No More Jail Time: LulzSec's Sabu Sentenced to Time Served

The black hat hacker-turned FBI informant receives a lighter sentence after giving feds information on 300 possible hacks.

Dark Reading Staff, Dark Reading

May 28, 2014

3 Min Read

Nearly three years to the day after the infamous LulzSec leader "Sabu" was first questioned by the FBI and agreed to serve as an informant on his alleged co-conspirators, Hector Xavier Monsegur was finally sentenced today for his 12 counts of computer hacking conspiracies and related crimes, including the 2011 hacks of HB Gary Federal, HB Gary, Sony, Fox, and PBS.

Monsegur was sentenced to seven months, which was the time he had already served, so the former LulzSec leader was basically a free man today after possibly facing anywhere from 259 to 317 months for the charges against him.

A court filing by the US Attorney's Office in New York yesterday in advance of Sabu's sentencing asking for a more lenient sentence for Monsegur revealed just how significant his cooperation with the feds was. He helped the FBI stop or mitigate roughly 300 cyber attacks estimated at millions of dollars of potential loss. He also passed to the feds information on vulnerabilities in a US city water utility and a foreign energy firm that the feds were able to act upon in advance of any attacks.

Among the targeted organizations were the US military, US Congress, US Courts, NASA, international intergovernmental organizations, a television network, a security company, a video game manufacturer, and an electronics conglomerate, the filing said. "Notably, during the period of his cooperation, Monsegur received communications from hackers about vulnerabilities in computer systems, as well as computer hacks that were being planned or carried out by them. The FBI used this information, wherever feasible, to prevent or mitigate harm that otherwise would have occurred."

Sabu's sentencing has been delayed multiple times over the past three years, so today's hearing had long been anticipated. He had pled guilty in exchange for assisting the FBI in catching other members of LulzSec and Anonymous. His work with the feds resulted in the prosecution and conviction of eight members of the LulzSec collective, including Jeremy Hammond (at one time the most wanted cybercriminal in the world), who was recently sentenced to 120 months in prison.

According to the filing by US Attorney Preet Bharara, Monsegur was quick to agree to the FBI's terms when agents first questioned him on June 7, 2011. He handed over key information to law enforcement officials for their investigation and later confessed to other crimes the FBI had been unaware of previously.

According to the filing:

"Working sometimes literally around the clock, at the direction of law enforcement, Monsegur engaged his co-conspirators in online chats that were critical to confirming their identities and whereabout. During some of the online chats, at the direction of law enforcement, Monsegur convinced LulzSec members to provide him digital evidence of the hacking activities they claimed to have previously engaged in, such as logs regarding particular criminal hacks.

Other times, at the direction of law enforcement, Monsegur asked seemingly innocuous questions designed to elicit information from his co-conspirators that, when coupled with other information obtained during the investigation, could be used to pinpoint their exact locations and identities. Monsegur's substantial proactive cooperation, as set forth more particularly below, contributed directly to the identification, prosecution, and conviction of eight of his co-conspirators, including Hammond."

Sabu and members of his family also faced threats when word got out that he had helped the FBI, the filing said. As a result, law enforcement officials moved Monsegur and some of his family members for their safety.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights