Published March 06, 2012
EXCLUSIVE: It was one of the hottest days of the year and evening temperatures were still sweltering when two FBI agents wearing bulletproof vests under their dark suits climbed the stairs of the Jacob Riis housing complex in New York’s Lower East Side on June 7, 2011. Drenched in sweat, they knocked on the steel door of a sixth-floor unit. It swung open to reveal a man in his late twenties wearing jeans and a white T-shirt.
“I’m Hector,” he said.
The agents were suddenly face-to-face with “Sabu,” the computer genius they had stalked for months, a quarry so elusive they hadn’t pinned down his identity and location until just weeks before. The suspected ringleader of the Anonymous offshoot group LulzSec, Hector Xavier Monsegur and his web minions had just completed a month-long reign of terror, hacking the CIA, Fox, Sony and several financial institutions, causing, according to some estimates, billions of dollars in damage around the world.
The nondescript public housing unit seemed an unlikely nerve center for one of the world’s most wanted criminal masterminds, but the 28-year-old Monsegur himself is a study in such contradictions. An unemployed computer programmer, welfare recipient and legal guardian of two young children, Monsegur did not go to college and is a self-taught hacker. Although his skills and intellect could command a lucrative salary in the private sector, those who know him say he is lazy, an underachiever complacent with his lifestyle.
“He’s extremely intelligent,” a law enforcement official said. “Brilliant, but lazy.”
It was the laziness that got him.
Sabu had always been cautious, hiding his Internet protocol address through proxy servers. But then just once he slipped. He logged into an Internet relay chatroom from his own IP address without masking it. All it took was once. The feds had a fix on him.
For weeks they waited, watching him, monitoring the online activity of the man they believed was the leader of LulzSec.
But then, late in the evening of June 7, they received word that Sabu had been "doxed" -- meaning that for a very brief moment, someone had posted Sabu’s real name and address online. Law enforcement feared Sabu would see he’d been outed and begin destroying evidence of his hacking career—and all traces of those he’d worked and communicated with online. They had to move.
Agents had already subpoenaed Sabu’s Facebook account, finding stolen credit card numbers he was selling to other hackers. They had enough to charge him with aggravated identity theft, which carries a two-year minimum sentence. But as the brains behind LulzSec, the man staring across the doorway at them on that summer night last year was much more valuable as a cooperating witness.
“It’s not me, you got the wrong guy,” Monsegur said, according to sources who witnessed the interaction. “I don’t have a computer.”
Behind Monsegur, the agents saw the Ethernet cable snaking to his DSL modem, green lights blinking on and off.
The agents worked their prey, using the time-honored good cop/bad cop routine. Bad cop stormed out of Monsegur’s apartment yelling, “That’s it, no deal, it’s over, we’re locking you up.”
The computer genius finally gave in, surrendering to the most clichéd tool in the law enforcement arsenal. But the agents had more than just skills – they had leverage.
“It was because of his kids,” one of the two agents recalled. “He’d do anything for his kids. He didn’t want to go away to prison and leave them. That’s how we got him.”
Monsegur was quietly arrested on aggravated identity theft charges and released on bail. On Aug. 15 he pleaded guilty to a dozen counts of hacking-related charges and agreed to cooperate with the FBI. Monsegur went right on living in the unit he shared with the children, supporting them, five brothers and a sister and living off public assistance, according to those who know him.
But from now on, he worked for the government he had once tried to attack at every turn.
Monsegur, according to his handlers, took his Internet name from a Staten Island-born pro-wrestler who billed himself as a Saudi Arabian to incite jingoistic arena crowds. Sabu the Elephant Boy wrestled on the independent pro circuits in the 1980s and 1990s, developing a reputation as a heel who shed as much blood as he drew.
It was his anti-government, anti-capitalist ideologies that caused Monsegur to gravitate toward hacking, according to those who witnessed his ascent. His rare blend of interpersonal skills, technical ability and street cred, combined with the hacks he did, ensured his rapid ascent in the hacker community. Driven by politics, Monsegur once released personal information about Arizona law enforcement in response to the state’s immigration law.
Anonymous and LulzSec members call themselves “hacktivists,” hackers with an agenda, a theme that runs through Monsegur's career. For several years he worked at LimeWire, one of a group of software companies that created peer-to-peer sharing programs to help users "liberate" their music.
Such file-sharing software obviously facilitated copyright infringements -- and new networks to share music files after Napster was shut down. LimeWire was eventually closed, slammed by the recording industry group RIAA with a $105 million lawsuit. Monsegur lost his job when the company was shuttered. With the exception of a stint as a repo-man, he’s been unemployed ever since.
Given his prodigious skills, he needn’t have been, according to his handlers.
“Sabu could be making millions of bucks heading the IT security department of a major company,” a law enforcement official said. “But look at him, he’s impoverished, living off public assistance and was forced between turning on his friends and spending a lifetime in jail.
“It’s sad, really.”