One simple mistake led to the FBI’s arrest of hacker Hector Xavier Monsegur, who goes by the name Sabu. That mistake also led to the arrest of five other alleged hackers who, according to a grand jury indictment, have ties to high-profile underground groups online: LulzSec, AntiSec and Anonymous.
The indictment filed in a U.S. District Court in New York ties the arrested men to online attacks against Sony, Fox, PBS, the Central Intelligence Agency, Visa, MasterCard and PayPal.
According to the indictment, the men broke into computer networks, deleted data and stole confidential and personal information belonging to more than 860,000 victims, including Stratfor subscribers.
Aside from Monsegur, the five others arrested were: Ryan Ackroyd; Jake Davis; Darren Martyn; Donncha O’Cearrbhail, who allegedly hacked under the handle Palladium; and Jeremy Hammond, who allegedly hacked under the name Anarchaos, the indictment said.
Ackroyd and Davis are residents of Britain; the others are U.S. residents.
The arrests came after Monsegur, 28, mistakenly logged into a chat room without covering his computer’s Internet protocol address, according to a report by Fox News, which first reported the indictment.
With that lapse, FBI investigators had the information needed to identify what computer Monsegur was using and eventually where he lived and who he was, the report said.
The FBI persuaded him to turn on his fellow hackers, threatening jail time that he wanted to avoid because the New Yorker is the guardian of two young children, according to the report. Monsegur pleaded guilty to 12 counts of “computer hacking conspiracies and other crimes,” the FBI said. He’s awaiting sentencing.
The indictment described the men as “elite computer hackers” who defaced websites and launched “malicious cyber assaults.”
Sometimes the motivation for the attacks was simply for “lulz,” Internet slang that could be interpreted as laughs, humor or amusement, the indictment said.
The US Attorney’s office for The State of New York says since at least 2008, Anonymous has been a loose confederation of computer hackers and
others. Monsegur and the other members of Anonymous took responsibility for a number of cyber attacks between December 2010 and June 2011, including denial of service (“DoS”) attacks against the websites of Visa, MasterCard, and PayPal, as retaliation for the refusal of these companies to process donations to Wikileaks, as well as hacks or DoS attacks on foreign government computer systems.
Between December 2010 and May 2011, members of Internet Feds similarly waged a deliberate campaign of online destruction, intimidation, and criminality. Members of Internet Feds engaged in a series of cyber attacks that included breaking into computer systems, stealing confidential information, publicly disclosing stolen confidential information, hijacking victims’email and Twitter accounts, and defacing victims’ Internet websites. Specifically, Ackroyd,
Davis, Martyn, O’Cearrbhail and Monsegur, as members of InternetFeds, conspired to commit computer hacks including: the hack of the website of Fine Gael, a political party in Ireland; the hack of computer systems used by security firms HBGary, Inc. and its affiliate HBGary Federal, LLC, from which Internet Feds stole confidential data pertaining to 80,000 user accounts; and the hack of computer systems used by Fox, from which Internet Feds stole confidential data relating to more than 70,000 potential contestants on Fox’s “X-Factor.”
In May 2011, following the publicity that they had generated as a result of their hacks, including those of Fine Gael and HBGary, Ackroyd, Davis, Martyn, and Monsegur formed and became the principal members of a new hacking group called “Lulz Security” or “LulzSec.” Like Internet Feds, LulzSec undertook a campaign of malicious cyber assaults on the websites and computer systems of various business and governmental entities in the US and throughout the world. Specifically, Ackroyd, Davis, Martyn, and Monsegur, as members of LulzSec, conspired to commit computer hacks including the hacks of computer systems used by the PBS, in retaliation for what LulzSec perceived to be unfavorable news coverage in an episode of “Frontline”; Sony Pictures Entertainment, in which LulzSec stole confidential data concerning about 100,000 users of Sony’s website; and Bethesda Softworks, a video game company based in Maryland, in which LulzSec stole confidential info for some 200,000 users of Bethesda’s website.