LulzSec frontman Sabu was FBI informant, fed Stratfor docs to Wikileaks from an FBI-owned computer


52 Responses to “LulzSec frontman Sabu was FBI informant, fed Stratfor docs to Wikileaks from an FBI-owned computer”

  1. Teller says:

    Reportedly, he used and distributed the credit cards he stole. That’s aggravating.

    • Brainspore says:

      Karma might bite him in the ass yet. He’s got a world full of hackers who now consider him the ultimate traitor and who would probably love to make his life a living hell. It’s going to be a while before he can use a credit card with any confidence.

      • That_Anonymous_Coward says:

         28 unemployed felon… yeah not real high on the list for credit card offers.

      • Funk Daddy says:

        I would guess his cooperation was had via both stick and carrot. 

        2 kids is a lot of leverage, if he gave a damn about them, which he likely did. Even lousy parents and lousy people will love and do anything for their offspring.

        Probably got a job and some financial security waiting if he follows through to convictions.

  2. What do they mean by “amateur hacking group?” What qualifies as a “professional hacking group?”

  3. I guess this proves once again that with informants law enforcement would be SOL when dealing with hackers.

    • xzzy says:

      Which neatly explains why “snitches” are treated so harshly by criminal organizations.  Loose lips sink ships and all that.

    • Hanglyman says:

      Considering he became an informant after he was caught, that doesn’t seem entirely accurate. Unless he was caught because of another, earlier informant, I guess.

      “It was revealed that he had been charged with 12 criminal counts of conspiracy to engage in computer hacking and other crimes last summer, crimes which carry a maximum sentence of 124 years and six months in prison. According to indictments filed in a Manhattan federal court, he secretly pleaded guilty on 15 August last year.”

  4. phisrow says:

    What I will be very interested to see is what, if any, blowback occurs because of displeasure on the part of some of lulzsec’s victims during the period that sabu was an FBI informant…

    There is some, er, ‘uncomfortable’ history involving FBI mob investigations that ended up involving people being murdered while the FBI was sitting and waiting for all the evidence they wanted. Needless to say, the families of the victims weren’t too happy.

    If I were, say, Stratfor, I would be less than happy to learn that I got owned by an FBI mole, with the assistance of FBI hardware, so that the FBI could build the case that they wanted.

    • Jim Saul says:

      Note that there are many competing entities in that domain, and some of those are advocating very specific agendas, or are convenient dupes for those who source their intel.

      When even bit players in those fields get burned, it’s reasonable to wonder if they lost some kind of power game.

  5. So it was the FBI’s plan to give Stratfor emails to Wikileaks?

    • Warren Grant says:

       Thats what I took from this. The FBI is using Sabu (and the others in lulzec) to try to get a record of Assange encouraging or aiding the acquisition of classified documents so that they can then push to extradite him and punish him in the US (probably in a state with the death penalty etc). Its manufacturing evidence in effect. It doesn’t surprise me if this proves to be the case. Hopefully the folks at Wikileaks are canny enough to watch what they say/email/tweet very carefully to avoid any possibility of this.

  6. Dummy00001 says:

    “These groups, which include LulzSec, have cost businesses millions of pounds and exposed the credit card details and passwords of nearly 1 million people.”

    Still, small price to pay for the side effect of increased gov’t transparency. That affects lives of dozens million people.

    P.S. OK, I know how questionable the POV is.

    • L_Mariachi says:

      It’s not all that questionable. The businesses/gov’t entities are at least equally culpable for being irresponsible with the private data entrusted to them.

    • That_Anonymous_Coward says:

      I’d really like to see the millions of pounds detailed and explained.
      I wonder if the math includes things like hiring PR firm to make us not look like complete fools for not spending a couple bucks to encrypt user data.

      I wonder how much they had previously been on the hook for when others had raided the systems quietly.  Of course there are no records of that, because that module was cut from the budget so we could have a pizza party.

      Many of the “hacks” used were not 0-day, and in at least 1 case (Sony) were publicly posted and discussed.  There was clear evidence their system was not secure, but the cost to them was nothing for not doing anything about it.  It would be impossible at this point to figure out how many times the systems were looted, because it always falls on the person who had their CC “compromised” to figure out the archaic system that defaults to your at fault always.

  7. L_Mariachi says:

    Do I understand this correctly: The FBI had this guy do things on their behalf that they’re now indicting other people for participating in?

    Directly facilitating criminal activity is a big step from sitting back and allowing criminal activity to happen in order to gather evidence or go after bigger fish.

    • Dan McGovern says:

      Pretty much.  It’s just like the ‘terrorists’ that have been caught over the past few years.  

    • Henry Pootel says:

      That’s pretty much what an informant does in any criminal situation – pose and participate in illegal activity while reporting the activities.

      • L_Mariachi says:

        Sorry, you replied while I was editing to add the second sentence. Poor form on my part. This is why edit buttons in discussion forums suck.

    • splinterfoot says:

      look at every single “terrorist” bust since 9/11…

  8. Jim Saul says:

    Perhaps one lesson is to assume that secret groups who send out press releases are not likely to remain secret.

    Well, that, and the old cliche that the biggest loudmouth is usually the government plant.

  9. daneyul says:

    Boy is this confusingly written or what?

    “A second document shows that Monsegur – styled this time as CW-1 – provided an FBI-owned computer to facilitate the release of 5m emails taken from US security consultancy Stratfor…”

    “Provided?” I’m assuming he provided “other Lulsec members” with the FBI owned computer.  Is it so hard to say that? 

    “…and which are now being published by WikiLeaks. That suggests the FBI may have had an inside track on discussions between Julian Assange of WikiLeaks, and Anonymous…”

    So, in addition to allowing a (fake?) conference call to be “leaked”, we’re  left to assume the FBI knew about this huge email leak and allowed it to happen (I guess) in order to link WikiLeaks with Anonymous. 

    Wonder what Stratfor’s clients think of this?

  10. Feargus Stewart says:

    That… hurts to hear.  Both for wikileaks and StratFor.  StratFor’s data was prostituted to get at wikileaks I guess.

  11. Just wondering… Isn’t LulzSec small fry? They’re obvious, and they’re mostly pranksters. They’re not very dangerous compared to attackers who would be extremely malicious and subtle (organized crime or another state). What is the FBI doing about THOSE people?

  12. That_Anonymous_Coward says:

    One wonders if somewhere in the FBI someone is laughing, sending an email to someone at NSA telling them to suck it.

    To avoid some “issues” with the Government gathering intelligence themselves, they are often turning to outside contractors who do not have the same restrictions.

    So here you have Stratfor being taken down, exposed as just an expensive rss feed run through Google translate.
    You have someone from “LulzSec” running the show, in order to let them catch the hackers.
    So they take out some “intelligence” competition, bag some high profile “cyberterrorists” and guarentee their budget for the next year.

    If you were a luddite wouldn’t you think this means the FBI should run our CyberCommand Defense network?

  13. Guest says:

    Brzezinski warned that WikiLeaks was being fed doctored leaks a while back.

    The FBI collusion would explain why the StratFor emails weren’t especially interesting, omitting as they did, StratFor’s persistent yearly claims that Iran is 1-2 years from having nukes.

  14. All of this makes me wonder what the FBI is going to do to protect Monsegur now that he’s been outed.

  15. Mike says: is where you can support the victim of the FBI raid.

  16. Guest says:

    I do love how several Anonymous are now telling the SQL injectors (aka script kiddies) to stop boasting online about their activity. How about just not releasing personal data at all, you stupid cyber terrorists? Oh wait, that would require morals and sound judgement and empathy for your fellow human beings! Sorry.

    • That_Anonymous_Coward says:

       While releasing the personal data isn’t very nice consider for a moment… without spilling the contents, the media would ignore it.  The hacked company would claim it was all just faked, to make them look bad.  Other hackers who do this professionally would keep accessing the systems and grabbing data here and there to use, and then someone would say it must be Anon’s using the data.
      The public release of the data means there is a point you can show your CC company that your number got out there through no fault of your own.  (Anyone wonder if Sony got blocked from accepting credit cards for not even being remotely PCI compliant?)
      It was a fun reminder that using your bestest favorite password on every site is bloody well stupid.

      Morals, Sound Judgement, Empathy for other human beings… those are lacking from the people in charge and the people being hacked.  If they cared, or faced any punishment for NOT protecting their customers, maybe they would show some.

      You call them cyber terrorists, I don’t see how that is the correct term.  I mean I guess maybe because corporations are people now they could be terrorizing them for not having any concern for other non-corporate people.  A majority of what they do, when not seen via the filter of Faux News, is cyber protesting.  But dissension and questioning authority now seems to be a crime.

      • So the people whose information was released are just “collateral damage,” so to speak? In what is essentially a piece of performance art?

        • That_Anonymous_Coward says:

          If you want to ignore the damage done previously by those who had been in and out of the systems gathering the information beforehand.  To assume that LulzSec was the first and only group to ever gain access to these systems is laughable.  Sites selling CC#’s don’t populate themselves.

          If you want to ignore that the most basic of protections would have made it nearly impossible for LulzSec to leak anything.

          LulzSec – Evil because they posted my email and password!!!!

          Corporation they got those details from – poor innocent victim, who didn’t give enough of a damn about their customers to even use the crappiest encryption.

          I see more anger at LulzSec than at the companies who failed to do anything.  Personally I was entertained to see all of the official government email addresses registered at that porn site they hacked.

          LulzSec was the messenger, why does everyone hate on the messenger?

        • Rah El says:

          Well, with proper protection maybe it would have been impossible for Lulzsec to get their data. The only difference between Lulzsec and any other hackers is Lulzsec anounces their hacks, while other hackers would just shut up and exploit the CC infos etc. 
          From that point of view, Lulzsec is even the “friendlier” hacking collective because through publicizing their hacks they allow you to take countermeasures.
          It’s okay to be angry at Lulzsec too, if your data they leaked was then exploited. But you should also be angry about those you trusted with your data and which obviously neglected even basic security measures.

          It’s like giving a friend your wallet to look after while you go swimming, and then it gets stolen because your friend went to the tiki bar and left your wallet back at the beach, only tucked under his towel. 

  17. Guest says:

     P.S. Please don’t take my previous comment as an endorsement for so-called cyber crime bills. Those bills are just as bad for leaving personal data vulnerable, except it’s worse because the stupid cyber terrorist perpetrators are getting paid good old tax dollars to mess with your stuff.

Leave a Reply