
What the Sabu revelation means for hackers - gerryg
http://www.newstatesman.com/blogs/the-staggers/2012/03/sabu-fbi-hackers-informant
======
fein
An entire article and they didn't mention the most important point: All of the
"hacking" done by Sabu and his cronies were small potatoes.

If you're going to delve into the world of blackhattery, then don't tell
everyone like you're the newage digital messiah. How hard is this to
understand? Who in their right mind would create an online identity to
incriminate themselves?

I'm of the opinion/ belief that those who do actual malicious hacking aren't a
load of egotistical attention whores, hence why it never makes the news.

~~~
aGHz
This. While reading the article, I couldn't help but imagine the legions of
extremely bright Russian, Bulgarian, Romanian, Hungarian, etc hackers, most
likely orders of magnitude more sophisticated than Sabu, looking at the
LulzSec shenanigans with disdain and comparing our western hacking scene with
Hollywood and Entertainment Tonight.

That being said, LulzSec et. al. were more about social activism than about
accomplished hacking. For a mission like that you really need some mainstream
appeal, and for that purpose the newage digital messiah fit the bill.

~~~
methoddk
It fit the bill but at what cost? This fool still walks free for cooperating
and selling out his peers? I can't believe this guy actually has a twitter
account with 30k followers. Since when has hacking become about being in the
public eye? I get the activism of it all, but they went about it horribly from
the beginning.

~~~
Karunamon

      >This fool still walks free for cooperating and selling out his peers?
    

I'm very, very torn on this one. On one hand, I applauded a number of the
Lulzsec hacks, and it's kind of hard not to cheer for someone "sticking it to
the man". On the other hand, Sabu is a very distasteful sort of fellow, and
IIRC Dante had the lowest circle of hell reserved for traitors and
backstabbers.

He isn't walking free, though. If memory serves, he's still going to be a
convicted felon who spent a couple of years in club fed.

------
dsplittgerber
This article consists of a lot of baseless speculations and conjecture.

Under German law e.g. there is a clear difference for an agent provocateur to
directly incite specific felonies ("we have to hack company x by doing y")
compared to just generally staying 'within cover' by proclaiming generic plans
("let's harm bad companies"). I don't know about US law, but so far I have not
seen evidence of him behaving in the former and not the latter way. FBI would
have to have been really stupid to not have instructed him quite specifiy on
this issue, and law enforcement is generally not stupid, especially in high
profile cases. So don't count on entrapment.

Also, who has ever seen evidence that sabu - and by extension the FBI - has
ever actually 'hacked' after being turned? To the contrary, the only logs I
have ever seen (within indictment), indicate (as far as I can remember) that
it was anarchos who did the actual hacking of StratFor. According to the
conversatiom logs between sabu and anarchos I have read it seems as if
anarchos kept other members of Anon/antisec mostly in the dark as to the
details of the operation. On currently publicly available information,
anarchos seeme to have done the actual 'hacking' on his own and only needed
help (ftp'ing data sets for backup) afterwards. Also note that the FBI server
was not the only server the data was transferred to. But providing a server to
save evidence and to generally support (but not incite) a crime fits much
better with the legal framework for agent provocateurs.

Also, one has to remember the general model of how anon operates - it, if by
chance, resembles a need-to-know basis similar to military or intelligence
operations. Do not assume their 'leader' knew exactly what any one 'member'
(of what? Anon is by defintion not a specifiable group, even sub-groups are
constantly changing) was specifically up to at any moment.

It's also not very insightful to blindly trust the FBI assertion that sabu was
caught because he logged onto IRC just once (!) without a proxy. Given that he
was always operating with proxies, bouncers and under TOR, and also given that
he was publicly 'doxed' wrongly beforehand (but also correctly (!) before
being visited by the FBI), why would a single unprotected login lead the FBI
to actually following up on the IP and paying the 'IP address a visit', so to
speak. It's possible, sure, but is it probable? For me, another possibility is
more probable: sabu was a bit too forthcoming with personal, identifiable
information when on IRC and chatting with people he assumed to know. Is it
only a nice coincidence that laurelai, another member of anon, was visited by
the FBI in the months before sabu was turned? Laurelai has admitted to the
visit and even to talking to the FBI for hours, but has maintained to not habe
snitched. Believable? I don't know - but it's at least more probable as to why
they got to sabu. It's also standard operating procedure for the FBI to rely
on several informants to get to the big guys. They very often go forthe - more
reliable - human intel instead of 'internet logs'.

There is a bunch of other stuff which doesn't add up, but probably no one
cares. This is why I don't read newspapers anymore. I can make up baseless
conjecture and end up misinformed all by myself, thank you very much.

~~~
dsplittgerber
One other thing: It can be read on several pastebins that once anon/antisec
had secured access to the StratFor data, sabu unsuccessfully tried to get
Wikileaks to pay for the data. Which didn't happen of course. The incident
also made him seem highly suspect to other members of anon/antisec as that
clearly violated their M.O. Which to me, all seems as if the FBI accidentally
stumbled unto a chance to try to stick severe charges against Wikileaks (which
they have been trying to prosecute for willfully cooperating with the enemy
all along) and blowing it. Still, they will have gained interesting insights
into how submissions to WL work now and perhaps, to everyone's surprise, they
succeeded in getting to Assange somehow.

------
driverdan
The outcome of this will be interesting to see. A CI running a group like this
isn't unheard of, that's not the issue. The issue is how he clearly organized
and promoted crimes. IANAL but based on my experience working on both sides of
the law I can see what he did crossing the line of what LE is allowed to do
and having other cases thrown out because of it.

~~~
InclinedPlane
Indeed. It'll be interesting to find out what ops he organized after becoming
a ci. Any defense lawyer would make a strong case of entrapment for those
situations.

------
trotsky
I think the wikileaks theory has some real merit, it leapt to my mind
immediately when I heard sabu was working as a CI. Around the time of the HB
Gary hack I remember reading somewhere that wikileaks had a no documents
sourced from hacks policy, and this was why anonleaks.ch was set up because
wikileaks wouldn't take the emails. Presumably this would be due to a desire
to avoid criminal exposure, though I'm not sure how that would legally differ
from other sources of leaks. I spent a little time googling for a reference to
this when I read the news about sabu but came up blank, does anyone know about
any (historic) policies like that?

~~~
redthrowaway
Wikileaks' first forays with Anon were in publishing the information pulled
off the Scientology servers way back in the Chanology days. I doubt they had a
"no hacks" policy, or if they did then it was only implemented later.

It'll be interesting to see whether or not the legally and morally ambiguous
nature of the directions given to Sabu by the FBI will in any way prejudice
any evidence they may have gained against Assange.

------
funkah
The interesting thing is going back and looking at the posts (linked in TFA)
of people who knew at the time who he was, and that he got flipped. Those are
the people who actually know what they're doing and probably won't ever get
caught, or at least will be much harder to catch. Those people are probably
fine with Sabu being used as an example of what a "hacker" is.

Here's an interesting one. [https://th3j35t3r.wordpress.com/2011/11/19/if-i-
am-wrong-ill...](https://th3j35t3r.wordpress.com/2011/11/19/if-i-am-wrong-ill-
say-im-wrong-heres-my-apology/)

~~~
redthrowaway
Jester won't get caught because he's pro-government. He attacks Wikileaks, the
AnonOps servers, and a bunch of other people that the FBI doesn't give two
shits about protecting. I suspect if he was of a different disposition, he'd
be no less likely to get v& than anyone else.

