It is a striking betrayal, the cyber equivalent of the head of The Five Families becoming a stool pigeon and ratting out the entire Mob. Hector Xavier Monsegur, better known as Sabu, the leader of the hacktivist LulzSec group, has been working literally around the clock in helping the US government build ironclad cases against the most prominent members of the online movement known as Anonymous. The government kept his arrest last year a secret so that he could continue to be involved with the other key members of the group in order to accumulate even more evidence... often from computers directly located in FBI buildings!
Massive Corporate & Government Security Breaches
Sabu and his gang were behind some of the most high-profile online attacks of the past few years, including Sony, HBGary, Fox, Nintendo and PBS; MasterCard, Visa, Paypal in retribution to their cutoff of WikiLeaks funding; and the very high profile and supposedly secure government sites of Algeria, Tunisia, Yemen, Zimbabwe and even the CIA!
A Broke Kim Dotcom
Given the breadth of his exploits you might think that Monsegur would be living the high life as a more underground version of Kim Dotcom
. Instead he was living in an apartment in a project in Manhattan’s Lower East Side collecting an unemployment check of just $400 per month. It turns out that he was a popular neighbor, and had often used his online skills to improve the credit ratings of some of the other residents of the projects, although he was also notorious for holding loud parties well into the night.
One Unanonymized Login and Sabu Was Done
Monsegur was already on a short list of potential Sabus tracked to a couple of videos he’d posted about his beloved Toyota, but it only took one minor slip for the FBI to close in on him as he logged into a chat forum without previously anonymizing his IP address. According to a Fox News article, it was Monsegur’s children that ultimately decided his betrayal. “He’d do anything for his kids,” one was quoted as saying. “He didn’t want to go away to prison and leave them. That’s how we got him.”
Once under arrest, Monsegur took full advantage of the Feds’ offer for redemption and lighter sentences if he turned over everything and everyone he knew, cooperating with vigor in providing the evidence necessary to bring LulzSec to its knees.
"Just Google TurboTax Returns..."
The wealth of information provided by Monsegur was certainly impressive. He helped identify more than 150 serious vulnerabilities in cyber-security against targets of both national and international interest. However, not all of his hacks were conducted in the spirit of the skewed altruism integrated into the Anonymous online persona. He managed to get a $3,500 motor for his Toyota shipped to him, and used stolen credit card and bank account numbers to pay his own bills. The way that Monsegur obtained this personal information is staggering in its simplicity. All he did was Google search for TurboTax returns in PDF format and voila, there appeared the private tax returns of a number of incautious citizens right down to names, social security numbers and everything else necessary to misappropriate their identities.
With the decapitation of LulzSec it might be believed that these massive cyberattacks may be coming to an end, but that would be a simplistic conclusion. There is a widespread subsect of online hackers who consider Sabu-type activities to be the highest calling possible and can be counted upon to continue in his footsteps with messianic fervor. These hackers are fueled by the growing apprehension that government, commerce and industry are violating basic constitutional freedoms as a matter of course and establishing a prepotent form of administration solely for the benefit of those at the top of the pyramid. As long as this real or imagined inequality continues, so will the cyberattacks on primary targets, increasingly seen by the disenfranchised as the only way that they can strike back at “the man”... through the defacing of a website or the DDOS attack against a server.