How a Hacker Helped Stop 300 AttacksLulzSec Leader Gets Light Sentence Based on Cooperation
Hector Xavier Monsegur, also known by the hacker alias "Sabu," helped federal authorities prevent or mitigate more than 300 cyber-attacks that were being planned or carried out by others. So when it came time to sentence him for his role in the attacks, Monsegur, a former leader of the sophisticated group of hackers known as LulzSec, was sentenced to time served - seven months in prison - plus one year of supervised release.
See Also: 2016 State of Threat Intelligence Study
In aiding the government in its investigations, Monsegur sometimes worked around the clock and engaged co-conspirators in online chats that were critical to confirming their identities and whereabouts, prosecutors say.
Monsegur's cooperation enabled the government to prevent or mitigate attacks on the computer servers of U.S. and foreign governments, international intergovernmental organizations and private corporations, according to prosecutors. The victims included the U.S. Armed Forces, the U.S. Congress, NASA, Visa, MasterCard, PayPal, Fox Broadcasting and Sony Pictures Entertainment.
The former Lulzsec leader also provided authorities with information on vulnerabilities in certain critical infrastructure, including at a U.S. water utility, that enabled law enforcement to secure that infrastructure, prosecutors say.
Monsegur pleaded guilty in August 2011 to multiple charges, according to the U.S. Attorney's Office for the Southern District of New York. As part of his agreement with the government, Monsegur helped federal investigators to identify, locate and arrest eight of his co-conspirators, authorities say (see: LulzSec Leader Strikes Deal with Feds).
U.S. District Judge Loretta A. Preska, who imposed the sentence on Monsegur on May 27, said, "The fact that Monsegur immediately chose to cooperate and went back online ... allowed the extraordinary cooperation."
Kimberly Peretti, an attorney at Alston & Bird who helped put fraudster Albert Gonzalez behind bars, says the case is "one of a kind." She adds: "Don't expect to see this recurring frequently on an ongoing basis. But it does highlight how effective it can be for someone to provide insight into [cybercrime]."
Monsegur was a member of the hacktivist groups Anonymous and two of its splinter groups, Internet Feds and LulzSec.
Along with other members of Anonymous, Monsegur took responsibility for a number of cyber-attacks between December 2010 and June 2011, including distributed-denial-of-service attacks against the websites of Visa, MasterCard and PayPal, as retaliation for the refusal of these companies to process donations to WikiLeaks, as well as hacks or DDoS attacks on foreign government computer systems, authorities say.
As a member of the hacking collective Internet Feds, he participated in various cyber-attacks that involved online destruction, intimidation and criminality, authorities say. Members of Internet Feds engaged in a series of cyber-attacks that included breaking into computer systems, stealing confidential information, publicly disclosing stolen confidential information, hijacking victims' e-mail and Twitter accounts and defacing victims' Internet websites.
For instance, Monsegur and other Internet Feds members conspired to hack: the website of Fine Gael, a political party in Ireland; computer systems used by security firms HBGary Inc., and its affiliate HBGary Federal, LLC, which involved the theft of confidential data on 80,000 user accounts; and computer systems used by Fox Broadcasting Co., from which Internet Feds stole confidential data relating to more than 70,000 potential contestants on "X-Factor," a Fox television show.
In May 2011, Monsegur, along with others, formed the group LulzSec. The group took part in cyber-assaults on the websites and computer systems of business and government entities in the U.S. and throughout the world, authorities say. In one incident, LulzSec hacked Sony Pictures Entertainment and stole confidential data concerning approximately 100,000 users of Sony's website (see: Sony Pictures Hacker Pleads Guilty).
Cooperation with Law Enforcement
On May 23, Preet Bharara, the U.S. attorney for the Southern District of New York, filed a pre-sentencing memo detailing Monsegur's cooperation in mitigating more than 300 cyber-attacks.
"Monsegur acknowledged his criminal conduct from the time he was first approached by agents, before he was charged in this case," Bharara says. "Monsegur admitted both to prior criminal conduct about which the government had not developed evidence, as well as his role in both Internet Feds and LulzSec.
"Monsegur subsequently and timely provided crucial, detailed information regarding computer intrusions committed by these groups, including how the attacks occurred, which members were involved, and how the computer systems were exploited once breached."
Authorities say Monsegur's primary contribution was his help in nabbing cybercriminals affiliated with Anonymous, Internet Feds and LulzSec. "[Monsegur] provided detailed historical information about the activities of Anonymous, contributing greatly to law enforcement's understanding of how Anonymous operates," Bharara says. "Monsegur also provided crucial and detailed information about the formation, organization, hierarchy and membership of these hacking groups, as well as specific information about their planning and execution of many major cyber-attacks, including the specific roles of his co-conspirators in committing those crimes."
Monsegur's efforts led to the arrest and convictions of core members of LulzSec, including Jeremy Hammond, who went by the hacker alias "Anarchaos." Hammond was sentenced to 10 years in prison for his role in the 2011 Strategic Forecasting Inc. breach that affected about 860,000 individuals (see: Stratfor Hacker's Sentence: An Analysis). Stratfor is a global intelligence firm based in Austin, Texas, that provides services to the U.S. federal government.
Commenting on the case, Peretti of Alston & Bird notes: "We're moving to an era in cybercrime where we're getting that advanced warning through information sharing through someone who has contacts into the criminal underground to help these companies prevent cyber-attacks."
Yet, law enforcement needs to be careful in establishing relationships with cybercriminals because it's "easy for them to cooperate and at the same time continue criminal activities anonymously," Peretti says. "Having that extra level of verification and trust with whom you're working with is important."
Monsegur's cooperation also shows that hackers will not necessarily remain loyal to one another, says Lisa Sotto, managing partner for New York-based law firm Hunton & Williams. "It's no longer an 'honor among thieves' mentality," she says.