WSJ: FBI's 'Sabu' Hacker Was a Model Informant

http://online.wsj.com/article/SB10001424052970204603004577269844134620160.html

March 9, 2012

FBI's 'Sabu' Hacker Was a Model Informant

By CHAD BRAY

As soon as he was caught, an influential computer hacker agreed to become a government informant and "literally worked around the clock" to help federal agents nab an elusive collective of alleged cyber criminals who have launched online attacks against companies, governments and individuals.

The new details, revealed in court documents made public on Thursday, show how quickly investigators were able to turn 28-year-old Hector Xavier Monsegur against his fellow alleged hackers.

Known as "Sabu" in hacking circles, he was placed under supervision by Federal Bureau of Investigation agents shortly after he was arrested at 10:15 p.m. on June 7 last year. His file was sealed by a judge.

"Since literally the day he was arrested, the defendant has been cooperating with the government proactively," sometimes staying up all night engaging in conversations with co-conspirators to help the government build cases against them, Assistant U.S. Attorney James Pastore said at a secret bail hearing on Aug. 5, 2011, according to a transcript released on Thursday.

The investigation led to the unveiling of criminal charges on Tuesday against a group of men allegedly behind Lulz Security, or LulzSec. The group, formed last May, claimed responsibility for a series of brazen online attacks including hacking computer servers of television network PBS in retaliation for a "Frontline" episode about WikiLeaks, and stealing personal information from about 100,000 customers of hacked Sony Pictures.

In addition to the Sony and PBS attacks, LulzSec has claimed responsibility for attacks on the U.S. Senate and InfraGard, an affiliate of the Atlanta chapter of the FBI. Those attacks were all cited in Tuesday's charging documents.

Mr. Monsegur, a few days after his bail hearing in August, pleaded guilty to 12 criminal charges, including three counts of conspiracy to engage in computer hacking, computer hacking in furtherance of fraud, conspiracy to commit access device fraud, conspiracy to commit bank fraud and aggravated identity theft. He faces up to 124 years in prison. A lawyer for Mr. Monsegur declined to comment Thursday.

On Aug. 10, 2011, a federal prosecutor in Los Angeles who was working on the case asked that details for charges against Mr. Monsegur in Los Angeles remain secret. In a document, Assistant U.S. Attorney Stephanie S. Christensen said other hackers were aware of Mr. Monsegur's true identity, even though he often used a nickname or online personality while communicating with them. She said if news of his arrest were made public, he might be identified as a cooperator. She noted that the hackers monitored public court dockets.

"The FBI has informed me that the hackers are known to take steps against those who cooperate with the government," Ms. Christensen said. She pointed to a practice known as "Doxing" where hackers post personal details about a person for public consumption online. "The publicly available information may then be used to harass the cooperator and the cooperator's family in a variety of ways," she said. "This obviously creates danger for the cooperator, the cooperator's family, and law enforcement."

Prosecutors, who said Mr. Monsegur was kept under close surveillance during the investigation--with software installed on his computer to track his online activity and video surveillance set up in his home--also said that Mr. Monsegur agreed to cooperate at "a significant amount of personal risk" to himself. Mr. Monsegur, who was unemployed at the time, is a foster parent to two nieces.

Some hackers retaliate against cooperators by ordering hundreds of pizzas to their house or calling in hostage situations and having a SWAT team show up, Mr. Pastore said.

During the investigation, Mr. Monsegur, who lived in and worked from a public-housing project in New York City, received information on a day-to-day basis of "upwards of two dozen vulnerabilities" in computer systems from a network of cybercriminals, Mr. Pastore said in court documents released Thursday. The FBI was able to identify more than 150 security vulnerabilities at the time, allowing companies to prevent a hack before it occurred or mitigate harm from prior hacking activity, he said.

Ultimately, federal agents were able to thwart more than 300 attacks that other hackers were planning as a result of information provided by Mr. Monsegur, according to a person familiar with the matter.

LulzSec is one of several shadowy hacker groups that have sprung to global prominence over the past year and are loosely organized, often with no central leadership. Mr. Monsegur is described in charging documents as an "influential" member of three such hacking organizations--LulzSec and two others known as Anonymous and Internet Feds. Charges against a total of six men were announced on Tuesday, after which Mr. Monsegur's identity was revealed.

--Reed Albergotti contributed to this article.

Write to Chad Bray at chad.bray@wsj.com