What the Sabu revelation means for hackers

Everyone, no matter who they profess to be, is potentially an informant.

To most observers he seemed unpredictable, dangerous and so highly skilled that he could evade the long arm of the law. But in an astonishing revelation, last week it emerged that Sabu, the notorious figurehead of hacking group LulzSec, had for almost nine months been working secretly as an informant for the FBI.

The identity of 28-year-old Hector Xavier Monsegur, who led a rampage against government websites and multi-national corporations, had been uncovered when he failed to mask his computer's IP address using an internet chat room on just one fateful occasion.

Soon after, FBI agents appeared at the door of his apartment on the sixth floor of a 14-story housing project in Manhattan. The agents reportedly played "good cop bad cop", convincing the infamous hacker - almost immediately, according to court documents - that his only way out was to cooperate with an international investigation into his former comrades.

Monsegur, under his Sabu guise, proceeded to continue operating aggressively online - in some cases encouraging fellow hackers to commit crimes - all while under apparent instruction of the FBI.

Some suspected he had been "turned" - but the hacker world is rife with conspiracy theories and there was no hard evidence to prove it. "Sabu was identified, apprehended by the FBI and turned to an informant," one perceptive group wrote in November last year. Yet the claim never gained substantial traction.

From the perspective of the authorities, it was a tactical masterstroke. They had managed to flip the most notorious, the most feared, and the most accomplished of the LulzSec members. Due to his close ties and wide respect among hacker collective Anonymous and other splinter groups such as AntiSec, Sabu was a goldmine to the FBI. With his help, they were able to level charges against five accused hackers based in Britain, Ireland and America.

There are concerns, however, about how far the Bureau went to pursue its goals.

On 19 June, just 12 days after Sabu had been arrested, LulzSec, the group he commanded, issued a public call to arms. "Top priority is to steal and leak any classified government information, including email spools and documentation," it wrote in a manifesto.

Sabu was quick to proudly point out the manifesto to his 30,000 Twitter followers. "The biggest, unified operation amongst hackers in history," he wrote, possibly from an FBI computer. "All factions welcome. We are one."

Two months later, on 17 August, Sabu disappeared offline for 30 days. We now know that just two days prior, on 15 August, he had secretly pleaded guilty to twelve counts of hacking in a closed hearing at Southern District court, between Manhattan Bridge and Broadway, New York. When he returned, though he reportedly helped call off some attacks, he maintained a hostile front, claiming, "I wasn't owned, arrested, hacked or any of the other rumors [sic]."

In December, he encouraged an offensive against companies manufacturing surveillance technology; he called on hackers to target "with impunity" anyone supporting legislation that would restrict internet freedoms; and played what sources close to him say was a central role in hacking intelligence and security thinktank Stratfor. The attack on Stratfor resulted in 75,000 credit card numbers being posted online, with 5.5m of the thinktank's confidential emails subsequently passed to WikiLeaks.

This trend continued almost right up until 6 March, the day he was "outed" in an exclusive published by Fox News. As recently as two weeks ago Sabu had publicly instructed hackers to "infiltrate" international crime organisation Interpol and to "expose" arms companies. "Hack their servers," he tweeted on 28 February. "Scour their user email/passes. Grab mailspoolz. Grab docs... Leak. Rinse. Repeat."

Sabu's activities while working out of FBI offices, and then later his home under 24-hour surveillance, raise significant legal and ethical questions. Most notably: by encouraging people to commit crimes in such a brazen fashion, did he cross the thin line from informant to agent provocateur?

It has been suggested that the attack on Stratfor and the subsequent dealing with WikiLeaks was allowed - perhaps encouraged - by the FBI, not only to strengthen the US government's case against the hackers, but also to assist in the prosecution of WikiLeaks founder Julian Assange. (This does not seem beyond the realms of possibility, particularly given America's well-documented desire to prosecute Assange for his role in publishing US government secrets.)

It could have been the case, of course, that Sabu on occasion went "rogue" while under FBI direction. But given that he was the most notorious hacker in the world and having his every move monitored, it is doubtful the authorities would have let him out of their sight long enough for him to have the opportunity - repeatedly and over a period of several months - to incite others to commit criminal acts. What appears more likely is that the FBI decided, like the hackers, they too could play dirty.

These are issues that will no doubt be addressed In the months ahead, as the FBI's tactics fall under scrutiny in the courts and elsewhere. The impact of the Sabu revelation, meantime, has unsurprisingly reverberated like an atomic bomb within the Anonymous community.

"I feel for the ones who worked with him and who trusted him with leaks/data," one hacker told New Statesman. "They could never have known."

This sentiment is one shared across online chat rooms frequented by Anonymous, where there are varying degrees of anger, paranoia, fear and sadness.

For many, the large void left by Sabu will provide a defining moment of sobering reality. His silent Twitter page, once a ceaseless stream of anti-establishment rage, is now nothing but a ghostly relic - a symbolic reminder that in the shadowy virtual world hackers inhabit, no one is untouchable, and everyone, no matter who they profess to be, is potentially an informant.

Ryan Gallagher is a freelance journalist based in London. His website is here.

Getty
Show Hide image

Why is it called Storm Doris? The psychological impact of naming a storm

“Homes being destroyed and lives being lost shouldn’t be named after any person.”

“Oh, piss off Doris,” cried the nation in unison this morning. No, it wasn't that everyone's local cantankerous old lady had thwacked our ankles with her stick. This is a different, more aggressive Doris. Less Werther’s, more extreme weathers. Less bridge club, more bridge collapse.

This is Storm Doris.

A storm that has brought snow, rain, and furious winds up to 94mph to parts of the UK. There are severe weather warnings of wind, snow and ice across the entire country.

But the real question here is: why is it called that? And what impact does the new Met Office policy of naming storms have on us?

Why do we name storms?

Storm Doris is the latest protagonist in the Met Office’s decision to name storms, a pilot scheme introduced in winter 2015/16 now in its second year.

The scheme was introduced to draw attention to severe weather conditions in Britain, and raise awareness of how to prepare for them.

How do we name storms?

The Name our Storms initiative invites the public to suggest names for storms. You can do this by tweeting the @metoffice using the #nameourstorms hashtag and your suggestion, through its Facebook page, or by emailing them.

These names are collated along with suggestions from Met Éireann and compiled into a list. These are whittled down into 21 names, according to which were most suggested – in alphabetical order and alternating between male and female names. This is done according to the US National Hurricane Naming convention, which excludes the letters Q, U, X, Y and Z because there are thought to be too few common names beginning with these letters.

They have to be human names, which is why suggestions in this list revealed by Wired – including Apocalypse, Gnasher, Megatron, In A Teacup (or Ena Tee Cup) – were rejected. The Met Office received 10,000 submissions for the 2016/17 season. According to a spokesperson, a lot of people submit their own names.

Only storms that could have a “medium” or “high” wind impact in the UK and Ireland are named. If there are more than 21 storms in a year, then the naming system starts from Alpha and goes through the Greek alphabet.

The names for this year are: Angus (19-20 Nov ’16), Barbara (23-24 Dec 2016), Conor (25-26 Dec 2016), Doris (now), Ewan, Fleur, Gabriel, Holly, Ivor, Jacqui, Kamil, Louise, Malcolm, Natalie, Oisín, Penelope, Robert, Susan, Thomas, Valerie and Wilbert.

Why does this violent storm have the name of an elderly lady?

Doris is an incongruous name for this storm, so why was it chosen? A Met Office spokesperson says they were just at that stage in their list of names, and there’s no link between the nature of the storm and its name.

But do people send cosy names for violent weather conditions on purpose? “There’s all sorts in there,” a spokesperson tells me. “People don’t try and use cosy names as such.”

What psychological impact does naming storms have on us?

We know that giving names to objects and animals immediately gives us a human connection with them. That’s why we name things we feel close to: a pet owner names their cat, a sailor names their boat, a bore names their car. We even name our virtual assistants –from Microsoft’s Clippy to Amazon’s Alexa.

This gives us a connection beyond practicality with the thing we’ve named.

Remember the response of Walter Palmer, the guy who killed Cecil the Lion? “If I had known this lion had a name and was important to the country or a study, obviously I wouldn’t have taken it,” he said. “Nobody in our hunting party knew before or after the name of this lion.”

So how does giving a storm a name change our attitude towards it?

Evidence suggests that we take it more seriously – or at least pay closer attention. A YouGov survey following the first seven named storms in the Met Office’s scheme shows that 55 per cent of the people polled took measures to prepare for wild weather after hearing that the oncoming storm had been named.

“There was an immediate acceptance of the storm names through all media,” said Gerald Fleming, Head of Forecasting at Met Éireann, the Irish metereological service. “The severe weather messages were more clearly communicated.”

But personalising a storm can backfire. A controversial US study in 2014 by PNAC (Proceedings of the National Academy of Sciences) claimed that hurricanes with female names lead to higher death tolls – the more “feminine” the name, like Belle or Cindy, the higher the death toll. This is not because female names are attached to more severe storms; it is reportedly because people take fewer steps to prepare for storms with names they perceive to be unintimidating or weak.

“In judging the intensity of a storm, people appear to be applying their beliefs about how men and women behave,” Sharon Shavitt, a co-author of the study, told the FT at the time. “This makes a female-named hurricane . . . seem gentler and less violent.”

Names have social connotations, and affect our subconscious. Naming a storm can raise awareness of it, but it can also affect our behaviour towards it.

What’s it like sharing a name with a deadly storm?

We should also spare a thought for the impact sharing a name with a notorious weather event can have on a person. Katrina Nicholson, a nurse who lives in Glasgow, says it was “horrible” when the 2005 hurricane – one of the fifth deadliest ever in the US – was given her name.

“It was horrible having something so destructive associated with my name. Homes being destroyed and lives being lost shouldn’t be named after any person,” she tells me over email. “I actually remember at the time meeting an American tourist on a boat trip in Skye and when he heard my name he immediately linked it to the storm – although he quickly felt guilty and then said it was a lovely name! I think to this day there will be many Americans who hate my name because of it.”

Anoosh Chakelian is senior writer at the New Statesman.