LulzSec leader's digital trail led rival hackers and possibly FBI to him

Information uncovered about Sabu by rival hackers in the past proved to be fairly accurate

The disclosure Tuesday by U.S. authorities that Sabu, the former leader of prominent hacker group LulzSec, is a 28-year-old man from New York City named Hector Xavier Monsegur, corresponds with much of the information released about him by rival hackers in the past.

Sabu had been secretly arrested by the FBI last year and has since allegedly acted as an informant for the authorities, according to court papers in the case. The whole law enforcement operation resulted in the arrest of five more alleged hackers linked to LulzSec and Anonymous.

Back in June 2011, a few weeks before LulzSec decided to disband, several rival hacker crews like TeaMp0isoN (Team Poison), lone hacktivists like th3j35t3r (The Jester) and other Internet users unhappy with the group's actions, launched a virtual war against its members.

LulzSec's enemies engaged in an activity known in the hacker community as doxing, which consists of gathering personal information about an online user and publishing it online with the goal of exposing his real identity.

One of the first information dumps targeting LulzSec members was done by a group called the A-Team, and while the information later proved largely incomplete and bogus, the details about Sabu in particular appear spot on.

A-Team claimed that Sabu was a Puerto Rican man named Hector Xavier Montsegur who was living in New York. The group said that this information matched archived whois data for prvt.org, a domain name believed to be owned by Sabu, that has since been anonymized.

According to the A-Team, some of the online aliases used by Sabu were 548U, hectic_les and leon, the last of which is mentioned by the authorities in Montsegur's unsealed indictment.

A separate Sabu dox report posted by an anonymous user on Pastebin on June 21 last year, traces Montsegur's alleged online activity to as far back as 2003. It claimed that he was involved in several software and security-related projects over the years under the aliases Xavier Kaotico and Xavier de Leon -- another fake identity mentioned in his indictment.

On August 17, around the time when Montsegur is said to have started working with the FBI as a cooperating witness, another Sabu doxing project was started on a blog. It listed the hacker's known email addresses, including many that contain Sabu, Xavier and Monsegur in their names.

The project concluded that Sabu lives in New York City, is a NY Giants fan and even includes a picture of him grabbed from a MySpace profile.

Information gathered with the help of Google search and other freely available services suggests that the LulzSec leader may have been careless at the beginning of his hacking career and failed to switch to another identity when things started to get more serious.

LulzSec members left electronic fingerprints behind that made their arrest inevitable, said Rob Rachwald, director of security strategy at security firm Imperva. In one incident, a LulzSec member changed his online identity, but left clues about it on a public forum, he said.

There is very much a trail of history on hacker forums, just as there is on Facebook, and if you are loud enough through your actions, like LulzSec was, you will determine law enforcement to search for it, Rachwald said.

The security expert drew a parallel between Sabu's case and that of famous mobster John Gotti, whose similar defiance of law enforcement eventually led to his downfall.

It's somewhat curious that Sabu's accomplices didn't wonder why the hacker never got arrested despite so much information about him being exposed online, even if he did try to deny its accuracy.

It was in June of 2011, at about the same time as Sabu's arrest, that Eric Corley, publisher of quarterly hacker magazine 2600, told The Guardian that, in his opinion, one in four U.S. hackers had been turned into FBI informants. Hackers are susceptible to intimidation because of the harsh penalties involved and their inexperience with the law, he said at the time.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?