UPDATE 3-Wanted computer hacker helps US bring charges

Tue Mar 6, 2012 6:14pm EST

* Authorities target "Anonymous" and other hacking groups

* Investigation shows more than 1 mln victims of hacking

* Hacker identified as "Sabu" pleaded guilty last August

* "Sabu" cooperated with FBI, leading to 5 others charged

By Basil Katz and Grant McCool

NEW YORK, March 6 (Reuters) - One of the world's most-wanted cyber hackers secretly became an FBI informant last year and helped bring in five other suspected leaders of the loose-knit international Anonymous group who were charged with computer crimes on Tuesday.

In a major blow to Anonymous, which has hacked the websites of government agencies and companies around the world, U.S. authorities said the hacker, Hector Xavier Monsegur, was arrested at his small apartment in a Manhattan housing complex last June.

Monsegur, 28, who used the alias "Sabu," pleaded guilty to each of the 12 crimes with which he was charged at a secret court hearing on Aug. 15, and agreed to cooperate with the Federal Bureau of Investigation, according to a transcript made public on Tuesday.

U.S. prosecutors and the FBI announced charges against five other men, including two in Britain and two in Ireland. The fifth was Jeremy Hammond, also known as "Anarchaos," who was arrested in Chicago on Monday on charges of hacking in to Strategic Forecasting Inc, or "Stratfor," a global intelligence and research firm, in December 2011.

"These cyber criminals affiliated themselves with Anonymous in different ways. They are not anonymous today, they have been identified and charged," a law enforcement official said. The official asked not to be identified because the investigation is continuing.

Cyber security experts said the charges were a major setback for Anonymous, which had assaulted the websites of credit card companies that had refused to process donations to WikiLeaks, the group that leaked confidential diplomatic cables in 2010.

"Sabu was seen as a leader ... Now that Anonymous realizes he was a snitch and was working on his own for the Fed, they must be thinking: 'If we can't trust Sabu, who can we trust?'" said Mikko Hypponen, chief research officer at Finnish computer security company F-Secure.

"It's probably not going to be the end of Anonymous, but it's going to take a while for them to recover, especially from the paranoia," Hypponen said.

In twitter messages earlier on Tuesday, the Anonymous-affiliated account @YourAnonNews called Monsegur a "traitor" and played down the charges, claiming "we don't have a leader."

1 MILLION VICTIMS

U.S. authorities said the cyber attacks had affected more than 1 million people and the computer systems of foreign governments, such as Algeria, Yemen and Zimbabwe. Authorities said Monsegur and three of the charged men raided personal information about 70,000 potential contestants on Fox Television show "X-Factor."

Monsegur also took responsibility for attacks on the websites of eBay's PayPal, MasterCard Inc and Visa Inc between December 2010 and June 2011, according to federal prosecutors and the FBI. He is free on a $50,000 bond. The charges carry a possible maximum prison term of 30 years.

Representatives of the companies declined to comment.

Monsegur has also identified himself as a member of hacking groups called "Internet Feds" and "LulzSec," while Hammond identified himself as a member of "AntiSec," officials said. LulzSec and AntiSec are both affiliated with Anonymous.

An indictment quotes one of Hammond's postings as saying, "We call upon all allied battleships, all armies from darkness, to use and abuse these password lists and credit card information to wreak unholy havoc upons systems and personal email accounts of these rich and powerful oppressors."

A lawyer for Monsegur, Peggy Cross, did not immediately return a call seeking comment on the charges. Hammond's lawyer could not immediately be identified.

About 860,000 clients and subscribers of "Stratfor" had confidential information stolen, officials said.

In another example of the hacking, officials said defendants and others hacked into computer servers of HBGary company in California and Colorado, including about 60,000 emails and posted them on www.thepiratebay.org, a file-sharing website.

"I personally participated in cyber attacks on the systems of HBGary and Fox, resulting in a loss of more than $5,000, and I knew my conduct was illegal," Monsegur confessed in August at his plea proceeding.

According to a posting on an online chat room in September that appears to include "Sabu," he was asked what advice he would give new hackers.

"Stick to yourselves," replied "Sabu." "If you are in a crew - keep your opsec up 24/7. Friends will try to take you down if they have to."

LulzSec and Anonymous have taken credit for carrying out attacks against the CIA, Britain's Serious Organized Crime Agency, Japan's Sony Corp, Mexican government websites and the national police in Ireland. Other victims included Fox Broadcasting, Sony Pictures Entertainment, the Public Broadcasting Service, the Atlanta, Georgia, chapter of Infragard Members Alliance that is in partnership with the FBI, and Bethesda Softworks videogame company in Bethesda, Maryland.

Representatives of the companies declined comment.

In the May 2011 hack on Sony Pictures, some of the defendants stole confidential information of about 100,000 users of the Sony Pictures website, including passwords, email addresses, home addresses and dates of birth.

Last summer, as part of a coordinated law enforcement raid on the group, British police arrested Jake Davis, another suspected member of LulzSec who went by the nickname "Topiary."

One of the charges announced on Tuesday was against Davis, a teenager accused of computer attacks on Sony, UK crime and health authorities, and Rupert Murdoch's UK newspaper arm News International, a unit of News Corp.

Davis is believed to have controlled the main Twitter account of Lulz Security, which the group used to publish data obtained by hacking into corporate and government networks.

LulzSec and Anonymous, loose online collectives of activists, have attracted widespread global media coverage for their stunts. LulzSec has more than 350,000 followers on Twitter.

Last month, Anonymous published a recording of a confidential call on Jan. 17 between FBI agents and London detectives in which the law-enforcement agents discuss action they are taking against hacking. Authorities said they had arrested and charged Donncha O'Cearrbhail, 19, of Birr, Ireland of computer hacking conspiracy.

The news of Monsegur's cooperation with the FBI was first reported by Fox News.

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (3)
monamayy wrote:
Who here likes a tattling little b****?

Mar 06, 2012 6:35pm EST  --  Report as abuse
Szbignewski wrote:
Yep, that’s what he is. In the end he bent over and spread ‘em. (That’s what they all are)

Mar 06, 2012 6:46pm EST  --  Report as abuse
contrite wrote:
I find it interesting that this story gets coverage, yet a lot of other Anonymous related news seems to miss the press entirely. That’s very curious. I also love the newspeak. “Cyber security experts said the charges were a major setback for Anonymous.” Orly? Who are these computer experts of whom you speak, and what qualifies them as experts regarding Anonymous and it’s current internal status? Then you follow that up nicely with this gem. “YourAnonNews called Monsegur a “traitor” and played down the charges, claiming “we don’t have a leader.” This statement from someone affiliated with Anonymous is just a “claim” while the previous bullshit conjecture statement is given the tenor of a fact. Way to keep your news neutral and unbiased.

Mar 06, 2012 7:02pm EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.