What it means to you Tracking inflation Best CD rates this month Shop and save 🤑
BUSINESS
Federal Bureau of Investigation

How master hacker Sabu turned FBI cybersleuth

Kevin McCoy
USA TODAY
Hector Xavier Monsegur, a computer hacker known as Sabu, and a former member of Lulzsec and Anonymous, leaves federal court in New York.

NEW YORK — Helping federal investigators disrupt cyberattacks and nab hackers was more than just a tough job for the computer maven known by his one-word nom de Net: Sabu.

As authorities and his attorneys tell it, the 30-year-old New Yorker's efforts provoked Internet threats that labeled him a snitch and worse, plus one violent attack. Two young relatives were nearly forced into foster homes.

Sabu agreed to cooperate almost immediately after FBI agents went to a public housing project on Manhattan's Lower East Side in June 2011 and confronted the man who'd grown up there as Hector Xavier Monsegur.

He admitted involvement in major computer hacks of Fox Television, FBI affiliate Infragard/Unveillance, the U.S. Senate, Visa, MasterCard, PayPal and other targets.

Flipping Monsegur gave the FBI a prized informant in a battle against growing intrusions on government and private-sector computer networks — an informant who had collaborated with international hackers, was well-versed on cyberattacks, had up-to-date Internet and Dark Web knowledge and regularly chatted online with admiring fans.

He was a skilled "rooter," who analyzed computer code for vulnerabilities that "could then be exploited," Assistant U.S. Attorney James Pastore wrote in a sentencing memo in May. For months, Monsegur worked around the clock, communicating with fellow hacktivists about prospective attacks while investigators monitored the activity.

Federal prosecutors estimated his assistance helped disrupt at least 300 cyberattacks.

Unknown to other hackers at the time, Monsegur pleaded guilty to computer hacking, credit card fraud, conspiracy to commit bank fraud and other charges after agreeing to cooperate.

News of his FBI-monitored sleuthing exploded across cyberspace, in headlines and on TV and radio broadcasts in early March 2012, when authorities announced arrests and criminal charges against core members of the LulzSec and Internet Feds hacking collectives.

The announcement disclosed similar charges against Monsegur — and noted his guilty plea. Including that detail was roughly akin to updating a Facebook page with the announcement of a new line of employment: Rat.

Monsegur couldn't return home afterward, his defense lawyers Peggy Cross-Goldenberg and Philip Weinstein wrote in a sentencing memo in May. His name and face were all over the Internet, making him a potential retribution target.

He wasn't alone. Social Security numbers, home addresses and other identifying information about his relatives were distributed online.

"While the technical details of his hacking activities may have passed under the radar on the Lower East Side, the concept of 'snitching' did not," the defense attorneys wrote. Some in the area suspected cause-and-effect when New York City police conducted a drug raid near Monsegur's building soon after the government announcement.

"Mr. Monsegur's younger brother, who stood by his side every day throughout the whole ordeal, was threatened and actually physically attacked," the attorneys wrote.

Internet postings spread speculation that Monsegur played a role in last October's FBI arrest of Ross William Ulbricht, the suspect accused of setting up and running the Silk Road black market website using the online name "Dread Pirate Roberts."

Pastore insisted that wasn't true, but the prosecutor wrote, "During the course of his cooperation, the threat to Monsegur and his family became severe enough that the FBI relocated Monsegur and certain of his family members."

Knowing the potential risks, why did Monsegur agree to cooperate? Had he renounced political activism his attorneys said was sparked in part by the Arab Spring? He declined a USA TODAY interview request, but his attorneys say the answer wasn't political, legal or even online — it was his family.

When his grandmother, Irma, died in June 2010, he became the caregiver for two younger cousins. Like him, they were part of an extended family living in the older woman's sixth-floor apartment at the Jacob Riis Houses, a low-income rental complex of 13 brick towers near the East River and FDR Drive.

"The girls were the most important thing in his life," the attorneys wrote. "He was involved in their education, walking them to and from school and helping with their homework."

If Monsegur had balked at cooperating when the FBI came knocking, he could have been held in jail while the criminal case against him ground through the federal court system. If he went to trial and lost, he faced a 124-year maximum sentence.

Either way, the girls would have probably been sent to foster homes.

"It was not a difficult choice for him," Monsegur's attorneys wrote. "However strong his political beliefs, his family came first."

Ultimately, even what prosecutors described as Monsegur's "extraordinary" cooperation didn't entirely avert the threat of a family breakup. After his guilty plea was made public, New York City child welfare system workers initially moved to place his cousins in foster care.

After hours of phone calls and discussions, the girls instead were returned to the care of their mother, who'd recently been released from prison.

Where defense lawyers and federal agents saw a family man or born-again patriot, others saw a self-serving traitor.

Jeremy Hammond, the FBI's top cybercrime target in 2012, collaborated with Monsegur as they and other hacktivists broke into corporate computer systems. The roster included geopolitical intelligence firm Stratfor, which Hammond later said in court he'd known nothing about until Monsegur brought it to his attention.

Only later did he learn that his onetime partner had helped investigators arrest him in 2012. Hammond later argued he had been set up by an improper government sting.

"At the time, Sabu was encouraging people to invade systems and helping to strategize and facilitate attacks," Hammond said during his federal court sentencing last November. "He even provided me with vulnerabilities of targets passed on by other hackers, so it came as a great surprise when I learned that Sabu had been working for the FBI the entire time.

"These intrusions, all of which were suggested by Sabu while cooperating with the FBI, affected thousands of domain names and consisted largely of foreign government websites," Hammond said. He named Turkey, Brazil and Iran before U.S. District Court Judge Loretta Preska instructed him not to identify specific countries.

Federal prosecutor Pastore wrote in the government sentencing memo for Monsegur that the informant learned of many computer attacks by Hammond and other conspirators, "including hacks of foreign government computer servers."

The information enabled the government "to notify the victims, wherever feasible, so the victims could engage in remediation efforts and prevent further damage or intrusions," Pastore wrote.

A June 5 report by Motherboard, an online magazine and video channel, included what were described as previously secret chat logs showing that Monsegur facilitated attacks on Brazilian websites while working for the FBI.

Hammond said at sentencing that he'd acted out of civil disobedience to "expose and confront injustice." Preska sentenced him to the maximum statutory punishment, 10 years in prison, based in part on "the widespread harm suffered by countless individuals and organizations" he'd hacked.

In contrast, Preska allowed Monsegur to walk free with a sentence of time served at a sentencing hearing in May. He'd spent seven months behind bars, the penalty for making unauthorized online postings while working for the government.

"One of the things I realized is that I hurt my family the most, my friends and victims in the case," Monsegur told the court. "And I have gained such regret for even putting anyone through this. I assure you I will not be in this courtroom ever again."

Monsegur is trying to start over. His spotty work experience includes a stint around 2002 as a technology intern for iMentor, an organization that encourages students from low-income communities to graduate from high school and pursue college.

"He hopes to be able to use his very prolific computer skills in his future employment," defense lawyer Cross-Goldenberg said after Monsegur's sentencing. "Any company would be lucky to have him."

He'll probably "always have concern for his safety" as a result of his role as a government informant, she said.

"Hopefully, it will dissipate," she said, "and he and his family will be able to move on."

Featured Weekly Ad