5/25/2014 Hacker Helped Disrupt 300 Web Attacks, Prosecutors Say - NYTimes.

com
http://www.nytimes.com/2014/05/25/nyregion/hacker-helped-disrupt-attacks-prosecutors-say.html?ref=technology 1/5
http://nyti.ms/1mkHJYX
N.Y. / REGION | NYT NOW
Hacker Helped Disrupt 300 Web Attacks,
Prosecutors Say
By BENJAMIN WEISER and MARK MAZZETTI MAY 24, 2014
A prominent hacker set to be sentenced in federal court this week for
breaking into numerous computer systems worldwide has provided a trove
of information to the authorities, allowing them to disrupt at least 300
cyberattacks on targets that included the United States military, Congress,
the federal courts, NASA and private companies, according to a newly filed
government court document.
The hacker, Hector Xavier Monsegur, also helped the authorities
dismantle a particularly aggressive cell of the hacking collective
Anonymous, leading to the arrest of eight of its members in Europe and
the United States, including Jeremy Hammond, who the Federal Bureau
of Investigation said was its top cybercriminal target, the document said.
Mr. Hammond is serving a 10-year prison term.
The court document was prepared by prosecutors who are asking a
judge, Loretta A. Preska, for leniency for Mr. Monsegur because of his
extraordinary cooperation. He is set to be sentenced on Tuesday in
Federal District Court in Manhattan on hacking conspiracy and other
charges that could result in a long prison term.
It has been known since 2012 that Mr. Monsegur, who was arrested in
2011, was acting as a government mole in the shadowy world of computer
hacking, but the memorandum submitted to Judge Preska late on Friday
reveals for the first time the extent of his assistance and what the
5/25/2014 Hacker Helped Disrupt 300 Web Attacks, Prosecutors Say - NYTimes.com
http://www.nytimes.com/2014/05/25/nyregion/hacker-helped-disrupt-attacks-prosecutors-say.html?ref=technology 2/5
government perceives of its value. It also offers the governments first
explanation of Mr. Monsegurs involvement in a series of coordinated
attacks on foreign websites in early 2012, though his precise role is in
dispute.
The whereabouts of Mr. Monsegur have been shrouded in mystery.
Since his cooperation with the authorities became known, he has been
vilified online by supporters of Anonymous, of which he was a member.
The memo, meanwhile, said the government became so concerned about
his safety that it relocated him and some members of his family.
Monsegur repeatedly was approached on the street and threatened or
menaced about his cooperation once it became publicly known, said the
memo, which was filed by the office of Preet Bharara, the United States
attorney in Manhattan.
Born in 1983, Mr. Monsegur moved to the Jacob Riis housing project
on the Lower East Side of Manhattan at a young age, where he lived with
his grandmother after his father and aunt were arrested for selling heroin.
He became involved with hacking groups in the late 1990s, drawn, he has
indicated, to the groups anti-government philosophies.
Mr. Monsegurs role emerged in March 2012 when the authorities
announced charges against Mr. Hammond and others. A few months later,
Mr. Monsegurs bail was revoked after he made unauthorized online
postings, the document said without elaboration. He was jailed for about
seven months, then released on bail in December 2012, and has made no
further postings, it said.
The memo said that when Mr. Monsegur (who used the Internet alias
Sabu) was first approached by F.B.I. agents in June 2011 and questioned
about his online activities, he admitted to criminal conduct and
immediately agreed to cooperate with law enforcement.
That night, he reviewed his computer files with the agents, and
throughout the summer, he daily provided, in real time, information that
allowed the government to disrupt attacks and identify vulnerabilities in
significant computer systems, the memo said.
5/25/2014 Hacker Helped Disrupt 300 Web Attacks, Prosecutors Say - NYTimes.com
http://www.nytimes.com/2014/05/25/nyregion/hacker-helped-disrupt-attacks-prosecutors-say.html?ref=technology 3/5
Working sometimes literally around the clock, it added, at the
direction of law enforcement, Monsegur engaged his co-conspirators in
online chats that were critical to confirming their identities and
whereabouts.
His primary assistance was his cooperation against Anonymous and
its splinter groups Internet Feds and LulzSec.
He provided detailed historical information about the activities of
Anonymous, contributing greatly to law enforcements understanding of
how Anonymous operates, the memo said.
Neither Mr. Bhararas office nor a lawyer for Mr. Monsegur would
comment about the memo.
Mr. Monsegur provided an extraordinary window on the activities of
LulzSec, which he and five other members of Anonymous had created. The
memo describes LulzSec as a tightly knit group of hackers who worked
as a team with complementary, specialized skills that enabled them to
gain unauthorized access to computer systems, damage and exploit those
systems, and publicize their hacking activities.
The memo said that LulzSec had developed an action plan to destroy
evidence and disband if the group determined that any of its members had
been arrested, or were out of touch, and it credits Mr. Monsegur for
agreeing so quickly to cooperate after being confronted by the bureau.
Had he delayed his decision and remained offline for an extended period,
the document said, it is likely that much of the evidence regarding
LulzSecs activities would have been destroyed.
After his arrest, Mr. Monsegur provided information that helped
repair a hack of PBSs website in which he had been a direct participant,
and helped patch a vulnerability in the Senates website. He also provided
information about vulnerabilities in critical infrastructure, including at a
water utility for an American city, and a foreign energy company, the
document said.
The coordinated attacks on foreign government websites in 2012
exploited a vulnerability in a popular web hosting software. The targets
5/25/2014 Hacker Helped Disrupt 300 Web Attacks, Prosecutors Say - NYTimes.com
http://www.nytimes.com/2014/05/25/nyregion/hacker-helped-disrupt-attacks-prosecutors-say.html?ref=technology 4/5
included Iran, Pakistan, Turkey and Brazil, according to court documents
in Mr. Hammonds case. The memo said that at law enforcement
direction, Mr. Monsegur tried to obtain details about the software
vulnerability but was unsuccessful.
At the same time, Monsegur was able to learn of many hacks,
including hacks of foreign government computer servers, committed by
these targets and other hackers, enabling the government to notify the
victims, wherever feasible, the memo said.
The memo does not specify which of the foreign governments the
United States alerted about the vulnerabilities.
But according to a recent prison interview with Mr. Hammond as well
as logs of Internet chats between him and Mr. Monsegur, which were
submitted to the court in Mr. Hammonds case, Mr. Monsegur seemed to
have played a more active role in directing some of the attacks. In the chat
logs, Mr. Monsegur directed Mr. Hammond to hack numerous foreign
websites, and closely monitored whether Mr. Hammond had success in
gaining access to the sites.
Sarah Kunstler, a lawyer for Mr. Hammond, said on Saturday: The
governments characterization of Sabus role is false. Far from protecting
foreign governments, Sabu identified targets and actively facilitated the
hacks of their computer systems.
At his sentencing in November, Mr. Hammond was prohibited by
Judge Preska from naming the foreign governments that Mr. Monsegur
had asked him to hack. But, according to an uncensored version of a court
statement by Mr. Hammond that appeared online that day, the target list
included more than 2,000 Internet domains in numerous countries.
Mr. Hammonds sentencing statement also said that Mr. Monsegur
encouraged other hackers to give him data from Syrian government
websites, including those of banks and ministries associated with the
leadership of President Bashar al-Assad.
Benjamin Weiser reported from New York and Mark Mazzetti from Washington.
5/25/2014 Hacker Helped Disrupt 300 Web Attacks, Prosecutors Say - NYTimes.com
http://www.nytimes.com/2014/05/25/nyregion/hacker-helped-disrupt-attacks-prosecutors-say.html?ref=technology 5/5
A version of this article appears in print on May 25, 2014, on page A1 of the New York edition with
the headline: Hacker Helped Disrupt Attacks, Prosecutors Say.
2014 The New York Times Company