LulzSec leader 'Sabu' was FBI informant

A prominent member of the LulzSec hacking group was an FBI informant, ZDNet UK understands.'Sabu', whose real name is Hector Xavier Monsegur, began working for the FBI after being arrested in June last year, Fox News said on Tuesday.
Written by Tom Espiner, Contributor

A prominent member of the LulzSec hacking group was an FBI informant, ZDNet UK understands.

'Sabu', whose real name is Hector Xavier Monsegur, began working for the FBI after being arrested in June last year, Fox News said on Tuesday. A law enforcement source confirmed that Monsegur had been a "human source" for the FBI.

Fox Broadcasting was one of the organisations attacked by Monsegur, according to court documents unsealed on Tuesday. Monsegur, who also went by 'Xavier DeLeon' and 'Leon,' was involved in attacks on other organisations including Visa, MasterCard, Paypal, HBGary, Sony, Infragard Members Alliance, PBS, the Tribune Company, and the Tunisian, Algerian, Yemeni, and Zimbabwean governments, according to the documents. Before agreeing to become an informant for the FBI, Monsegur faced a maximum jail term of 124 years and six months in prison.

The Fox hack exposed over 70,000 confidential details of potential 'X Factor' contestants, said the FBI. The Sony hack exposed confidential data on 100,000 users of Sony's website.

Monsegur pleaded guilty to hacking charges on 15 August 2011, according to the document unsealed in the District Court of the Southern District of New York. ZDNet UK understands he was instrumental in helping the FBI and international law enforcement track down members of the LulzSec, Internet Feds, and Anonymous hacking groups.

Twitter accounts associated with Anonymous distanced Sabu from Anonymous operations on Tuesday.

"#Anonymous has grown beyond #LulzSec and @anonymouSabu," said one Tweet from AnonymousIRC.

Monsegur was accused of being an FBI informant in a chatlog posted to Pastebin on August 16, the day after Monsegur pleaded guilty to LulzSec hacking charges. A person with the hacker handle 'Virus' said Sabu had offered money for information on members of Anonymous.

Privacy campaigner Alex Hanff, who is not involved in any of the hacking groups, told ZDNet UK on Tuesday that he had been invited to a chatroom in late January to talk to members of LulzSec about responsible disclosure of documents, including one claiming to be Sabu. Hanff said since January 'Sabu' had become increasingly strident, and had acted like an agent provocateur.

"'Sabu' was talking about literally starting physical attacks," said Hanff. "The agenda was to move to more physical attacks on political targets."

Hanff said that the 'Sabu' from the chat room had endeavoured to agitate impressionable young people into performing acts of real damage over the past months.

"Every time I tried to get Anonymous members to calm down, I was attacked by 'Sabu'," said Hanff. "He was actively pushing the group to become more and more aggressive."

'Sabu' launched an attack against Privacy International servers in response to Hanff trying to calm the situation, Hanff said.

On Tuesday the FBI named five people suspected of involvement in LulzSec, Anonymous, and Internet Feds operations. UK suspect Jake Davis, who is alleged to be LulzSec spokesperson 'Topiary', was named in the indictment unsealed on Tuesday. Davis, from Lerwick in the Shetland Islands, was arrested by UK police in September 2011, and is due to appear at Southwark Crown Court on 11 May for a plea and case management hearing.

Ryan Ackroyd, from Doncaster, who is suspected of being 'Kayla', was interviewed by police from the Metropolitan Police Central eCrime Unit on Tuesday, said the FBI statement.

ZDNet UK understands that UK police interviewed a teenager in July 2011 and Davis in September 2011 on suspicion of being connected with the LulzSec attacks.

FBI conference call hack

One Irishman was arrested on suspicion of being involved in LulzSec hacks on Tuesday, including a hack which recorded a conference call by law enforcement to discuss ongoing LulzSec investigations.

Donncha O'Cearrbhail was arrested by the Irish An Garda Síochána on Tuesday morning at Terenure Garda Station in South Dublin after an investigation into LulzSec by the Garda Fraud Investigation Bureau, a Garda spokesman told ZDNet UK on Tuesday.

"We arrested one male today in relation to hacking," said the spokesman.

O'Cearrbhail is suspected of being behind the publication of a conference call between the FBI, the Metropolitan Police Central e-Crime Unit, and other law enforcement agencies to discuss LulzSec and Anonymous hacking activities. O'Cearrbhail allegedly hacked into the personal email account of a Garda officer, who had been forwarding work emails to a personal account, and recorded the call.

"O'Cearrbhail learned information about how to access a conference call that the Garda, the FBI, and other law enforcement agencies were planning to hold on January 17, 2012 regarding international investigations of Anonymous and other hacking groups," the FBI said in its statement. "O'Cearrbhail then accessed and secretly recorded the January 17 international law enforcement conference call, and then disseminated the illegally-obtained recording to others."

O'Cearrbhail is also suspected of being involved in a hack of the Irish Fine Gael political party.

Darren Martyn, of Galway, was accused in the indictment of being involved as 'pwnsauce' in hacks on Sony, the Bethseda Softworks video game company, and PBS.

Stratfor hack 'netted $700,000'

Late on Monday, Jeremy Hammond was arrested in Chicago on suspicion of being 'Anarchaos' and taking part in a hack on Strafor that may have affected up to 860,000 people, said the FBI. Hammond and other hackers are alleged to have stolen credit card information of 60,000 users of the intelligence company, and is accused of using the data to steal $700,000 (£445,000).

"In publicising the Stratfor hack, members of AntiSec reaffirmed their connection to Anonymous and other related groups, including LulzSec," said the FBI. "For example, AntiSec members published a document with links to the stolen Stratfor data entitled, 'Anonymous Lulzxmas rooting you proud' on a file-sharing website."

Editorial standards