Risk
8/27/2013
10:41 AM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Hacker Claims FBI Directed LulzSec Hacks

Admitted hacker Jeremy Hammond alleges FBI used informer Sabu to persuade LulzSec and Anonymous to hack into foreign governments' networks.

Sentencing for former LulzSec leader Hector Xavier Monsegur, better known as Sabu, has again been delayed.

Monsegur was scheduled to be sentenced Friday morning in New York federal court. But in a letter to the court, the U.S. attorney general's office requested that Monsegur's sentencing be delayed "in light of the defendant's ongoing cooperation with the government." His sentencing has now been rescheduled for Oct. 25.

The requested delay has become a pattern, reflecting Monsegur's continued cooperation with the FBI since he was arrested in June 2011 and turned informer. "Since literally the day he was arrested, the defendant has been cooperating with the government proactively," U.S. district attorney James Pastore, the prosecuting lawyer, told a judge presiding over a secret August 2011 hearing into the 12 charges filed against Monsegur. "He has been staying up sometimes all night engaging in conversations with co-conspirators that are helping the government to build cases against those co-conspirators," Pastore added.

Monsegur, who faces up to 122.5 years in prison, avoided a trial by pleading guilty to all of the charges filed against him in federal court. Some of those charges relate to launching distributed denial of service (DDoS) attacks against PayPal, MasterCard and Visa, as well as accessing servers belonging to Fox, InfraGard Atlanta and PBS.

[ After two breaches this year, do you think the DOE is serious about cybersecurity? See Department Of Energy Cyberattack: 5 Takeaways. ]

On the eve of Sabu's scheduled sentencing last week, one of the hackers he helped bust -- Jeremy Hammond, who in May pleaded guilty to hacking intelligence service Stratfor, and who now faces up to 10 years in jail and $2.5 million in restitution -- alleged that the FBI used LulzSec and Anonymous as a private hacker army.

"Sabu was used to build cases against a number of hackers, including myself. What many do not know is that Sabu was also used by his handlers to facilitate the hacking of targets of the government's choosing -- including numerous websites belonging to foreign governments," claimed Hammond, who's himself due to be sentenced next month, and who offered no evidence to support his assertions. "What the United States could not accomplish legally, it used Sabu, and by extension, me and my co-defendants, to accomplish illegally."

The FBI didn't immediately respond to a request for comment on Hammond's allegations, but the bureau has previously been criticized for its failure to stop the Stratfor hacks and resulting data dump, which occurred after Sabu turned informer. Timing-wise, Hammond -- using the hacker handle "Sup_g" -- gave Sabu a heads-up on the planned intrusion on Dec. 6, 2011, then hacked into Stratfor on December 13. The next day, he informed Sabu about what he'd done, and Sabu, at the direction of the FBI, told him to upload the stolen data onto a server that was secretly controlled by the FBI. On Dec. 24, the hackers defaced the Stratfor site and published the stolen data. Two days later, Sabu tied Sup_g to another alias, "Anarchaos," that the bureau knew that Hammond used. But the FBI didn't arrest Hammond until three months later, which has led some conspiracy theorists to posit that the bureau had another agenda, such as building Sabu's bona fides to try to ensnare WikiLeaks chief Julian Assange.

The bureau has previously denied suggestions that it looked the other way during the Stratfor hack, perhaps as part of some larger agenda. "That's "patently false," an FBI official, speaking on condition of anonymity, told The New York Times last year. "We would not have let this attack happen for the purpose of collecting more evidence."

By some accounts, the FBI may have been overwhelmed with hacking-related intelligence, as Sabu received daily updates on multiple planned and executed attacks, as well as information on dozens of vulnerabilities that hackers reported to him directly. In addition, one legal expert told the Times that the paperwork required to arrest someone on hacking charges could easily take six months to prepare.

The ongoing legal drama involving Monsegur and Hammond stands in sharp contrast to the fate of LulzSec and Anonymous members in Britain that Sabu, after he turned snitch, apparently helped authorities identify and arrest. For example, Jake Davis, the former LulzSec spokesman Topiary, has now served his time and been released.

Davis, who as part of his parole is allowed to go online but not contact any of his former LulzSec or Anonymous comprades, recently said in an ongoing Ask.fm question-and-answer session that he pleaded guilty to charges against him so that he could move on with his life. Likewise, he said that when six plainclothes officers showed up in Scotland's remote Shetland Islands, where he lived, and announced that they were there to seize his computer equipment and arrest him on charges that he'd launched a DDoS attack against Britain's Serious Organized Crime Agency, he knew the jig was up. So that morning, when an officer requested the password to his encrypted drive, which contained evidence of his attacks, he divulged it.

"Why did you turn over your encryption keys to Scotland Yard?" asked one Ask.fm questioner. Davis defended his decision in no uncertain terms. "What, and be hunted/monitored mercilessly for the rest of my life by begrudging authorities with the power to flip the tables on your life with a few pieces of paper at any given turn?" he said.

"No thanks, I'll play ball with the encryption keys and say, 'you caught me, I wasn't good enough, fair play, let's get this over with.' And now it's over -- for me. Perhaps not for others. Probably the snitches," he said. "Ironic, isn't it?"

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Michael Endler
50%
50%
Michael Endler,
User Rank: Apprentice
8/27/2013 | 8:48:39 PM
re: Anonymous Hacker Claims FBI Directed LulzSec Hacks
"who faces up to 122.5 years in prison" ... I must've forgotten that detail from when this story broke. I remember that his cooperation was also compelled out of concern for the welfare of his family, or something similar, but with potential prison penalties of that magnitude, it's no wonder he's become so cooperative.
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7407
Published: 2014-10-22
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2014-3675
Published: 2014-10-22
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.

CVE-2014-3676
Published: 2014-10-22
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."

CVE-2014-3677
Published: 2014-10-22
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

CVE-2014-4448
Published: 2014-10-22
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.