Hector Monsegur, known as Sabu, leader of the Anonymous affiliated hacking group LulzSec, was arrested by FBI agents in his New York apartment on Monday, June 7, 2011, at 10:15PM. On August 15, Monsegur pleaded guily to several counts of hacking and identity theft.
According to Assistant U.S. Attorney James Pastore, as told to U.S. District Judge Loretta Preska at a court hearing on August 5, The defendant has literally worked around the clock with federal agents. “He has been staying up sometimes all night engaging in conversations with co-conspirators that are helping the government to build cases against those co-conspirators.”
Court documents and several news agencies report that Monsegur’s computer was tracked by the FBI since June 8, 2011. His online activity was accounted for around the clock by FBI installed software. Additional video cameras monitored every room in his home for protection.
From the FBI document entitled Six Hackers in the United States and Abroad Charged for Crimes Affecting Over One Million Victims, the following is based on the indictment and the information, complaints, and statements made up to and including Monsegur’s guilty plea:
The Stratfor Hack
Jeremy Hammond is a political activist from Chicago and the founder of the computer security training website HackThisSite. In December 2011, Hammond conspired to hack into computer systems used by Stratfor, a private firm that provides governments and others with independent geopolitical analysis. Hammond and his co-conspirators, as members of Anonymous splinter group AntiSec, stole confidential information from those computer systems, including Stratfor employees’ e-mails as well as account information for approximately 860,000 Stratfor subscribers or clients. Hammond and his co-conspirators stole credit card information for approximately 60,000 credit card users and used some of the stolen data to make unauthorized charges exceeding $700,000. Hammond and his co-conspirators also publicly disclosed some of the confidential information they had stolen.
On December 24, 2011, AntiSec announced the theft of Stratfor data in a link entitled,“Anonymous Lulzxmas rooting you proud.”
Info hit Twitter with @AnonyOps_ “’Anonymous/AntiSec Attack STRATFOR’ http://bit.ly/rMFtYi #anonyops 8:44 PM – 24 Dec 11.” The FBI claims that the hacks occurred December 6th, but watched the hackers access and delete files from the cache. The disparity in timing of Tweets and the FBI’s account suggest the majority of the Anonymous collective was not involved.
The FBI provided servers to unpack stolen information, including emails stolen from Stratfor, which were then shared with WikiLeaks at a later time. So the stolen Credit Cards had to been known by the FBI.
It is interesting when the timing of the Stratfor email hacks when juxtaposed against the court dates, and statements by the Attorney General and the FBI. If the FBI was in fact monitoring the hackers’ access since December 6th, they would have known long before December 24th about the stolen credit card information and the risk it posed. It might even give you pause to consider why they would sit on that kind of information – information that admittedly compromised the security of almost a million people.
Publicly, Hammond’s co-conspirators are unknown, never named in official court papers. We know now that Sabu was probably one of those co-conspirators. Sabu was an important person in Anonymous because of his special talent as LulzSec’s “Rooter,” the person who finds the weaknesses for hackers to exploit. The “Rooting you proud” part of Christmas eve title by AnitSec suggests he wrote it, implicating himself as part of the operation at a time when he is obviously working with and monitored by the FBI.
Additional self-incriminating Tweets from Sabu’s Twitter account also implicate him as one of the Stratfor hackers. But if Sabu was in fact working for the FBI, how could the Stratfor hack be anything more than a clearcut case of entrapment perpetrated by the FBI?
* Clicking on the small star “Details” for the actual Tweet post.
This discussion is Sabu’s response to AnonOps’ disgust about the credit card theft.
3:38 AM – 26 Dec 11 via web · Details
Sabu is considering manipulating the media by changing intelligence reports.
This post is more of a ploy, he could simply ask the FBI agents who are monitoring is computer. Remember, the FBI has software installed to keep track of every key stroke.
RE: if hackers are able to generate intelligence reports used by media and governments – what would be the consequence?
This Tweet is more cryptic, but still points out that the hole in the system was found and he knew of the particular weakness.
I think in regards to stratfor people are only looking at the small picture (hack itself, donations, et al) and missing the gaping hole.
Here again, this is two days prior to the Tweet above, he admits to having control for months. That legitimizes the previous post as not a mistake/mistype. It also appears that he was attempting to change intelligence reports as well.
If you want to be technical we’ve had control over stratfor for months. Has anyone confirmed if any of their intel reports were compromised?
In this Tweet, he suggests the hack didn’t occur on December 6th like the FBI claimed. Remember, Sabu is a Rooter, this means he finds the insecurities in the network. He claims this that “they” had access for months, assuming months before the actual hack. But it doesn’t really matter if he means months before Jan 5th or Dec 6th. Either way, the FBI knew for quite some time. It looks more like a part of a longer range plan.
The stratfor hack is important on many levels. Think about the very point we had access to its userlist for months, now consider its users.
11:28 AM – 5 Jan 12 via web · Details
On Janurary 7th at 6:16am, Sabu (Hector Monsegur), admits to actively hacking Stratford.
This circumstantial evidence suggests Sabu and the FBI were somehow a part of the Stratfor hack.
By December 29, 2011, The Washington Post announces the Hacker’s plan to dump the stolen data. The FBI have already given Sabu an FBI server to unpack the data from Hammond. Once that data was on their servers, the FBI would have been able to examine exactly what was removed from Stratfor, if they didn’t already know.
The data itself presented oddity after oddity. Many of the credit card holders had terminated their membership or the cards were expired. Some of those customers have not been paying customers for years. In fact, of the 50,277 unique credit card numbers, only 9,651 were NOT expired. Additionally, the original credit card data was not encrypted, a clear regulatory violation for any company storing consumer credit card information. And lastly, Stratfor discovered the hack and the stolen data on the same day it occurred.
There’s a concept in the counter-hacking world called “honey pots.” An insecure or otherwise weakly secured computer is set up on the network. Hackers hone in on the entry point and mistakenly assume they are in the secure network. IT security professionals who are monitoring the “honey pots” can immediately detect and counter a hacker coming through these weak points – effectively slamming the lid on them and trapping them – or at least their identifying information – in the honey pot.
Back to those irregularities. Old, unencrypted customer data hanging out there unencrypted with just enough live accounts to make it all seem legit – on paper, it has all the markings of a “honey pot” conspiracy. Nevermind the fact that using real customer data – old or not – as bait is illegal on a number of levels.
Julian Assange released the Stratfor data on WikiLeaks on Monday, Feb 27, 2010. Sabu was announced as a turncoat the next Tuesday, March 6 2010, exactly one week after the data dump.
Could it be possible that Stratfor and the FBI were working in concert for a plan to frame Anonymous and Julian Assange to bring down WikiLeaks? If the U.S. Government show ties between Julian Assange and AntiSec’s Stratfor attack, they can embolden their case for extradition. One has to wonder just how deep the FBI participation was in the Stratfor hack. Was the entire Sabu saga all an elaborate plan to incriminate Julian Assange?
The New York Times article quotes Cyber crime investigator Mark Seiden, “It’s not surprising it would take them that long to make arrests,” he said. “They have to collect evidence, and the paperwork takes between three and six months. If you don’t know exactly how hackers attacked a site, it’s difficult to bring them to justice. There’s no point in picking an unripe fruit.” But Sabu was the Rooter, the one who provides the roadmap to attack the networks. There was no need for a three month investigation – Sabu had all the information they needed in that regard. It’s worth noting that that the day after Sabu’s arrest, the FBI Director testified to Senate about cybercrime threat.
Too many questions remain unanswered. How is it possible that a best-in-class security firm such as Stratfor could be so careless in the encrypting and storage of their corporate emails and customers’ credit card information? What does it mean if it wasn’t mere carelessness but a conspiracy to knowingly expose those customers to potential fraudulent activity as unconsenting bait? Is the real conspirator here the FBI? How safe do you feel knowing that a government agency is willing to expose you to danger, however slight, with the endgame of playing a game of dominos with the fates and lives of real people?