Nonprofit, nonpartisan journalism. Supported by readers.


FBI infiltrates hacktivist group LulzSec

Perhaps most remarkable about the feds’ crackdown on LulzSec is that it happened with the cooperation of the alleged leader of LulzSec, whom the FBI flipped last June.

The once feared group of “hacktivists” and online crusaders LulzSec, an offshoot of the online community Anonymous, is on the ropes after an international law enforcement operation today snared five men believed to be responsible for cybercrimes ranging from hacking security consultants and entertainment companies to breaking into law enforcement conference calls.

But perhaps most remarkable about the feds’ crackdown on LulzSec is that it happened with the cooperation of the alleged leader of LulzSec, whom the FBI flipped last June.

Fox News reports that the leader of the five alleged members of LulzSec was a hacker known as “Sabu,” whom the FBI tracked for months in 2011. But when the “brilliant, but lazy” Sabu forgot one time to cover his online tracks, the FBI was able to uncover his real identity: Hector Xavier Monsegur, a father of two living in public housing in New York. 

Once Mr. Monsegur was identified, the FBI were able to keep tabs on him and eventually arrested him in June 2011 on identity theft charges. Monsegur cut a deal with the feds and pleaded guilty in August 2011 to stay out of prison and take care of his children. In return, he helped the FBI track down his comrades — the men charged today.

Article continues after advertisement

They include Jeremy Hammond of Chicago, who according to the complaint filed in New York federal court, was charged with computer hacking and conspiracy to commit computer hacking in connection with an attack on Stratfor, a Texas-based security consulting service. In that attack back in December, emails and credit card information were stolen.

A separate grand jury indictment, also filed in New York federal court, charges four additional men — Ryan Ackroyd and Jake Davis of England and Darren Martyn and Donncha O’Cearrbhail of Ireland — with conspiracy to commit computer hacking. The hackers’ targets allegedly included media and entertainment companies Fox, PBS, and Sony Pictures; computer game developer Bethesda Softworks; security consultants HBGary and anti-hacking association InfraGard Atlanta; and the website of Irish political party Fine Gael. According to the indictment, the men stole email, passwords, and credit card information from their targets and defaced some of the websites.

Wired reports that the five men were arrested in a coordinated effort on Tuesday in the US, Ireland, and Britain. The magazine’s website notes that Sabu’s disappearance around the time of his arrests prompted concerns among the Anonymous community that he had turned state’s evidence. But according to Brian Knappenberger, who is editing a documentary on Anonymous, “whenever anyone [accused him of flipping] on Twitter, Sabu would respond with string of obscenities.”

The quintet’s list of alleged crimes includes one of the most embarrassing incidents for international law enforcement officials: the hacking of a trans-Atlantic conference call between members of the FBI, Scotland Yard, and the Garda, Ireland’s police force. According to a US district attorney press release on the arrests, O’Cearrbhail reportedly hacked into the personal email account of a Garda officer, thereby learning how to access the Jan. 17 conference call. Once in the call, O’Cearrbhail was able to make a recording of the conference, which he then distributed online.

Some of the alleged LulzSec members have drawn the attention of law enforcement before. Hammond was sentenced to two years in prison for a 2005 hack of a conservative website called Protest Warrior, according to a 2007 profile in Chicago Magazine. Davis was arrested by Scotland Yard last August for alleged cybercrimes, including taking down the website of the Serious Organised Crime Agency, a British major anti-crime department. And Ars Technica reports that according to an FBI affidavit, O’Cearrbhail was arrested by the Garda in Sept. 2011 on a hack-related charge, though he was later released.