Sabu, the IRC name used by Hector Xavier Monsegur, the leader of LulzSec – a group responsible for several high-profile attacks in 2011 – has been working with the FBI for several months in order to help them track and arrest the other LulzSec members.
The FBI announced on Tuesday that Ryan Ackroyd (Kayla), Jake Davis (Topiary), Darren Martyn (pwnsauce), Donna O’Cearrbhail (palladium), and Monsegur (Sabu), have been arrested and charged for their actions within LulzSec, and a sixth person Jeremy Hammond (Anarchaos), who is an AntiSec supporter.
Sabu was initially arrested in August 2011 for his role in the attacks on HBGary Federal and HBGary, Sony, Fox, InfraGard, and PBS. Kayla, Topiary, pwnsauce, and palladium were each charged in an indictment for their roles in the attacks on Fox, Sony, and PBS. Each of the listed victims were known and established LulzSec targets during the summer and fall of 2011.
The FBI’s interest in Anonymous and LulzSec started after the attacks against MasterCard, Visa, and PayPal in 2010, during Operation Payback. In January 2011, the FBI worked with international law enforcement to conduct a massive sweep of Operation Payback’s participants, executing more than 40 search warrants in a single morning.
Later in the summer, the FBI executed another sweep in relation to Operation Payback. In each of the raids, a source within the Department of Justice explained that information on participants within Anonymous and LulzSec started to surface.
While the FBI was running raids, LulzSec – led by Sabu – was raiding things of their own – and after the attacks on HBGary Federal earlier in 2011, followed by attacks on InfraGard (an FBI affiliated program for InfoSec), LulzSec became a group of interest within the Department of Justice.
As it turned out, the FBI did what it does best, and managed to get an insider to flip on the others. All it took was a single connection to an IRC server without the use of TOR. From there, after months of follow-up investigation, they were able to pressure their asset into working with them.
Previous speculation surrounding the wave of FBI raids and arrests, including the cases where the FBI supported law enforcement in the U.K., was that several people had turned informant, or were working with the government in order to lighten their potential sentences. Since the initial Operation Payback raids, several Anons had suspected that there was “a snitch among [them]” and yet no one assumed it was Sabu.
Again, the fact that the FBI leveraged someone on the inside comes as no shock to those that follow the law enforcement agency or is familiar with their methods. In this case, Sabu isn’t a CI (Confidential Informant), but rather a CW or Cooperating Witness.
Some of the more notable examples of the FBI turning an insider in order to further criminal investigations include Tony Casso (a CW against the Lucchese Crime Family), and Sammy “The Bull” Gravano (a CW against the Gambino Crime Family).
In addition to the LulzSec related charges, the sixth person snagged by the FBI this week, Hammond, is an AntiSec supporter who is charged with the Christmas Eve attack on Stratfor. The AntiSec raid against Stratfor resulted in the eventual release of more than 60,000 credit cards and 860,000 user accounts and passwords. Moreover, in the aftermath of that attack, Stratfor’s email spools, also compromised during the AntiSec raid, were recently published by WikiLeaks.
While the FBI calls Tuesday’s news “devastating” to LulzSec and their supporters, the reality is that even with the charges, LulzSec’s supporters – some of whom gladly align themselves with the AntiSec movement and Anonymous – may end up emboldened by the FBI’s actions. It’s likely that they’ll start hitting more targets than normal, and hitting them harder than before.
Everyone recently charged by the FBI are looking at 10 years in prison for their actions. However, Monsegur is facing an estimated 124 years for his role. It’s unknown if his help in the case will be taken into consideration when it comes to sentencing.