EXCLUSIVE: For the last eight months, the self-styled “hacktivists” who make up LulzSec and the international hacker community beyond have been led by a turncoat.
Like a Mafia don who wears a wire to ensnare his own soldiers, Hector Xavier Monsegur, aka “Sabu,” has been helping the FBI track down and gather evidence against his associates, tweeting out misinformation and even protecting the CIA among other government and financial institutions from hacks, according to sources close to the LulzSec leader and law enforcement officials in charge of the months-long international hacking probe capped by international arrests of the remaining LulzSec leaders on Tuesday morning.
Flipping Monsegur wasn’t easy. But with a charge of aggravated identity theft and a two-year prison sentence to hang over his head, the FBI forced Monsegur to weigh the political beliefs that drove him and his allegiance to cohorts around the world against his desire to be with his kids—he is the guardian of two children—and his extended family.
“He didn’t go easy,” a law enforcement official involved in flipping Sabu told FoxNews.com. “It was because of his kids. He didn’t want to go away to prison and leave them. That’s how we got him.”
“He really cares about these kids,” a source said. “They’re young [and] he is really worried about what will happen.”
Information filing against Hector Monsegur, LulzSec leader 'Sabu'
Indictment against LulzSec hackers Ackroyd et al
Complaint filed against LulzSec hacker Jeremy Hammond
Complaint against LulzSec hacker Donncha O'Cearrbhail
On Aug. 15, 2011, Monsegur pleaded guilty to more than ten charges relating to his hacking activity. In the following few weeks, he worked almost daily out of FBI offices, helping the feds identify and ultimately take down the other high-level members of LulzSec and Anonymous, sources said. In time, his handlers allowed him to work from the home from which he previously wrought destruction, using a PC laptop provided by the FBI. His old battered laptop with its missing left Shift, L and 7 keys was turned over to the FBI, along with the encryption keys government sleuths needed to access his records and take them into evidence.
The white pit bull Monsegur bought shortly after his arrest sits at his feet, barking at all strangers who step off the elevator.
Monsegur maintained the same habits and online presence he did prior to his arrest as the young hackers he commanded sat alone in their rooms around the world, searching for vulnerabilities on websites and servers. Their leads were sent to Sabu, like offerings made to a monarch.
“In half the world he was a god,” one law enforcement official explained. “If he thought what you did was good, you’d rise up in the [hacker] community—once he blessed you, basically.”
“About 90 percent of what you see online is bulls---."
- One of Monsegur’s FBI handlers
Sabu was online between 8 and 16 hours a day, often sleeping during the day and working throughout the night, watching YouTube videos as he worked for the FBI. Monitoring software on his government-issued laptop allowed the feds to see what he did in real time. The FBI has had an agent watching his online activity 24 hours a day, officials said.
When Sabu told his handlers of a vulnerability his minions detected in a company or government server, the feds reached out to the targets and tried to prevent damage. Sometimes, it was too late.
Sabu and his FBI handlers also disseminated false information to the public and hacker community—often through Twitter, sometimes through unsuspecting reporters who thought they’d landed an online interview with the notorious hacker. Their correspondence was sometimes directly with agents. More often it was with Sabu acting on strict guidance from the agents sitting with him, reading his every word.
“About 90 percent of what you see online is bulls---,” said one of Monsegur’s handlers, referring to the Twitter posts from Sabu’s account and “interviews” he’s given to the press on direction from the FBI as part of their disinformation campaign.
With Sabu’s help, the FBI learned the identities of other LulzSec members, gathered evidence and records from private chatrooms used by the elite hackers to plan and discuss their cyber attacks, and found out about planned hacks in time to minimize or prevent damage without blowing their star witness’ cover.
In August, 2011, it became known that LulzSec affiliate Anonymous had hacked into 70 law enforcement websites, mostly local sheriffs’ websites in Missouri run by the same hosting company. The hacks had actually occurred four weeks prior. Using information passed on by Monsegur, the FBI was able to work with the server company to mitigate the damage.
With Sabu’s help, the FBI alerted 300 government, financial and corporate entities in the U.S. and around the globe to potential vulnerabilities in their computer systems, allowing the companies to protect themselves, an FBI supervisory official told FoxNews.com.
Sabu’s work as a cooperating witness also included fact-checking allegations from his peers. When members of LulzSec and Anonymous announced publicly that they’d hacked a company to steal information, Sabu would verify or discredit the claims. Most of the time, the hackers just got into computer systems and databases and looked around without taking anything—but even the rumor of a breach can cause a company to spend large amounts of money or spook stockholders.
When the CIA found itself under siege from LulzSec hackers, Sabu stepped in. With his underlings launching so-called DDoS attacks -- denial of service cyberattacks that basically flood a website with traffic to overwhelm it -- the CIA’s public website was threatened.
“We told Sabu to tell them to stop,” an official said. “‘It’s embarrassing for the CIA,’ we told Sabu, ‘Make them stop, now.’”
Sabu sent out the order: “You’re knocking over a bee’s nest,” he warned his associates. “Stop.”
The example showed the power of the alienated young father who used his brilliant mind to wreak economic havoc around the world from the least likely computer command center until the feds unmasked him. Afforded cult-leader status by his fellow hackers, Monsegur evoked both respect and envy.
“He's a rockstar,” a New York-based hacker with close ties to WikiLeaks said recently. “All the girls, you buy them a drink, but all they want to talk about is Sabu, Sabu, Sabu.
“And what really sucks is he really is that good.”
Today, the hackers who worshipped Sabu are in for a rude awakening.
“When people in the hacking community realize their God has actually been cooperation with the government, it’ll be sheer terror,” said one senior official.
Another source was even more blunt: “You might be a messiah in the hacking community but you’re still a rat,” he said.