Court papers reveal hacker’s role helping to fix U.S. break-ins
The court document was prepared by prosecutors who are asking a judge for leniency when sentencing prominent hacker Hector Xavier Monsegur because of his “extraordinary cooperation.”
The New York Times
A prominent hacker set to be sentenced in federal court this week for breaking into numerous computer systems worldwide has provided a trove of information to authorities, allowing them to disrupt at least 300 cyberattacks on targets that included the U.S. military, Congress, the federal courts, NASA and private companies, according to a newly filed government court document.
The hacker, Hector Xavier Monsegur, also helped authorities dismantle a particularly aggressive cell of the hacking collective Anonymous, leading to the arrest of eight of its members in Europe and the United States, including Jeremy Hammond, who the FBI said was its top “cybercriminal target,” the document says. Hammond is serving a 10-year prison term.
The court document was prepared by prosecutors who are asking a judge, Loretta Preska, for leniency for Monsegur because of his “extraordinary cooperation.” He is set to be sentenced Tuesday in U.S. District Court in New York City on hacking conspiracy and other charges that could result in a long prison sentence.
It has been known since 2012 that Monsegur, who was arrested in 2011, was acting as a government mole in the shadowy world of computer hacking, but the memorandum submitted to Preska late Friday reveals for the first time the extent of his assistance and what the government perceives of its value. It also offers the government’s first explanation of Monsegur’s involvement in a series of coordinated attacks on foreign websites in early 2012, though his precise role is in dispute.
The whereabouts of Monsegur have been shrouded in mystery. Since his cooperation with the authorities became known, he has been vilified online by supporters of Anonymous, of which he was a member.
The memo, meanwhile, said that the government became so concerned about his safety that it relocated him and some members of his family.
“Monsegur repeatedly was approached on the street and threatened or menaced about his cooperation once it became publicly known,” said the memo, which was filed by the office of Preet Bharara, the U.S. attorney in Manhattan.
Born in 1983, Monsegur moved to the Jacob Riis housing project on Manhattan’s Lower East Side at a young age, where he lived with his grandmother after his father and aunt were arrested for selling heroin. He became involved with hacking groups in the late 1990s, drawn, he has indicated, to the anti-government philosophies the groups espoused.
Monsegur’s role as an informant emerged in March 2012, when authorities announced charges against Hammond and others. A few months later, Monsegur’s bail was revoked after he made “unauthorized online postings,” the document says without elaboration. He was jailed for seven months and then released on bail in December 2012, and has made no further postings, the memo says.
The memo says that when Monsegur (who used the Internet alias “Sabu”) was first approached by FBI agents and questioned about his online activities in June 2011, he admitted to criminal conduct and immediately agreed to cooperate with law enforcement.
“Working sometimes literally around the clock, at the direction of law enforcement, Monsegur engaged his co-conspirators in online chats that were critical to confirming their identities and whereabouts,” prosecutors wrote.
His primary assistance was his cooperation against Anonymous and its splinter groups Internet Feds and LulzSec.
“He provided detailed historical information about the activities of Anonymous, contributing greatly to law enforcement’s understanding of how Anonymous operates,” the memo says.
Neither Bharara’s office nor a lawyer for Monsegur would speak about the memo.
Monsegur provided an extraordinary window on the activities of LulzSec, which he and five other members of Anonymous had created. The memo describes LulzSec as a “tightly knit group of hackers” who worked as a team with “complementary, specialized skills that enabled them to gain unauthorized access to computer systems, damage and exploit those systems, and publicize their hacking activities.”
After his arrest, Monsegur provided information that helped repair a hack of PBS’ website, in which he had been a “direct participant,” and helped patch a vulnerability in the Senate’s website. He also provided information about “vulnerabilities in critical infrastructure, including at a water utility for an American city, and a foreign energy company,” the document says.
The coordinated attacks on foreign government websites in 2012 exploited a vulnerability in a popular Web hosting software. The targets included Iran, Pakistan, Turkey and Brazil, according to court documents in Hammond’s case.
The memo said that “at law enforcement direction,” Monsegur attempted to obtain details about the vulnerability but was unsuccessful.
“At the same time, Monsegur was able to learn of many hacks, including hacks of foreign government computer servers, committed by these targets and other hackers, enabling the government to notify the victims, wherever feasible,” the memo said.
The memo does not specify which foreign governments the U.S. alerted about the vulnerabilities.
But according to a recent prison interview with Hammond and logs of Internet chats between him and Monsegur — submitted to the court in Hammond’s case — Monsegur seemed to have played a more active role in directing some of the attacks. In the chat logs, Monsegur directed Hammond to hack numerous foreign websites, and closely monitored whether Hammond had success in gaining access to the sites.
Sarah Kunstler, a lawyer for Hammond, said Saturday: “The government’s characterization of Sabu’s role is false. Far from protecting foreign governments, Sabu identified targets and actively facilitated the hacks of their computer systems.”
At his sentencing in November, Hammond was prohibited by Preska, the judge, from naming the foreign governments that Monsegur had asked him to hack. But, according to an uncensored version of a court statement by Hammond that appeared online on the day of his sentencing, the target list included more than 2,000 Internet domains in numerous countries.