The U.S. charged six leaders of an underground hacking movement that spent more than a year embarrassing law enforcement officials and turned cyber attacks into a tool of political activism.
The six, some involved with the group “Anonymous,” are accused of intrusions that attracted worldwide attention such as defacing the website of the U.S. Central Intelligence Agency, stealing customer data from Sony Pictures Entertainment Inc. (CPEI) and recording a confidential FBI teleconference of U.S. and Irish agents discussing an international hacking probe. They also stole personal information of at least 1 million people, U.S. authorities said.
One those charged, Hector Xavier Monsegur, who used the nickname Sabu and is described as an “influential member” of Anonymous and an off-shoot group LulzSec, is cooperating with U.S. authorities, according to a transcript of his August guilty plea in federal court in New York.
“This is probably going to have quite a chilling effect within the illegal-hacking part of Anonymous,” said Chester Wisniewski, a researcher for the Burlington, Massachusetts-based cybersecurity firm Sophos Inc. “The closely coordinated and really damaging attacks, which is what the LulzSec part of it was, are going to be a lot harder if you’re looking over your shoulder all the time for the FBI,” he said.
Those arrested are among the de facto leadership of Anonymous, the self-professed hacker-activist group, and LulzSec, or Lulz Security, an affiliated group, according to Barrett Brown, an informal spokesman for Anonymous.
Monsegur, 28, of Manhattan, admitted breaking into Sony Pictures Entertainment’s computer servers in El Segundo, California, where he obtained confidential data on about 100,000 users of its sonypictures.com website and into Sony Music Entertainment’s computer systems in Belgium, the Netherlands and Russia, U.S. authorities said. He later admitted sharing that information with other LulzSec members, court records show.
He also said he and his co-conspirators broke into the websites of the governments of Algeria, Yemen and Zimbabwe and conducted a cyber attack upon Tribune Co. (TRB) and the computer system used by Fox Broadcasting Co. (NWSA), according to U.S. authorities. Monsegur, known as “Sabu,” and his co- conspirators stole confidential data relating to more than 70,000 potential “X-Factor” television show contestants, prosecutors said.
Monsegur continued to work with Anonymous until this week, posting his last tweet only hours before the arrests, Brown said. His guilty plea was only made public yesterday by U.S. authorities.
“If that’s true, he’s an absolute traitor,” Brown said in an interview. “God knows what’s compromised.”
Brown, who said his own Dallas apartment was raided by the Federal Bureau of Investigation yesterday, said Monsegur had access to confidential dealings among the top leadership of both LulzSec and Anonymous.
He said it’s unclear what information Monsegur may have given authorities as he continued to work on operations, including the hack of Strategic Forecasting Inc., or Stratfor, an Austin, Texas-based global security firm.
“They managed to get people who are very important, the de facto leadership,” Brown said. “That’s something they haven’t been able to do up to now.”
There have been rumors in recent weeks that Monsegur was working with authorities, Brown said.
“I wrote it off as mistakes or a false-flag operation by the FBI,” he said.
Monsegur’s arrest in June and his Aug. 15 plea to 12 counts including conspiracy and computer hacking were sealed after U.S. District Judge Loretta Preska said “the facts here are sufficiently unique that it is possible that this defendant could be identified, and, thus, be in great personal danger,” according to a court transcript.
He could face as long as 122 1/2 years in prison, Preska told him during the proceeding.
The six defendants and their unidentified co-conspirators “waged a deliberate campaign of online destruction, intimidation and criminality” from December 2010 to May 2011, Manhattan U.S. Attorney Preet Bharara said in a statement.
Ryan Ackroyd, Jake Davis, Darren Martyn and Donncha O’Cearrbhail were charged together in an indictment unsealed yesterday.
Jeremy Hammond, 27, who is also known as “Anarchaos,” and identified himself as a member of the hacking group called AntiSec, was arrested in Chicago on March 5, U.S. authorities said. He was charged separately in a sealed criminal complaint with the December 2011 hack of Stratfor.
The U.S. said Hammond and his AntiSec co-conspirators stole employee e-mails and account information for about 860,000 subscribers or clients of Stratfor. Hammond also allegedly stole information from about 60,000 card cards and used the data to make more than $700,000 unauthorized charges.
Hammond appeared yesterday in federal court in Chicago and agreed to be transferred to New York to face the charges against him, Randall Samborn, a spokesman for Chicago U.S. Attorney Patrick Fitzgerald, said in an e-mail.
James Finnerty, a Chicago lawyer representing Hammond, didn’t immediately respond to a voice-mail message yesterday seeking comment.
Akroyd, 25, of Doncaster, U.K., and Davis, 19, of Lerwick, Shetland Islands, in the U.K., were previously arrested, U.S. law enforcement said. Akroyd was re-arrested yesterday in Ireland, U.S. officials said. Davis remains free on bail, a U.S. official said.
Martyn, 25, of Galway, Ireland, was previously arrested by authorities there and re-arrested by Irish authorities on new charges, U.S. law enforcement officials said.
All three were charged with two counts of computer hacking conspiracy which carries a term of as long as 10 years in prison.
O’Cearrbhail, 19, of Birr, Ireland, is charged with the illegal hacking of a Jan. 17 conference call between FBI agents in the U.S. and agents with the National Police Service of Ireland. The 16-minute call detailed confidential aspects of the investigation into Anonymous by the FBI, U.K. and Irish law enforcement and included information on efforts to infiltrate the group using informants.
U.S. authorities said yesterday that intrusion, later posted on YouTube in February, was the equivalent of an illegal wiretap.
He’s charged with one count of computer-hacking conspiracy, punishable by as long as 10 years in prison and one count of intentionally disclosing an unlawfully intercepted wire communication, which carries a term of as long as five years. He was previously arrested on related charges in Ireland and re- arrested yesterday by Irish authorities, U.S. officials said.
LulzSec took responsibility for compromising user accounts from Sony Pictures in 2011 and for taking the CIA website offline, as well as hacking the website of the Atlanta branch of InfraGard, an FBI-private industry partnership concerned with protecting critical U.S. infrastructure.
Monsegur, who was allowed to remain free on $50,000 bond, admitted participating with other LulzSec members in stealing confidential information from 200,000 users of the Bethesda Softworks LLC, a video game website. Bethesda Softworks is a unit owned by Providence Equity Partners Inc. a private equity firm based in Providence, Rhode Island.
Brown said Monsegur was responsible for the release of personal information of law enforcement and military personnel obtained following the Stratfor intrusion, which he described as controversial within Anonymous.
“The release of the credit cards on the Stratfor hack, that was Sabu,” Brown said. “In terms of incriminating other people, who knows what he may have done?”
To contact the reporters on this story: Patricia Hurtado in New York at firstname.lastname@example.org; Michael Riley in Washington at email@example.com; Bob Van Voris in New York at firstname.lastname@example.org.
To contact the editor responsible for this story: Michael Hytha at email@example.com