Risk
8/27/2013
10:41 AM
50%
50%

Anonymous Hacker Claims FBI Directed LulzSec Hacks

Admitted hacker Jeremy Hammond alleges FBI used informer Sabu to persuade LulzSec and Anonymous to hack into foreign governments' networks.

Sentencing for former LulzSec leader Hector Xavier Monsegur, better known as Sabu, has again been delayed.

Monsegur was scheduled to be sentenced Friday morning in New York federal court. But in a letter to the court, the U.S. attorney general's office requested that Monsegur's sentencing be delayed "in light of the defendant's ongoing cooperation with the government." His sentencing has now been rescheduled for Oct. 25.

The requested delay has become a pattern, reflecting Monsegur's continued cooperation with the FBI since he was arrested in June 2011 and turned informer. "Since literally the day he was arrested, the defendant has been cooperating with the government proactively," U.S. district attorney James Pastore, the prosecuting lawyer, told a judge presiding over a secret August 2011 hearing into the 12 charges filed against Monsegur. "He has been staying up sometimes all night engaging in conversations with co-conspirators that are helping the government to build cases against those co-conspirators," Pastore added.

Monsegur, who faces up to 122.5 years in prison, avoided a trial by pleading guilty to all of the charges filed against him in federal court. Some of those charges relate to launching distributed denial of service (DDoS) attacks against PayPal, MasterCard and Visa, as well as accessing servers belonging to Fox, InfraGard Atlanta and PBS.

[ After two breaches this year, do you think the DOE is serious about cybersecurity? See Department Of Energy Cyberattack: 5 Takeaways. ]

On the eve of Sabu's scheduled sentencing last week, one of the hackers he helped bust -- Jeremy Hammond, who in May pleaded guilty to hacking intelligence service Stratfor, and who now faces up to 10 years in jail and $2.5 million in restitution -- alleged that the FBI used LulzSec and Anonymous as a private hacker army.

"Sabu was used to build cases against a number of hackers, including myself. What many do not know is that Sabu was also used by his handlers to facilitate the hacking of targets of the government's choosing -- including numerous websites belonging to foreign governments," claimed Hammond, who's himself due to be sentenced next month, and who offered no evidence to support his assertions. "What the United States could not accomplish legally, it used Sabu, and by extension, me and my co-defendants, to accomplish illegally."

The FBI didn't immediately respond to a request for comment on Hammond's allegations, but the bureau has previously been criticized for its failure to stop the Stratfor hacks and resulting data dump, which occurred after Sabu turned informer. Timing-wise, Hammond -- using the hacker handle "Sup_g" -- gave Sabu a heads-up on the planned intrusion on Dec. 6, 2011, then hacked into Stratfor on December 13. The next day, he informed Sabu about what he'd done, and Sabu, at the direction of the FBI, told him to upload the stolen data onto a server that was secretly controlled by the FBI. On Dec. 24, the hackers defaced the Stratfor site and published the stolen data. Two days later, Sabu tied Sup_g to another alias, "Anarchaos," that the bureau knew that Hammond used. But the FBI didn't arrest Hammond until three months later, which has led some conspiracy theorists to posit that the bureau had another agenda, such as building Sabu's bona fides to try to ensnare WikiLeaks chief Julian Assange.

The bureau has previously denied suggestions that it looked the other way during the Stratfor hack, perhaps as part of some larger agenda. "That's "patently false," an FBI official, speaking on condition of anonymity, told The New York Times last year. "We would not have let this attack happen for the purpose of collecting more evidence."

By some accounts, the FBI may have been overwhelmed with hacking-related intelligence, as Sabu received daily updates on multiple planned and executed attacks, as well as information on dozens of vulnerabilities that hackers reported to him directly. In addition, one legal expert told the Times that the paperwork required to arrest someone on hacking charges could easily take six months to prepare.

The ongoing legal drama involving Monsegur and Hammond stands in sharp contrast to the fate of LulzSec and Anonymous members in Britain that Sabu, after he turned snitch, apparently helped authorities identify and arrest. For example, Jake Davis, the former LulzSec spokesman Topiary, has now served his time and been released.

Davis, who as part of his parole is allowed to go online but not contact any of his former LulzSec or Anonymous comprades, recently said in an ongoing Ask.fm question-and-answer session that he pleaded guilty to charges against him so that he could move on with his life. Likewise, he said that when six plainclothes officers showed up in Scotland's remote Shetland Islands, where he lived, and announced that they were there to seize his computer equipment and arrest him on charges that he'd launched a DDoS attack against Britain's Serious Organized Crime Agency, he knew the jig was up. So that morning, when an officer requested the password to his encrypted drive, which contained evidence of his attacks, he divulged it.

"Why did you turn over your encryption keys to Scotland Yard?" asked one Ask.fm questioner. Davis defended his decision in no uncertain terms. "What, and be hunted/monitored mercilessly for the rest of my life by begrudging authorities with the power to flip the tables on your life with a few pieces of paper at any given turn?" he said.

"No thanks, I'll play ball with the encryption keys and say, 'you caught me, I wasn't good enough, fair play, let's get this over with.' And now it's over -- for me. Perhaps not for others. Probably the snitches," he said. "Ironic, isn't it?"

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Michael Endler
50%
50%
Michael Endler,
User Rank: Apprentice
8/27/2013 | 8:48:39 PM
re: Anonymous Hacker Claims FBI Directed LulzSec Hacks
"who faces up to 122.5 years in prison" ... I must've forgotten that detail from when this story broke. I remember that his cooperation was also compelled out of concern for the welfare of his family, or something similar, but with potential prison penalties of that magnitude, it's no wonder he's become so cooperative.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.