LulzSec Leader Strikes Deal with Feds

Feds Nab Five 'Hacktivists' After Ringleader Turns Informant
LulzSec Leader Strikes Deal with Feds
The way authorities flipped a so-called hacktivist to nab five others this week seemed to employ traditional law enforcement techniques, coupled with contemporary methods, addressed by FBI Director Robert Mueller at the RSA security conference last week.

Using information from an informant, U.S. authorities announced March 6 that they arrested five individuals aligned with the hacking collectives Anonymous and Lulz Security, or LulzSec [see LulzSec: Senate, Sony Hackers Profiled], linking them to digital assaults on American and foreign government websites, financial services companies, government contractors and media companies.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

"We must cultivate the sources necessary to infiltrate criminal online networks, to collect the intelligences, to prevent the next attack and to topple the network from inside," Mueller said at RSA Conference 2012 [see Combining Old, New to Nab Cybercriminals].

Authorities identified the informant as Hector Xavier Monsegur, who pled guilty in August in hopes of receiving a reduced sentence. Monsegur is a founder of LulzSec - a loose affiliate of the hacking collective Anonymous - and known by the monikers Sabu and LEon, court papers say. The U.S. Attorney's Office and FBI declined to say how they caught Monsegur. According to an affidavit, Monsegur acted as a "rooter," a hacking expert who could identify the vulnerabilities of a potential victim's computer system.

Among the targets of the hackers, according to court papers, were the U.S. Senate, Fox Broadcasting, security firm HBGary, PBS, Sony Pictures and Stratfor, a private firm that provides governments and others with independent geopolitical analysis. Other targets included government computers in Tunisia, Algeria, Yemen and Zimbabwe.

PBS was targeted because of what the hackers perceived as unfavorable news coverage of WikiLeaks on the network's program Frontline, court papers reveal. Some hacktivists targeted organizations they deemed unfriendly to WikiLeaks, the group credited with releasing one-quarter million sensitive U.S. diplomatic cables, including PayPal, Mastercard and Visa, which stopped processing payments to the group.

The indictment counters a perception that hacktivists' motivations were purely political, alleging that credit-card information stolen from Stratfor was used by one suspect, Jeremy Hammond, to make unauthorized purchases exceeding $700,000. Hackers exposed credit-card information from 60,000 people from the Stratfor attack, the government says.

The attacks generally involved pilfering personally identifiable information and posting the data online or a distributed denial of service attack, in which websites are forced to shutter as hackers overwhelm them with a flood of messages.

According to authorities:

  • Monsegur, 28, of New York, pled guilty to three counts of computer hacking conspiracy, five counts of computer hacking, one count of computer hacking in furtherance of fraud, one count of conspiracy to commit access device fraud, one count of conspiracy to commit bank fraud, and one count of aggravated identity theft. He faces a maximum sentence of 124 years and six months in prison.
  • Ryan Ackroyd, 23, of Doncaster, U.K.; Jake Davis, 29, of Lerwick, Shetland Islands, U.K.; and Darren Martyn, 25, of Galway, Ireland, each are charged with two counts of computer hacking conspiracy. Each conspiracy count carries a maximum sentence of 10 years in prison.
  • Donncha O'Cearrbhail, 19, of Birr, Ireland, is charged in the indictment with one count of computer hacking conspiracy, for which he faces 10 years in prison. He also is charged in the complaint with one count of intentionally disclosing an unlawfully intercepted wire communication, for which he faces a maximum sentence of five years in prison.
  • Hammond, 27, of Chicago, is charged with one count of computer hacking conspiracy, one count of computer hacking, and one count of conspiracy to commit access device fraud. Each count carries a maximum sentence of 10 years in prison.

Authorities say Davis faces separate criminal charges in Britain, and Ackroyd was being interviewed by British authorities. Irish police arrested O'Cearrbhail.

These aren't the first arrests involving LulzSec members. In September, the FBI arrested a LulzSec member known as "recusion" - Cody Krestinger of Phoenix - for the breach of Sony Pictures Entertainment computers last spring [see FBI: LulzSec Member Nabbed for Sony Attack].

Last June, Scotland Yard announced the arrest of a 19 year old identified as Topiary authorities characterized as one of the spokesmen of the hacking groups Anonymous and LulzSec [LulzSec Spokesman Nabbed, Police Say].

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.