You are using an older browser version. Please use a supported version for the best MSN experience.

How the US government used a hacker turned informant to disrupt 300 web attacks

Canberra Times logo Canberra Times 25/05/2014 Benjamin Weiser and Mark Mazzetti
Hacker Hector Xavier Monsegur helped US authorities. © Provided by Canberra Times Hacker Hector Xavier Monsegur helped US authorities.

A prominent hacker set to be sentenced in US federal court this week for breaking into numerous computer systems worldwide has provided a trove of information to the authorities, allowing them to disrupt at least 300 cyber attacks on targets that included the US military, Congress, the federal courts, NASA and private companies, according to a newly filed government court document.

The hacker, Hector Xavier Monsegur, also helped the authorities dismantle a particularly aggressive cell of the hacking collective Anonymous, leading to the arrest of eight of its members in Europe and the United States, including Jeremy Hammond, who the FBI said was its top "cybercriminal target", the document said. Hammond is serving a 10-year prison term.

The court document was prepared by prosecutors who are asking a judge, Loretta A. Preska, for leniency for Monsegur because of his "extraordinary cooperation". He is set to be sentenced on Tuesday in US District Court on hacking conspiracy and other charges that could result in a long prison term.

It has been known since 2012 that Monsegur, who was arrested in 2011, was acting as a government mole in the shadowy world of computer hacking, but the memorandum submitted to Preska late on Friday in the US reveals for the first time the extent of his assistance and what the government perceives of its value. It also offers the government's first explanation of Monsegur's involvement in a series of coordinated attacks on foreign websites in early 2012, though his precise role is in dispute.

The whereabouts of Monsegur have been shrouded in mystery. Since his cooperation with the authorities became known, he has been vilified online by supporters of Anonymous, of which he was a member. The memo, meanwhile, said that the government became so concerned about his safety that it relocated him and some members of his family. "Monsegur repeatedly was approached on the street and threatened or menaced about his cooperation once it became publicly known," said the memo, which was filed by the office of Preet Bharara, the US attorney in Manhattan.

Born in 1983, Monsegur moved to the Jacob Riis housing project on the Lower East Side of Manhattan at a young age, where he lived with his grandmother after his father and aunt were arrested for selling heroin. He became involved with hacking groups in the late 1990s, drawn, he has indicated, to the groups' anti-government philosophies.

Monsegur's role emerged in March 2012 when the authorities announced charges against Hammond and others. A few months later, Monsegur's bail was revoked after he made "unauthorised online postings", the document said without elaboration. He was jailed for about seven months, then released on bail in December 2012, and has made no further postings, it said.

The memo said that when Monsegur (who used the internet alias Sabu) was first approached by FBI agents in June 2011 and questioned about his online activities, he admitted to criminal conduct and immediately agreed to cooperate with law enforcement.

That night, he reviewed his computer files with the agents, and throughout the US summer, he daily "provided, in real-time, information" that allowed the government to disrupt attacks and identify "vulnerabilities in significant computer systems", the memo said.

"Working sometimes literally around the clock," it added, "at the direction of law enforcement, Monsegur engaged his co-conspirators in online chats that were critical to confirming their identities and whereabouts."

His primary assistance was his cooperation against Anonymous and its splinter groups Internet Feds and LulzSec.

"He provided detailed historical information about the activities of Anonymous, contributing greatly to law enforcement's understanding of how Anonymous operates," the memo said.

Neither Bharara's office nor a lawyer for Monsegur would comment about the memo.

Monsegur provided an extraordinary window on the activities of LulzSec, which he and five other members of Anonymous had created. The memo describes LulzSec as a "tightly knit group of hackers" who worked as a team with "complementary, specialized skills that enabled them to gain unauthorised access to computer systems, damage and exploit those systems, and publicise their hacking activities".

The memo said that LulzSec had developed an "action plan to destroy evidence and disband if the group determined that any of its members had been arrested or were out of touch", and it credits Monsegur for agreeing so quickly to cooperate after being confronted by the bureau. Had he delayed his decision and remained offline for an extended period, the document said, "it is likely that much of the evidence regarding LulzSec's activities would have been destroyed".

After his arrest, Monsegur provided information that helped repair a hack of PBS' website, in which he had been a "direct participant", and helped patch a vulnerability in the Senate's website. He also provided information about "vulnerabilities in critical infrastructure, including at a water utility for an American city, and a foreign energy company", the document said.

The coordinated attacks on foreign government websites in 2012 exploited a vulnerability in a popular web hosting software. The targets included Iran, Pakistan, Turkey and Brazil, according to court documents in Hammond's case.

The memo said that "at law enforcement direction", Monsegur attempted to obtain details about the software vulnerability but was unsuccessful.

"At the same time, Monsegur was able to learn of many hacks, including hacks of foreign government computer servers, committed by these targets and other hackers, enabling the government to notify the victims, wherever feasible," the memo said.

The memo does not specify which of the foreign governments the US alerted about the vulnerabilities.

But according to a recent prison interview with Hammond as well as logs of internet chats between him and Monsegur - which were submitted to the court in Hammond's case - Monsegur seemed to have played a more active role in directing some of the attacks.

In the chat logs, Monsegur directed Hammond to hack numerous foreign websites, and closely monitored whether Hammond had success in gaining access to the sites.

Sarah Kunstler, a lawyer for Hammond, said on Saturday: "The government's characterisation of Sabu's role is false. Far from protecting foreign governments, Sabu identified targets and actively facilitated the hacks of their computer systems."

At his sentencing in November, Hammond was prohibited by Preska, the judge, from naming the foreign governments that Monsegur had asked him to hack. But, according to an uncensored version of a court statement by Hammond that appeared online that day, the target list included more than 2000 internet domains in numerous countries.

Hammond's sentencing statement also said that Monsegur encouraged other hackers to give him data from Syrian government websites, including those of banks and ministries associated with the leadership of President Bashar Assad.

The New York Times

Jeremy Hammond was charged over high-profile cyber attacks. © Provided by Canberra Times Jeremy Hammond was charged over high-profile cyber attacks.

More From Canberra Times

Canberra Times
Canberra Times
image beaconimage beaconimage beacon