What the Sabu revelation means for hackers

Everyone, no matter who they profess to be, is potentially an informant.

To most observers he seemed unpredictable, dangerous and so highly skilled that he could evade the long arm of the law. But in an astonishing revelation, last week it emerged that Sabu, the notorious figurehead of hacking group LulzSec, had for almost nine months been working secretly as an informant for the FBI.

The identity of 28-year-old Hector Xavier Monsegur, who led a rampage against government websites and multi-national corporations, had been uncovered when he failed to mask his computer's IP address using an internet chat room on just one fateful occasion.

Soon after, FBI agents appeared at the door of his apartment on the sixth floor of a 14-story housing project in Manhattan. The agents reportedly played "good cop bad cop", convincing the infamous hacker - almost immediately, according to court documents - that his only way out was to cooperate with an international investigation into his former comrades.

Monsegur, under his Sabu guise, proceeded to continue operating aggressively online - in some cases encouraging fellow hackers to commit crimes - all while under apparent instruction of the FBI.

Some suspected he had been "turned" - but the hacker world is rife with conspiracy theories and there was no hard evidence to prove it. "Sabu was identified, apprehended by the FBI and turned to an informant," one perceptive group wrote in November last year. Yet the claim never gained substantial traction.

From the perspective of the authorities, it was a tactical masterstroke. They had managed to flip the most notorious, the most feared, and the most accomplished of the LulzSec members. Due to his close ties and wide respect among hacker collective Anonymous and other splinter groups such as AntiSec, Sabu was a goldmine to the FBI. With his help, they were able to level charges against five accused hackers based in Britain, Ireland and America.

There are concerns, however, about how far the Bureau went to pursue its goals.

On 19 June, just 12 days after Sabu had been arrested, LulzSec, the group he commanded, issued a public call to arms. "Top priority is to steal and leak any classified government information, including email spools and documentation," it wrote in a manifesto.

Sabu was quick to proudly point out the manifesto to his 30,000 Twitter followers. "The biggest, unified operation amongst hackers in history," he wrote, possibly from an FBI computer. "All factions welcome. We are one."

Two months later, on 17 August, Sabu disappeared offline for 30 days. We now know that just two days prior, on 15 August, he had secretly pleaded guilty to twelve counts of hacking in a closed hearing at Southern District court, between Manhattan Bridge and Broadway, New York. When he returned, though he reportedly helped call off some attacks, he maintained a hostile front, claiming, "I wasn't owned, arrested, hacked or any of the other rumors [sic]."

In December, he encouraged an offensive against companies manufacturing surveillance technology; he called on hackers to target "with impunity" anyone supporting legislation that would restrict internet freedoms; and played what sources close to him say was a central role in hacking intelligence and security thinktank Stratfor. The attack on Stratfor resulted in 75,000 credit card numbers being posted online, with 5.5m of the thinktank's confidential emails subsequently passed to WikiLeaks.

This trend continued almost right up until 6 March, the day he was "outed" in an exclusive published by Fox News. As recently as two weeks ago Sabu had publicly instructed hackers to "infiltrate" international crime organisation Interpol and to "expose" arms companies. "Hack their servers," he tweeted on 28 February. "Scour their user email/passes. Grab mailspoolz. Grab docs... Leak. Rinse. Repeat."

Sabu's activities while working out of FBI offices, and then later his home under 24-hour surveillance, raise significant legal and ethical questions. Most notably: by encouraging people to commit crimes in such a brazen fashion, did he cross the thin line from informant to agent provocateur?

It has been suggested that the attack on Stratfor and the subsequent dealing with WikiLeaks was allowed - perhaps encouraged - by the FBI, not only to strengthen the US government's case against the hackers, but also to assist in the prosecution of WikiLeaks founder Julian Assange. (This does not seem beyond the realms of possibility, particularly given America's well-documented desire to prosecute Assange for his role in publishing US government secrets.)

It could have been the case, of course, that Sabu on occasion went "rogue" while under FBI direction. But given that he was the most notorious hacker in the world and having his every move monitored, it is doubtful the authorities would have let him out of their sight long enough for him to have the opportunity - repeatedly and over a period of several months - to incite others to commit criminal acts. What appears more likely is that the FBI decided, like the hackers, they too could play dirty.

These are issues that will no doubt be addressed In the months ahead, as the FBI's tactics fall under scrutiny in the courts and elsewhere. The impact of the Sabu revelation, meantime, has unsurprisingly reverberated like an atomic bomb within the Anonymous community.

"I feel for the ones who worked with him and who trusted him with leaks/data," one hacker told New Statesman. "They could never have known."

This sentiment is one shared across online chat rooms frequented by Anonymous, where there are varying degrees of anger, paranoia, fear and sadness.

For many, the large void left by Sabu will provide a defining moment of sobering reality. His silent Twitter page, once a ceaseless stream of anti-establishment rage, is now nothing but a ghostly relic - a symbolic reminder that in the shadowy virtual world hackers inhabit, no one is untouchable, and everyone, no matter who they profess to be, is potentially an informant.

Ryan Gallagher is a freelance journalist based in London. His website is here.

Getty
Show Hide image

Inside a shaken city: "I just want to be anywhere that’s not Manchester”

The morning after the bombing of the Manchester Arena has left the city's residents jumpy.

On Tuesday morning, the streets in Manchester city centre were eerily silent.

The commuter hub of Victoria Station - which backs onto the arena - was closed as police combed the area for clues, and despite Mayor Andy Burnham’s line of "business as usual", it looked like people were staying away.

Manchester Arena is the second largest indoor concert venue in Europe. With a capacity crowd of 18,000, on Monday night the venue was packed with young people from around the country - at least 22 of whom will never come home. At around 10.33pm, a suicide bomber detonated his device near the exit. Among the dead was an eight-year-old girl. Many more victims remain in hospital. 

Those Mancunians who were not alerted by the sirens woke to the news of their city's worst terrorist attack. Still, as the day went on, the city’s hubbub soon returned and, by lunchtime, there were shoppers and workers milling around Exchange Square and the town hall.

Tourists snapped images of the Albert Square building in the sunshine, and some even asked police for photographs like any other day.

But throughout the morning there were rumours and speculation about further incidents - the Arndale Centre was closed for a period after 11.40am while swathes of police descended, shutting off the main city centre thoroughfare of Market Street.

Corporation Street - closed off at Exchange Square - was at the centre of the city’s IRA blast. A postbox which survived the 1996 bombing stood in the foreground while officers stood guard, police tape fluttering around cordoned-off spaces.

It’s true that the streets of Manchester have known horror before, but not like this.

I spoke to students Beth and Melissa who were in the bustling centre when they saw people running from two different directions.

They vanished and ducked into River Island, when an alert came over the tannoy, and a staff member herded them through the back door onto the street.

“There were so many police stood outside the Arndale, it was so frightening,” Melissa told me.

“We thought it will be fine, it’ll be safe after last night. There were police everywhere walking in, and we felt like it would be fine.”

Beth said that they had planned a day of shopping, and weren’t put off by the attack.

“We heard about the arena this morning but we decided to come into the city, we were watching it all these morning, but you can’t let this stop you.”

They remembered the 1996 Arndale bombing, but added: “we were too young to really understand”.

And even now they’re older, they still did not really understand what had happened to the city.

“Theres nowhere to go, where’s safe? I just want to go home,” Melissa said. “I just want to be anywhere that’s not Manchester.”

Manchester has seen this sort of thing before - but so long ago that the stunned city dwellers are at a loss. In a city which feels under siege, no one is quite sure how anyone can keep us safe from an unknown threat

“We saw armed police on the streets - there were loads just then," Melissa said. "I trust them to keep us safe.”

But other observers were less comforted by the sign of firearms.

Ben, who I encountered standing outside an office block on Corporation Street watching the police, was not too forthcoming, except to say “They don’t know what they’re looking for, do they?” as I passed.

The spirit of the city is often invoked, and ahead of a vigil tonight in Albert Square, there will be solidarity and strength from the capital of the North.

But the community values which Mancunians hold dear are shaken to the core by what has happened here.

0800 7318496