The Largest-Scale FBI Sting Ever: A Retrospective

tumblr m0ig6sudpW1qevjdoo1 400 The Largest Scale FBI Sting Ever: A Retrospective

A Match Made Near the National Archives

WASHINGTON – The saga of former LulzSec hacker Hector Monsegur, also known as “Sabu,” is long and receiving widespread attention in the blogosphere. Civilian security authorities at Backtrace Security claim that they had so accurately fingered the LulzSec group in March of 2011, that the FBI requested that they mute and extract from the World Wide Web a list of likely culprits in the hacking spree, which haunted entities corporate and governmental alike.

In their interest of salvaging their own countercutural credentials, justifiable or not, the story of Mr. Monsegur has left aspiring members of hacker group of Anonymous to backpedal and equivocate. For 10 months, the Federal Bureau of Investigation used Mr. Monsegur’s connections within the hacker world and substantial public podium to carry out an elaborate public sting and psychological operation, one on a scale unprecedented in agency history.

Professional hackers who, in a relatively low-key fashion, had publicly fingered Mr. Monsegur, would account to the Internet Chronicle their conviction that the FBI’s sting operation was neither entrapment nor incitement to illegal action. Jennifer Emick, a representative of Backtrace Security said, “The issue is not whether or not he talked about it because all of them incite [illegal behavior,]” adding, “Saying, ‘wow, man, that’s a great hack; tell me all about it:’ It’s not incitement.”

Backtrace would deduce Mr. Monsegur’s identity using an advertisement for a car sale referenced by one of the links the hacker provided in an IRC venue. From the link to the sale of the sedan, Backtrace would discover a Facebook page, which revealed for the first known time, “Sabu’s” real identity. Mr. Monsegur’s Twitter account, briefly hidden after the disclosure of suspect cooperation – both its modes of free operation and ulterior motivation – has become the subject of wide speculation.

The Real Sabu @anonymouSabu
@WalkingstickMtn I speak opinion. I dont do propaganda. I have no agenda other than giving oppressed peoples a voice. Potty mouth? grow up.

In the days just before the FBI announced Mr. Monsegur’s informant status, the unemployed New York man’s tweets began to border on the ironic – and, one could speculate, even the intentionally hinting – to his more than 44,000 followers. Mr. Monsegur translated, and then retweeted, a Portuguese communique from AnonymousIRC Brasil (@AnonIRC), even as the information he had been giving was likely resulting in the arrests of his fellow Anonymous hackers, the 4chan-birthed outlaws who have for years perpetrated denial-of-service attacks against their ideological foes – notably, recently, the FBI in its undermining of the long-time copyright infingers, Megaupload.

The Real Sabu @anonymouSabu
Hackers of the world: Interpol has declared war on hackers. Organizing arrests in South America and Europe. Time to strike back. Infiltrate.

One of the biggest tells that Mr. Monsegur was an informant came January 9th 2011, when “Sabu” retweeted a call for finances from TeaMp0isoN (Team Poison), who had in fact made repeated attempts to out Mr. Monsegur. There was no apparent reason why a hacker would help fundraise for a group that had been so dedicated to his undoing.

n0threat @NotaThreat2u
RT! Plz help @phantom4life of #TeaMp0isoN. If you ever supported #TeaMp0isoN & the work they do plz help – wepay.com/donations/bail…
Retweeted by The Real Sabu

Ms. Emick speculated upon Mr. Monsegur’s respective amnesia or forgiveness. She said, “When [TeaMp0isoN] stopped getting attention for going after Sabu, they joined Anonymous,” adding, “Skids’ [script kiddies] want attention, right?”

In order to appeal to the Internet activist community, the FBI promulgated anti-Israeli and anti-copyright viewpoints, as evidenced by these retweets.

Chris Ho @Vangelus
The paraphrasing of “Megaupload was shut down by the FBI due to an estimation by the MPAA” is tremendously unsettling. Keyword: estimation
Retweeted by The Real Sabu

Freiheitskämpfer @ripNSA
There is a joke in the intel community that NSA means Never Say Anything. To us it is: No Secrets Anymore. #antisec #fuckfbi #fuckisrael
Retweeted by The Real Sabu

Sabu claimed to be a post-colonialist, even after his co-opting by the FBI, making Said-esque points sympathetic to the indigenous populations of the Americas and greater Israel/Palestine prior to 1948.

On March 9, The New York Times would account: “On Twitter, both before and after [Mr. Monsegur] was helping the authorities catch his compatriots, he was prone to grand declarations: ‘Give us liberty or give us death — and there’s billions of us around the world. You can’t stop us. Because without us you won’t exist.’”

In 2010, Mr. Monsegur said (in what New Scientist falsely advertises as the first-ever interview with a key LulzSec member) he was drawn to Anonymous, what he said was a leaderless, anti-authoritarian movement that has taken up a variety of political causes. His catalyst, he said, was his outrage over the arrest of Julian Assange, founder of WikiLeaks, the famous whistle-blower website.

Within the broader Anonyous movement, Mr. Monsegur for a time became a leader of Anonymous splinter group Lulz Security, or LulzSec, which claimed to attack computer security companies for laughs, or “lulz,” rather than for financial gain. Describing himself, he said in the New Scientist interview, “I’m not some cape-wearing hero, nor am I some supervillain trying to bring down the good guys. I’m just doing what I know how to do, and that is counter abuse.”

At an August 5th, 2011 court hearing, we would learn later, Assistant U.S. Attorney James Pastore told U.S. District Judge Loretta Preska, “The defendant has literally worked around the clock with federal agents. He has been staying up sometimes all night engaging in conversations with co-conspirators that are helping the government to build cases against those co-conspirators,”

“As far as I know, he tried to run off.” said Ms. Emick. “When he gets to court, I think you’ll see that he’s not going to be offered any protections. And I think that the real reason they were alluding to in the phone call, you know, with [the United Kingdom's Scotland Yard law enforcement agency], “I think they were putting off those hearings so that they could hear the revelation about Sabu and what Sabu’s been up to before.”

Added Emick, “[Jake Davis, also known by the handle 'Topiary' is]17 years old and vulnerable and whatever. And you know, he’s really loyal because he’s a kid, and you know, kids are idealistic.” This naivete, said Emick, made him particularly vulnerable to trusting Mr. Monsegur too much.

Both Backtrace Security’s Emick and “Hubris,” who spoke under the condition of anonymity, said Sabu tended to retweet more than directly tweet after his arrest. “It used to be [LulzSec] were kind of insular and they retweeted each other,” said “Hubris.”

Backtrace Security, who say they specialize in social engineering and psychological operations, said, “When we were starting out, we had a very specific plan. And we had some cohorts who, you know, like – I don’t know – emo’ed out and didn’t fulfill their end, which would have been funny. But the idea
was to cause them to panic.”

In response to Backtrace’s provocations, which attracted FBI scrutiny, Ms. Emick said “[LulzSec hacker] Ryan [Cleary], you know, leveled the place,” exposing his compatriots. “You know,” she said, it would have been a perfect time to pop up with a replacement, and they all would have hopped on as long as they got to keep their ops [operations] because that was all they ever cared about, which is stupid privilege and status.”

Asked about any irony of Sabu’s tweet talking about people being taken down because they’re trying to be leaders in Anonymous, Ms. Emick said, “I think Sabu still really thought he could be both characters: you know, that he could be the good law enforcement guy and, you know, the leader of the hacker revolution.”

Backtrace had sockpuppets, they said, fake personalities operated and orchestrated by the former 4chan enthusiasts, “that would come to me and tell [them] stuff like, you know, ‘Oh, leave Sabu alone. He’s secretly an operator with the CIA.’ He puppeted all over trying to get everybody to – he’s got a really
big ego, and I think that’s all that really mattered. He just wanted to be hot stuff.”

In a phone interview with the Soviet Internet Chronicle, Ms. Emick would repeatedly characterize arrogance as having been LulzSec’s Achilles’ heel.

When asked about the manner in which Sabu was caught, Backtrace Security could not make heads or tails of the claims that Sabu was caught by the FBI because he forgot to turn on Tor when he entered an IRC client. “Hubris” said he suspects that such reports are misinformation, adding, “we would have seen [Mr. Monsegur's IP address had he logged on without Tor.]” However, Sabu, they concede, made other types of mistakes. The Backtrace team says one of their members, “Le Researcheur,” spotted an IP [address] that leaked once where he “was bouncing out of somebody else’s house.”

The U.S. Attorneys Office, in releasing the details of Mr. Monsegur’s bond hearing, revealed that at least some of the twitterers with whom Monsegur was corresponding were indeed suspects themselves. And despite an ongoing investigation, Backtrace said that a lot of the suspects are apparent because “they’re gone [from Twitter].” Ms. Emick said the Twitter users that are “weird” are the ones that are still exclaiming, in her own paraphrase, “’No, hey, guys. It’s all good. I knew all this time that he was bad, yeah.”

Those claims to prior knowledge, hinted Ms. Emick, are the really possible indicators of further, as-yet-to-be-disclosed undercover law enforcement involvement.

3 comments to The Largest-Scale FBI Sting Ever: A Retrospective

  • [...] be a three-day mission of online sockpuppeteering. I was somewhat inspired by the FBI’s long campaign of using the Twitter account of hacker Hector Monsegur, or “Sabu” of LulzSec. Surely, some of [...]

  • [...] be a three-day mission of online sockpuppeteering. I was somewhat inspired by the FBI’s long campaign of using the Twitter account of hacker Hector Monsegur, or “Sabu” of LulzSec. Surely, [...]

  • anon9001

    oh come on, this is ridiculous what actually happened is the same old story sabu wanted to change the world with his team of hackers then the fbi got hold of him threatened him (with the truth that he would be locked up by the system he wanted to bring down and never see his kids again) and they forced him to work for them. but at heart he was still a real loyal hacker for the people he didnt like being forced to work for them as none of us would. The system is evil handing out ridiculous sentences for games with computers – they need to get a grip on whats right, they didnt rape or murder anyone or blow little kids legs off like the real armies of the world do…