LulzSec hacker may face future demons, 'Catch me if you can' thief says

Hector Xavier Monsegur -- the ringleader of the LulzSec hacker group whose identity exclusively revealed yesterday -- mitigated his jail time by ratting out his hacker colleagues to the FBI. But wiping away his criminal activities may take a lifetime, warned one ex-con who turned his criminal talents into a career.

Frank Abagnale, the thief-turned-consultant on whom the film "Catch Me if you Can" was based, said he works with the FBI and therefore couldn't comment on the hacker case exclusively revealed by on Tuesday, March 6. But the mistakes Abagnale made in his youth seem to parallel Monsegur’s -- and it took a lifetime to wipe that from his record, Abagnale warned.

“It takes years and years to build one’s credibility and to rectify mistakes made in one’s life,” Abagnale told  “I committed the crimes, as depicted in the movie, between the ages of 16 and 21. I served five years in prison and was released at age 26.”

Since that date Abagnale has worked with the FBI for 36 years without compensation -- not even travel expenses.

“I truly believe you have to earn that second chance. It has taken me 35 years to be where I am today and still people refer to me as a conman, thief, and much more -- and they will for the rest of my life.”

More On This...

Had Monsegur turned to white hat hacking or IT security instead, he could have been a contender, experts assure

“Sabu could be making millions of bucks heading the IT security department of a major company,” a law enforcement official told “But look at him, he’s impoverished, living off public assistance and was forced between turning on his friends and spending a lifetime in jail.”

And indeed, it appears Monsegur did try to walk that path early on, new emails reveal.

Mikko Hypponen, the chief research officer for security firm F-Secure, told that the hacker had reached out to the company to warn them of a severe vulnerability in one of their programs -- possibly fishing for a job.

“I've discovered a severe local root vulnerability in F-Secure's FSIGK (F-Secure's Internet Gatekeeper for Linux). Complete details are within the attached advisory,” the hacker wrote in a 2005 email to F-Secure.

He was just 21.

Monsegur was clearly skilled, even at the time, but how competent was he really? Was he mediocre, just a guy who knew how to poke around networks, or a true master?

“He was good enough. Not the best in the world, but he obviously knew his way around UNIX systems already in 2005,” Hypponen told Still, Hypponen said he probably wouldn’t have hired Monsegur.

Chester Wisniewski, a senior security advisor at security firm Sophos characterized Monsegur as a talented computer guy without any training, a self-taught hacker, though not one at an international-fame level. Could he have gotten a job with Sophos?

“I wouldn't say absolutely, but we are always interested in people with talent in the security space,” Wisniewski said.

“Lazy but competent fits the profile of many of the guys we see,” he told, adding that “we have a shortage of a talented security guys fighting on the side of good.”

Such a job would have seemed a windfall to the unemployed Monsegur.

“You won't find technical work that pays under 60k and it only goes up from there,” Wisniewski said.

It may be too late, however. Experts say that a criminal background can be a real impediment to a career in cyber security.

“I don't think redemption is possible,” Michael Gregg, an ethical hacker for Fortune 500s and the federal government and COO of Superior Solutions told “His crimes are such that legitimate firms will not want to be associated with such an individual.”

There is a clear distinction between blackhat and whitehat hackers in the current world of IT security, Gregg noted.

“Hector Monsegur made the choice to become a blackhat and to hack for little reason beyond maliciousness. Hector had skills that could have been used by a penetration testing firm.  But the problem is that it requires more than raw skills. Judgment is needed to know what you can and cannot do (legally and ethically).”

“On that point Sabu falls way short,” he said.