A hacker who allegedly led the “Anonymous” offshoot group “LulzSec,” believed to have caused billions of dollars in damages to privately held corporations and governments around the world, was working with U.S. law enforcement since August 2011, officials said Tuesday.
Court documents unsealed Tuesday (PDF) in New York claim the hacker, known as “Sabu,” is really Hector Xavier Monsegur, a 28-year-old New York City resident. Court papers show that he pleaded guilty last August to 12 charges stemming from cyber attacks on eBay, PayPal, Sony, MasterCard, the U.S. Senate, Fox News, HBGary Federal and the governments of Tunisia, Algeria, Yemen and Zimbabwe, among others.
The LulzSec group were ardent defenders of anti-secrecy website WikiLeaks, and they tended to select their targets based upon political motivations and human rights considerations, rather than out of pure greed or a desire for criminal mischief. While their operations were stunningly successful, LulzSec went dormant in 2011 and has not emerged since.
Some members of the Anonymous movement have speculated that the allegation of cooperation may be false, and the court filings do not provide any specific information on the nature of his alleged collaboration, or how long it lasted. However, given that charges were filed on a “criminal information” form, the implication would be that Monsegur helped federal law enforcement track down other hackers.
That would not be surprising to individuals intimately familiar with the hacking scene. Eric Corley, publisher of the quarterly hacker magazine 2600, said last year that up to 25 percent of those who claim to be “hackers” are actually informants, and it is common for criminal hacker collectives to be infiltrated by FBI agents posing as leadership.
The court filing also claims that Monsegur and affiliated hackers engaged in identity theft and used other people’s credit card numbers to pay their own bills. Monsegur reportedly lived in public housing, was unemployed and was supporting two children.
News of Monsegur’s cooperation with the Federal Bureau of Investigation (FBI) was first broken by Fox News, which cited anonymous sources within the Justice Department as having leaked the information. Some members of the Anonymous movement had speculated months ago that Sabu may have been working with the FBI, with one hacker even publishing text of a conversation which warned that Sabu had already been raided.
A conspiracy indictment against other alleged LulzSec members was also being unsealed Tuesday, charging five individuals with participation in criminal activities. They have since been arrested. Those other hackers include Chicago resident Jeremy Hammond, who went by the alias “Anarchaos.” He allegedly led a recent attack on the private intelligence firm Stratfor, based out of Austin, Texas.
The anti-secrecy website WikiLeaks recently began publishing private emails from Stratfor ostensibly given to them by a member of the Anonymous movement — which WikiLeaks has not confirmed or denied — and Tuesday’s filing against Monsegur seem to highlight that prosecutors have a keen eye on a possible connection between Anonymous and WikiLeaks.