A member of the cyber-hacking collective Anonymous who was credited with helping authorities thwart more than 300 computer intrusions was also responsible for orchestrating cyberattacks against American companies that did business with the federal government, according to newly released documents.
Hector “Sabu” Monsegur was widely known to have cooperated with the federal government following his arrest in the summer of 2011. His status as a hacker-turned-informant was made public in March 2012 after news reports surfaced that tied him to the arrest of five computer hackers within the Anonymous movement and various offshoots, some of which fell under Monsegur’s leadership.
The extent of his cooperation recently became public knowledge when the government pointed to Monsegur’s assistance in disrupting 300 attacks during his three-year stint as a federal informant. He was also responsible, according to federal prosecutors, for providing “candid” information to law enforcement that led to the “extremely important” prosecutions of several individuals.
In a court document drafted by U.S. attorney Preet Bharara, Monsegur was said to have communicated with several individuals believed to have been designing sophisticated cyber intrusions with the goal of learning how and when the attacks would take place. But sealed court documents that were leaked to three journalists reveal Monsegur’s role was likely more than that of an observer.
Recent reports filed by journalists Daniel Stuckey, Dell Cameron and Andrew Blake based on unreleased court documents show Monsegur was the mastermind behind several high-profile computer intrusions — in some cases, against those who did business with the FBI and other government agencies.
According to a report by Motherboard, Monsegur directed members of an Anonymous offshoot known as “AntiSec” to make use of compromised login credentials to gather “as much data as possible” from computer servers “as (federal) investigators stood by.”
The information obtained from the attack was later published online — almost certainly with the knowledge of federal investigators who could have prevented the attack but chose not to. The company at the center of the computer intrusion, ManTech International, was “among one of the FBI’s most preferred contractors” and had secured a lucrative contract with the agency to the tune of $108.7 million.
The ManTech cyber intrusion was not an isolated incident. According to a report by the Daily Dot based on the same sealed court records, federal investigators knew of a computer intrusion against a company called Stratfor that resulted in the compromise of 60,000 credit cards and millions of e-mail messages.
At the time, the federal government placed the blame on a computer hacker named Jeremy Hammond, who pled guilty last year and is now serving a 10-year prison sentence. In one court document, federal prosecutors called Hammond “the FBI’s number one cyber-criminal target in the world,” who was ultimately captured because of a cyber attack masterminded by the FBI’s number one cyber informant.
Documents published by the Daily Dot show it was Monsegur, not Hammond, who orchestrated the attack on Stratfor, which ultimately saw a trove of confidential data going to the whistleblower website Wikileaks. Though the FBI claimed it learned of the attack after it had occurred, the court documents show investigators were fully aware of plans to hit Stratfor before anything was compromised — and again, agents stood by and did nothing.
“[The FBI] could have stopped me,” Hammond told a Daily Dot reporter from prison in May. “They knew about it. They could’ve stopped the dozens of sites I was breaking into.”
In court documents filed before his sentencing last month, federal prosecutors painted their informant as a casual observer who “asked seemingly innocuous questions designed to elicit information” that would assist agents in their cases against hackers, and that Monsegur’s interaction was at all times “at the direction of law enforcement.”
Absent from the government’s account was the fact that Monsegur — often at the direction of his government handlers — masterminded and ordered cyberattacks in order to entrap high-profile targets, Hammond among them.
Many of those arrested because of Monsegur’s cooperation were handed prison sentences that lasted nearly two years. Despite the government’s claim that he caused several millions of dollars worth of damage before his arrest three years ago, Monsegur was rewarded for his “extraordinary cooperation” with one-year probation and credit for time served. Other criminal charges related to drugs, theft and credit card fraud were subsequently dismissed.
Matthew Keys is a contributing journalist for TheBlot Magazine.