Thursday, March 8, 2012
'Anonymous' Hacker Sabu Worked Around the Clock to Aid U.S.
Monsegur, who pleaded guilty Aug. 15, began cooperating with U.S. authorities, including Federal Bureau of Investigation agents, after he was arrested June 7, Assistant U.S. Attorney James Pastore told U.S. District Judge Loretta Preska at a court hearing in August, an unsealed transcript shows.
Monsegur, who used the nickname Sabu and is described as an "influential member" of all three groups, admitted to staging cyber attacks against the websites of the governments of Algeria, Yemen and Zimbabwe, according to a criminal information unsealed March 6. He also said he conducted hacks on Tribune Co. and News Corp.'s Fox television, prosecutors said.
"Since literally the day he was arrested, the defendant has been cooperating with the government proactively," Pastore told Preska at the Aug. 5 hearing, according to the transcript made available today. "The defendant has literally worked around the clock with federal agents. He has been staying up sometimes all night engaging in conversations with co- conspirators that are helping the government to build cases against those co-conspirators."
Monsegur was charged with computer crimes by U.S. prosecutors in five districts in four states, court records show. During the two months after his arrest, he provided the U.S. with valuable information, Pastore said. Monsegur continued to work with Anonymous until last week, Barrett Brown, an informal Anonymous spokesman, said March 6.
He helped identify and "patch" or notify potential targets about more than 150 cyber-security vulnerabilities. The FBI had sometimes even been able to alert the would-be victim of an attack before it occurred, Pastore said.
"The defendant's information is also helping the government close in on several prominent cybercriminals," Pastore said.
Monsegur, who has been unemployed since April 2010, lives in Manhattan and supports two nieces, ages 7 and 5, the documents show. He earned $6,000 a month at his previous job, which wasn't described, court records show.
Manhattan U.S. Attorney Preet Bharara's office revealed Monsegur's role as a cooperator this week as it announced the arrest of five other men linked to Anonymous and offshoot groups in the underground hacking movement.
"Exposure of the defendant's cooperation would jeopardize substantial ongoing investigations into the defendant's former co-conspirators, several of whom are suspected of carrying out substantial computer hacks against several businesses," Pastore said in a June 8 request to seal his case file.
Monsegur's "efforts have involved cooperation against targets of national and international interest," Pastore told Preska at the August hearing. "The defendant has already incurred a significant amount of personal risk by deciding to cooperate."
FBI agents arrested Monsegur at 10:15 p.m. on June 6, court records show. After an initial appearance the next day before U.S. Magistrate Judge James Cott in New York, he was released on $50,000 bond and directed to remain under FBI supervision, records show.
Documents related to his case had been sealed until today.
Monsegur's identity as a defendant remained secret because if hackers learned he had been arrested and was cooperating, he would be in "danger," Pastore said in a June 8 filing.
Hackers monitor federal court dockets for information about informants and would recognize Monsegur's name because his identity was already known to them, the prosecutor said.
If Monsegur's assistance became known, he and his family would have been at risk, prosecutors said. Some hackers retaliate against informants through a "dox," putting "the personal identification information of a cooperator and their family members" online, Assistant U.S. Attorney Stephanie Christensen, a prosecutor in Los Angeles, said in court papers.
Pastore told Preska that hackers had other ways of retaliating. For example, they might have hundreds of pizzas delivered to the cooperator's house or report a hostage situation and have a SWAT team sent to the cooperator's home.
"It's actually called 'swatting,'" Pastore said.
Ryan Ackroyd, Jake Davis, Darren Martyn and Donncha O'Cearrbhail were charged in an indictment unsealed March 6 in Manhattan federal court. They are accused of conspiracy and a variety of cyber-attacks tied to Monsegur.
A fifth man, Jeremy Hammond, who identified himself as a member of AntiSec, was arrested in Chicago March 5 and charged with the December hack of Austin, Texas-based intelligence firm Stratfor, which the U.S. says might have affected 860,000 victims. Hammond has been transferred to the custody of federal prosecutors in New York to face the charges.
The hackers charged by Bharara's office are among the de facto leadership of Anonymous, the self-professed hacker- activist group, and LulzSec, or Lulz Security, an affiliated group, U.S. authorities said.
U.S. authorities said there could be more than a million people who were victimized by the defendants' activities.
The case is U.S. v. Monsegur, 11-cr-666, U.S. District Court, Southern District of New York (Manhattan).
--Editors: Peter Blumberg, Michael Hytha