User Rank: Ninja
5/27/2014 | 10:36:12 PM
Romancing the Hack
While the idea of renegade teams of cyber-warriors may sound appealing, ultimately the classic and safest hackers run solo and silent.  Say what you will about the actual skill-set of LulzSec, their real Achilles heel was the group itself.  With that many official, semi-official and wannabe members, there was bound to be poorly thought-out activities, arrests and sell-outs.

I think more of these bright young minds would be happier on the "white" side of the hack, rather than out there romancing it, when they realize prison, paranoia and the persistence of agencies like the CIA and FBI will no longer be part of their future.  Being in love with tech and with the hack doesn't mean you can't also be in love with your fellow human.  Let's see some more good being done out there; hack a solution to global sex trafficking or famine.
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

CVE-2014-7292
Published: 2014-10-23
Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx.

CVE-2014-8071
Published: 2014-10-23
Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to all...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.