Finding LulzSec's 'Sabu' a prime example of tracking down cybercriminals, official tells RSA Conference 2013 attendees

Dark Reading Staff, Dark Reading

March 1, 2013

2 Min Read

SAN FRANCISCO -- RSA CONFERENCE 2013 – FBI director Robert Mueller in his keynote address here today cited the case of nabbing LulzSec leader "Sabu" as an informant for the bureau as a key example of how cybersecurity is not just about reducing vulnerabilities, but also catching the bad guys behind the attacks.

"We must remember that behind every intrusion there is an individual — not a computer, but a criminal — responsible for that intrusion. We must remember that cybersecurity is not just defending the ones and the zeros," Mueller said in his keynote address to attendees.

"We must identify and deter the persons behind those computer keyboards. And once we identify them — be they state actors, organized criminal groups, or 18-year-old hackers — we must devise a response that is effective, not just against that specific attack, but for all similar illegal activity," he said.

It takes a combination of investigative methods to find cyberattackers, including traditional physical surveillance, forensics, cooperating witnesses, sources, and court-ordered wiretapping. "The combination of technical skills and traditional investigative techniques recently led the FBI to the hacker known as 'Sabu," one of the co-founders of the hacktivist group LulzSec," Mueller said.

Sabu, who is Hector Xavier Monsegur, pleaded guilty in exchange for assisting the FBI in catching other members of LulzSec and Anonymous after the FBI was able to find him after he neglected to anonymize his IP address during a hack of a TV game show database. Using a combination of human sources, search warrants, and surveillance, the FBI found Sabu and gave him an ultimatum: "Go to jail now, or cooperate," Mueller recounted.

"Sabu agreed to cooperate, and he became a source, continuing to use his online identity. His cooperation helped us build cases that led to the arrest of six other hackers linked to groups such as Anonymous and LulzSec. It also allowed us to identify hundreds of security vulnerabilities — which helped us to stop future attacks and limit harm from prior intrusions," Mueller said.

Mueller also addressed the roles the FBI, National Security Agency, and Department of Homeland Security play in cyberattack investigations. "One question often posed is that of who exactly is in charge of addressing any particular intrusion. While the answer depends in part on the scope and the nature of the intrusion, the FBI often will be the first responder because of our nationwide coverage. But the investigative team, at a minimum, should include the expertise of both DHS and NSA," he said.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights