Kevin Pocock notes the recent high-profile
hacking indictments, and a leader turned informant.
In May 2011, the website of the US
broadcaster Fox was targeted by the hacking group ‘LulzSec’. Data including the
details of 73,000 X Factor contestants was leaked. Shortly afterwards, the
website of the PBS (American Public Broadcasting System) came under attack.
Then, to varying degrees, the websites of Sony, Nintendo, Bethesda Studios,
Sony and the CIA were also compromised, along with others.
Hacks weren’t uncommon, but these attacks
had a welcome, indeed willing, publicity to them. And, as it turns out,
LulzSec, who even took suggestions for targets from its Twitter followers, were
doing it ‘for the lulz’. Between May and the end of June 2011, the group ran
riot, but its ‘planned 50 day voyage’, ended just after it joined forces with
Anonymous to launch Operation AntiSec. The group’s final message, posted on
YouTube on 27th June 2011, can be seen at tinyurl.com/658yhyr.
Start at the end
For LulzSec, though, 7th June 2011 had
already marked the end of the line. That was the day, according to an exclusive
Fox News report published on 6th March, that two FBI agents came face to face
with ‘Sabu’, the LulzSec ‘leader’: Hector Xavier Monsegur, an unemployed
28-year-old man living on the sixth floor of the Jacob Riis housing complex in
the Lower East Side of New York. Sabu was, according to a law enforcement
official, ‘Brilliant, but lazy’, and lazy enough to claim ‘I don’t have a
computer’, even as, to quote Fox, ‘Behind Monsegur, the agents saw the Ethernet
cable snaking to his DSL modem, green lights blinking on and off.’
Hector
Xavier Monsegur, aka ‘Sabu’
Lazy or not, reports have since surfaced
that after that meeting on 7th June, Sabu worked incredibly hard to cooperate
with government agencies so as to inform on his friends and associates, and
shore up governmental and company websites, in a deal agreed to in no small
part because of his guardianship of his two children. So when Jake Davis of the
Shetland Islands was arrested on 27th July on suspicion of being the LulzSec
‘media man’ ‘Topiary’, Sabu no doubt knew it was coming. Not only this, but he
may well have helped enable the action.
Other core members were similarly arrested.
Ryan Ackroyd of London, allegedly aka ‘Kayla’ was the owner of the botnet
utilised as LulzSec’s main weapon in the DDOS (Distributed Denial Of Service)
attacks on targeted websites and services. He was also indicted on 6th March.
So was Darren Martyn of Ireland, allegedly aka ‘Pwnsauce’; supposed LulzSec
associate Donncha O’Cearrbhail, believed to go by the handle ‘Palladium’; and
‘Anarchaos’, allegedly Jeremy Hammond of Chicago. Another core member,
‘T-flow’, was reported as arrested by London’s Metropolitan Police on 19th July
2011, while ‘Joepie91’ the owner of the LulzSec IRC channel was apparently
arrested on 21st June 2011, just 14 days after the FBI found Sabu.
Puzzle pieces
These dates are interesting because they
also make quite a lot of sense. Although various personalities within the wider
hacking community spent hours attempting (and, as it turns out, some actually
succeeded) to ‘dox’ (publish personal details of) the members of a group, the
FBI and other law enforcement agencies seem to have had a set path of action in
dealing with LulzSec.
Sabu’s arrest came as the result of him
logging into an IRC channel using his real IP address, rather than a proxy. A
small mistake, but once the FBI caught up with him, his and LulzSec’s
self-publicity did enough to all but condemn him. Assuming that international
law enforcement agencies wanted an end to LulzSec rather quickly, it’s no great
leap to assume that disrupting their communication was a starting point.
JoePie91 was caught up with. And although at the time LulzSec commented that
JoePie91 wasn’t actually a member, the arrest of a person believed to be the
owner of their IRC channel, and the cooperation of Sabu, no doubt provided yet
more information in moving the cases forward.
If we take to Twitter, a much-loved output
for the group, even more becomes clear. The account of Topiary went quiet at
the end of July, with all tweets being deleted, except for one previously
posted on the 22nd, reading, ‘You cannot arrest an idea.’ LulzSec’s account,
which Topiary is believed to have handled, became inactive on the 27th July,
the day Jake Davies, accused of being Topiary, was arrested. The account of
Kayla, the group’s botnet owner, suddenly went quiet on 1st September.
We also now know that on 15th August Sabu was
pleading guilty to a combined 12 charges against him. Charges including
consipracy to engage in computer hacking, computer hacking, conspiracy to
commit access device fraud, conspiracy to commit bank fraud and aggravated
identity theft.
A total ruse
Back on Twitter on 17th August, just two
days after the aforementioned plea, Sabu posted a quote from the movie The
Usual Suspects: ‘The greatest trick the devil ever pulled was convincing the
world he did not exist. And like that… he is gone’. And like that, Sabu was
indeed gone… sort of.
Depending on your point of view (hacker or
law enforcer), the ‘devil’ in question might well have ceased to exist at this
point, or was just moving into existence. After a few weeks of silence, Sabu
was back tweeting, but not before he told Gawker in an alleged phone interview
that talk of him cooperating with the FBI was ‘bullsh*t’. He added, ‘I stop
posting on Twitter and mad rumours get started.’ However, it wasn’t just other
hackers questioning the disappearance. The owner of a Twitter account by the
name of ‘@mockingbird36’, partly directed a tweet at the the high-profile
‘hacktivist of good’ known as ‘The Jester’, commenting, ‘Interesting how Sabu
disappears for a few weeks, then suddenly reappears, and then arrests are being
made #Cooperating’.
The
mascot of LulzSec, once a toast of ‘hacktivists’
Many observers were no doubt thinking the
same thing, but with Sabu returning to his tweeting as if nothing had ever
happened, towing the ‘Free Topiary’ line, and continuing to engage in
anti-governmental dialogue, it seems he had enough trust from those also allied
to his claimed causes to be given credibility. It turns out that for his
associates and contacts in the hacking community that may have been a very bad
idea. Monsegur’s charges add up to a potential prison sentence 124 years and
six months, but it’s not yet confirmed how any sentence will be dealt with in
light of his cooperation.
What now?
At the time of writing, and as of 5th
March, Sabu’s once reinvigorated Twitter account has gone silent once more.
This was the day before high-profile members of LulzSec and Anonymous,
including those I’ve mentioned, were charged. Sabu’s last – I won’t say final –
post was the German phrase, ‘Die Revolution sagt ich bin, ich war, ich werde
sein.’ Translated, it reads, ‘The revolution says I am, I was and I will be’
and is a quote linked to Rosa Luxemburg, a far-left German revolutionary. The
full, proper quotation is ‘Tomorrow the revolution will ‘rise up again,
clashing its weapons,’ and to your horror it will proclaim with trumpets
blazing: I was, I am, I shall be!’.
Yet like his previous, Usual
Suspect-inspired, cryptic message, who it is aimed at is hard to judge. If it
is law enforcement agencies, will they take any notice, having had Sabu working
for them, providing potentially huge amounts of important information on
international hacking associates? If It’s his Twitter followers and those same
international associates, will they take any heed of words from a man who has
been working against them?
Anon go on
It’s impossible to tell at this stage, but
while the lulz might have ended, the linked group Anomymous is certainly
looking forward, seemingly untroubled by events. While FBI sources have been
quoted as saying they’ve taken the head off the group, Anonymous followers have
disagreed, with a tweet from the @YourAnonNews Twittter account reading, ‘We
don’t have a leader. A movement against authority without leaders drives
authority insane; they cant break down a movement by corrupting the leader.’
This was supported by the words of the
on-off spokesperson for Anonymous, Barrett Brown, who told CNN, ‘…[the]
indictments won’t disrupt the organisation’s action over the long-term. There
are more than enough people around.’ He added, ‘Major operations going forward
won’t be interrupted.’ Still, one thing seems certain: The lulz boat, and all
who sailed on her, have been well and truly dry-docked.
LulzSec.com
as it is today
Anonymous,
as its artwork suggests, claims no head
