LulzSecs Sabu Was Identity Thief, Not Robin Hood

Federal indictment accuses Sabu of crossing a clear line between political expression and criminal activity.

Anonymous: 10 Facts About The Hacktivist Group (click image for larger view and for slideshow)
The hacktivist group LulzSec made a name for itself by cracking databases and servers sporting poor security, then publicizing what theyd been able to do and find. Groups as diverse as the Atlanta InfraGard chapter, Sony Pictures Entertainment, the U.S. Senate, and PBS saw their websites hacked and defaced, and sensitive information leaked.
The group portrayed itself as being a group devoted to lulz, which is Internet slang that can be interpreted as laughs, humor, or amusement. That definition comes from a
12-count federal indictment
unsealed in federal court Tuesday against four men authorities said comprised part of the core of LulzSec: Ryan Ackroyd (aka kayla, lol, lolspoon), Jake Davis (aka topiary, atopiary), Darren Martyn (aka pwnsauce, raepsauce, networkkitten), and Donncha OCearrbhail (aka Palladium).
But a related 12-count indictment, also unsealed Tuesday, singled out 28-year-old Hector Xavier Monsegur (aka Sabu, Xavier DeLeon, Leon) as the LulzSec leader, in addition to being an ongoing participant in the
hacktivist collective known as Anonymous
. He reportedly pled guilty to all the charges leveled against him, which collectively carry a maximum prison sentence of 124 years and six months.
A post from
Sabus Twitter account
Monday struck a seeming note of defiance: The federal government is run by a bunch of [obscenity removed] cowards. Dont give in to these people. Fight back. Stay strong.
[ Learn about the newest trends and practices to help keep your companys data secure. Read
10 Lessons From RSA Security Conference
. ]
The 27-page indictment against Monsegur details a striking number of exploits, some overtly political, some riffing on pop culture, and others seemingly just random. Notably, the indictment accused Monsegur of having participated in
Operation Payback
, which involved launching
distributed denial of service (DDoS) attacks
in retaliation for MasterCard, PayPal, Visa, and other payment providers cutting off funds to WikiLeaks. It also accuses him of hacking attacks against Tunisian, Zimbabwean, Algerian, and Yemini government servers. In cooperation with hacking group Internet Feds--of which Ackroyd, Davis, Martyn, and OCearrbhail were allegedly core members--Monsegur was also accused of hacking into
HBGary
and releasing thousands of emails.
Then theres
the LulzSec band
, which hacked into numerous sites and became famous for bragging about it. Although the members of LulzSec and their co-conspirators claimed to have engaged in these attacks for humorous purposes ... LulzSecs criminal acts included, among other things, the theft of confidential information, including sensitive personal information for thousands of individuals, from their victims computer systems; the public disclosure of that confidential information on the Internet; the defacement of Internet websites; and overwhelming victims computers with bogus requests for information--meaning DDoS attacks--according to the indictment.
If LulzSec built its reputation on
merry pranks
--such as releasing contact details for 73,000 X-Factor contestants--the indictment also accused Monsegur of outright fraud and other criminal activity.
For starters, Monsegur was accused of hacking into an automotive parts site and shipping himself four engines, worth a total of $3,450. Authorities also accused Monsegur of using stolen credit card numbers to pay off at least $1,000 in debts and sharing peoples bank account, routing number, and personal information with others, meaning he engaged in
identity theft
.
Those who suggest Sabus actions were just hacktivism or for the lulz need to recognize that Sabu wasnt a Robin Hood who nobly gave voice to a cause, but a thief who admitted to lining his own pockets, said Chester Wisniewski, a senior security advisor at Sophos Canada, in a
blog post
.
Would the dollar values attached to those crimes, had they been conducted using a stolen credit card, have even merited an investigation by local police? Regardless, when you add in illegally accessing and defacing government websites and numerous hacks of private businesses sites, you can
expect the FBI
to start investigating.
On a related note, after a 50-day hacking spree, LulzSec--without warning--bid adieu in June 2011. At the time, the
groups unexpected retirement
appeared to mark yet another
random move
from the chaos-craving band.
Thanks to the federal indictments unsealed Tuesday, however, its now clear that Monsegur had been busted that month, after which he began cooperating with the FBI. The cooperation even went so far as using FBI-provided servers to unpack stolen information, including
emails stolen from Stratfor
, which were then shared with WikiLeaks.
Accordingly to the indictment, he also helped the bureau to amass evidence against other LulzSec and Anonymous participants. For example, he lured OCearrbhail, on an anonymous chat, into revealing
which VPN service he used
to obscure his identity. Investigators were then able to correlate login times with OCearrbhails IP address, which they used to help positively identify the Irish citizen, who’s accused of
leaking a transatlantic law enforcement conference call
discussing ongoing investigations into LulzSec and Anonymous.
To protect company and customer data, we need to determine what makes it so vulnerable and appealing. We also need to understand how hackers operate, and what tools and processes they rely on. In our
How (And Why) Attackers Choose Their Targets
report, we explain how to ensure the best defense by thinking like an attacker and identifying the weakest link in your own corporate data chain. (Free registration required.)

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
LulzSecs Sabu Was Identity Thief, Not Robin Hood