
LulzSec brought down by own leader - techinsidr
http://www.foxnews.com/scitech/2012/03/06/hacking-group-lulzsec-swept-up-by-law-enforcement/
======
hack_edu
Funny tht right around the time he was arrested, Lulzsec declared they were
done and sailing off in their Lulzboat. Then they reappeared a few months
later, probably started back up after Sabu went to the narcs. Luckily this was
only after Anonymous put together their new decentralized teams that do the
footwork now. Lulzsec is just a name now, very little work is done by their
namesake anymore.

The writer is a bit confused. Topiary was caught way before this round of
arrests.

Also, there has been a significant belief for months now that the "Real Sabu"
disappeared and was (maybe) arrested, or that he was never an individual but
only a name the group used for PR. Finally, there is significant doubt that
Kayla is a single individual as well.

~~~
gavinlynch
"Luckily this was only after Anonymous put together their new decentralized
teams that do the footwork now."

"Luckily" ?

~~~
hack_edu
Luckily for them and, in my opinion, you and me as well.

Edit: Feel free to downvote, please tell me why my opinion is not a valid
contribution to the discussion.

~~~
troutwine
> Luckily for them and, in my opinion, you and me as well.

Elaborate, please?

~~~
hack_edu
In short, Anonymous targets and humiliates authoritarians and those who
service them. This is at the core of my morality.

Their hacks illustrate the glaring weaknesses of our technology and that the
incompetence in infosec so often spawns from negligence at the highest of
levels in the industry. Despite this, powers that be (nation-states,
militaries, and regional law enforcement) invest nearly nothing in securing
their (public) assets. They demonstrate that organizations like Sony, the
State Department, and the Pentagon can go months without even knowing of full-
root breaches, only to wait yet more months to inform the public.

Luckily, Anonymous does all this for the sake of Teh Lulz (public
humiliation), rather than corporate or state espionage.

~~~
eridius
> Luckily, Anonymous does all this for the sake of Teh Lulz (public
> humiliation), rather than corporate or state espionage.

Or so they say. There seems to be an awful lot of blind trust that Anonymous
(or people claiming to be Anonymous) really do have the goals that they've
stated. If Anonymous, or a splinter group, goes after some random company,
ostensibly to humiliate them, what's to say they're not being paid by the
company's rivals?

~~~
sliverstorm
I tend to agree with you. They have been going up against publicly unpopular
targets, so few have questioned them thus far, but there's no reason that
can't be a ruse.

~~~
eridius
Part of the problem here is the fact that they really are anonymous, so if
Anonymous goes after two different targets on two different days, there's no
way to know that it's actually the same group both times. So even if you could
prove beyond a shadow of a doubt what their goals were for one particular
attack, that would have zero bearing on the motivations and goals behind any
subsequent attack.

------
JonnieCache
I reckon a huge proportion of blackhats in the scene are working for the feds.

Some kid with no record gets thrown in a van by men with guns, and the full
force of police psychological manipulation is brought to bear on them. They
get told they're irrevocably destined for a lifetime of being brutally raped
in the showers.

Is it any surprise that these young men with no experience of foul-play or
maliciousness outside of the virtual world fold and turn informer with such
regularity?

If I were an active blackhat, I wouldn't talk to anyone, ever. I wouldn't even
invent a pseudonym, that's the first step to ending up on fox news.

EDIT: Eric Corley, publisher of 2600, thinks it's one in four:
[http://www.guardian.co.uk/technology/2011/jun/06/us-
hackers-...](http://www.guardian.co.uk/technology/2011/jun/06/us-hackers-fbi-
informer)

~~~
Zarathust
Groups allow information trading. It is basically essential if you want to
cash for your hacking activities, such as carding and 0-day selling. I am not
totally familiar with "the scene", but I'm pretty sure there are plenty of
incentives for hackers to regroup

~~~
epoxyhockey
Grouping to trade 0-days is totally different than grouping to DDOS a website.
I'm pretty sure the former won't end you up in jail, either.

But, I think the OP is right. The only successful (for lack of a better word)
black hat is going to be a loner.

~~~
rdl
Actually, criminal copyright infringement is a $250k fine, 5 year felony, in
the US. Pretty amazing. You are vastly more likely to be prosecuted criminally
if you're part of a group, and especially if you focus on 0-days. Even more
likely if you sell things, charge for advertising on your site, etc.

The DrinkOrDie people got a lot of 3-5 year sentences.
<http://en.wikipedia.org/wiki/Operation_Buccaneer>

~~~
286c8cb04bda
Parent posts are probably talking about 0-day exploits rather than 0-day
warez.

~~~
rdl
Doh, of course.

DMCA still makes some 0-day exploit research not totally safe, either.
<https://www.eff.org/wp/unintended-consequences-under-dmca> I don't know if
anyone has been successfully convicted, but a lot of prosecutions have come
up, and that's enough to deter many people.

------
ebbv
Oh Fox News. Even when reporting on something legitimately interesting and out
of the ordinary, they have to use very un-journalistic phrases like
"...allegedly commanded a loosely organized, international team of __perhaps
thousands of hackers __..."

"Perhaps thousands"? Perhaps millions! Perhaps five. Ugh.

~~~
corford
There's a slightly less breathless and more coherent report here:
[http://www.guardian.co.uk/technology/2012/mar/06/lulzsec-
sab...](http://www.guardian.co.uk/technology/2012/mar/06/lulzsec-sabu-working-
for-us-fbi?newsfeed=true)

~~~
eli
Give credit where its due: Fox News broke this story. The Guardian report
appears to be based solely on the earlier Fox story and public documents.

~~~
nmridul
It has nothing to do with giving credits. I (and I'm sure many others would
also) like to read less tabloid-y and factual reporting anytime and so would
prefer to read the story on Guardian than on Fox.

~~~
eli
But the quotes are literally lifted from the Fox piece. The Guardian does not
add much new reporting, it just lays out the existing facts in a way you find
more agreeable.

~~~
corford
Which is what I thought I made clear when I linked to it i.e. same report,
less hyperbole. Perhaps you would have preferred it if I had used the word
"version" rather than "report"?

------
driverdan
As a former blackhat and ID thief who used to spend a lot of time in
"underground" chatrooms and forums this doesn't surprise me at all. This is a
standard pattern LE follows. Start with small arrests, work your way up, get
someone at the top level to be an informant, take everyone down. Works for any
type of group.

This always works because people are foolish and too trusting. The best rule
is to assume _everyone_ is LE trying to catch you. That means never revealing
info that can lead back to you, never telling anyone personal info, your
general location (eg the weather), always using 7 proxies, etc.

People who don't break the law would probably be surprised how much personal
info crackers give to their online "friends". Less so on fraud forums but it
still happens.

As some other people mentioned read "Kingpin: How One Hacker Took Over the
Billion-Dollar Cybercrime Underground" for more info on how LE works. The FBI
took over a few carding forums and Secret Service also had high level CIs.

~~~
mkramlich
> The best rule is to assume everyone is LE trying to catch you.

This sounds wise. But I'd argue that it's wiser to not be engaging in
activities where you even have to worry about that. If your rule is the best
rule, my rule is even better. :P

~~~
driverdan
Non sequitur. If you don't do something, negative consequences won't happen.
You can say that about _anything_. Don't have sex if you don't want STDs,
don't drive a car if you don't want to get into an accident, don't walk down
the street at night if you don't want to get mugged.

~~~
mkramlich
you missed the point

------
kyledrake
This article claims billions of dollars in damage. If this is what the FBI is
saying, they are wrong. Lulzsec damages don't even approach a million dollars,
most likely. Billions of dollars is how much money it costs to do things like
provide universal health care for a small state. The FBI should investigate
real cases and not treat a bunch of merry pranksters like they're a bunch of
super terrorists.

~~~
trotsky
Costs in hacking cases are mostly measured by time spent investigating &
repairing * fully loaded employee costs. If you have to dump a bunch of
servers and reload everything and audit your backups the costs rise very
quickly.

~~~
_delirium
True, but companies on the receiving end often end up also including the cost
of things that they would need to do even in a responsible-disclosure
scenario. For example, if you discover a major flaw in a company's system that
allows high levels of access, and disclose it to them, they'll typically incur
considerable costs patching it, rolling out the updates, doing a security
audit to make sure it wasn't already quietly discovered earlier by a blackhat
who might've backdoored something, etc.

When they do all those same things upon an actual intrusion, they often
attribute the expenses to the hacker, but imo they're really attributable to
the security flaw, since they'd be incurred even in the whitehat case. I'd
only attribute to the hacker the delta between what blackhat disclosure and
whitehat disclosure would cost.

~~~
trotsky
You're absolutely correct - there are a lot of things that get rolled into
damage cost estimates that aren't legitimate. I was just trying to explain how
it's pretty easy for the actual & legitimate costs to be quite high as well.

------
tlear
We are still in the stage of these groups being very amateurish. It will take
few rounds of purges until really committed+careful+smart organizations
emerge.

~~~
pavel_lishin
How do you know they haven't already? Committed+careful+smart probably
wouldn't issue press releases.

~~~
redthrowaway
Sure they would, they'd just be smarter about it. The point of hacktivism is
publicity. If no one knows what you're doing, you're not being particularly
effective.

~~~
TheCapn
I want to refute your point with the mention of Stuxnet. Please correct me if
I'm wrong but up until now there are no groups that have owned up to the
virus. There's evidence and much speculation to point it towards Israel gov't
but no definitive proof.

A lot of the content that surrounded Stuxnet also hints to further
organizations existing behind the veil. There were at a minimum 3 0-day
exploits present in the virus that would have to have been operated from
behind the scenes. It is extremely unlikely that a single group was able to
create such a virus without external resources.

In the end you don't need to issue press releases and the like. You need to
get in, do your damage and get out. Let the damage reveal itself in time and
its considered massively successful. Those fighting the Iran nuclear program
did more while keeping their mouths shut than any loud group ever has.

~~~
redthrowaway
Stuxnet was cyberwarfare, not hacktivism. The point of Stuxnet was to disable
infrastructure, whereas the point of much of what Anon does is to get
attention. Now, granted, that doesn't require the ego-driven hacks and
braggery that we've seen from them, it simply requires getting in, getting
out, and posting the data anonymously then promoting and publicizing the
_data_ , not the hackers. I suspect you may start to see more of the hacker
cells aligned with anonymous take this approach in the future to minimize the
heat that they feel personally.

~~~
tathagatadg
Great distinction of cyberwarfare and hacktivism ... its unfortunate that both
get shown in the same light while they clearly have different motive behind
them.

------
knowtheory
This is a pretty impressive rollup by the Feds.

Seems like an inverted flipping maneuver. Rather than starting with the small
fish and cutting deals up to the top, they hit the ostensible
mouthpiece/leader and wraps up all of the other folks in the org so that it
doesn't splinter off and create successor orgs.

------
upgrayedd
So these dox were accurate after all?

<http://news.ycombinator.com/item?id=2697398>

~~~
phpnode
accurate for sabu but not the rest it seems

~~~
Indyan
Sabu was doxed repeatedly, and his family was even the subject of a NYTimes
story. [http://th3j35t3r.wordpress.com/2011/11/19/if-i-am-wrong-
ill-...](http://th3j35t3r.wordpress.com/2011/11/19/if-i-am-wrong-ill-say-im-
wrong-heres-my-apology/) <http://ceaxx.wordpress.com/uncovered/>
[http://techie-buzz.com/tech-news/fbi-lulzsec-anonymous-
sabu....](http://techie-buzz.com/tech-news/fbi-lulzsec-anonymous-sabu.html)

------
alecco
From the rt story:

> Monsegur pled guilty to several charges of computer hacking conspiracy, for
> which he could receive a maximum of 124 years behind bars.

That's what a serial killer would get. US law is ridiculously tilt to
corporations.

~~~
freehunter
Note that he hasn't actually been _sentenced_ to 124 years. We're talking
about multiple stacking charges here. You could get multiple charges of
parking too far from the curb and it could add up to thousands of dollars, but
that doesn't mean the parking fine is too much.

More than likely, it'll be reduced to a sane amount when the compile the
charges. 5 years, maybe 10 (maybe more). The actual sentence (minimum
sentences notwithstanding) is almost always up to the judge.

~~~
sliverstorm
Yup, maximum sentences are actually generally there for the protection of the
defendant; they put a ceiling on sentencing. Without them sentencing would be
_entirely_ up to a judge's discretion.

------
codesuela
No surprise here considering that 25% of hackers cooperate with law
enforcement[1]. These people aren't hardened members of violent crime
organisations like Gangs or various mobs and are probably very easy to
"break". On the other side hackers tend to trust each other way to much and
share personal details inside their group which makes infiltration very easy.
Sure you can be behind 7 proxies when you hack something but that doesn't
matter as soon as you start talking to your hacker buddies about your personal
life without using OTR or even bothering to sign into chat services with a
proxy. As soon you start sharing details about how you're in love with a girl
or that you feel depressed or you are about to order pizza at place X it's
pretty much over for you.

These hacker groups are like a clique a social circle of friends but most
"hackers" don't think that their "friends" will rat them out in a second. Most
of them probably have never been interrogated or even any contact with law
enforcement and therefor very easy to intimidate.

[1][http://www.guardian.co.uk/technology/2011/jun/06/us-
hackers-...](http://www.guardian.co.uk/technology/2011/jun/06/us-hackers-fbi-
informer)

------
jcromartie
> the unemployed, 28-year-old father of two allegedly commanded a loosely
> organized, international team of perhaps thousands of hackers

Sounds like he was pretty busy.

~~~
gavinlynch
When you're unemployed all you have is time. I think he only had partial
custody for his kids.

It lets you fit railing against governmental entities and directing
20-somethings--who also don't have full time jobs--seamlessly into your
schedule, all with convenience from your government subsidized housing.

------
calibwam
Working with the FBI for the lulz?

~~~
methoddk
for the lulz indeed.

What a dick, though..

~~~
watty
How can anyone with a tiny bit of intelligence claim that he did any
wrongdoing by helping the FBI?

This does not imply that helping law enforcement is always ethical. In this
case, helping law enforcement take down these criminals is not a "dick move".

~~~
getsat
You seem to be implying that assisting law enforcement is _always_ ethical.
It's not, just like breaking the law is not necessarily unethical.

------
pimentel
Having read Kevin Poulsen's 'Kingpin', one could not expect a different
result.

------
phear
shocker... but like anonymous/lulzsec continuously said, you cant kill an
idea. another group doing it for the lulz perhaps soon or later will come up

~~~
lzh-ng
Of course you can't kill an idea. Wait, what was the idea again?

~~~
davidw
The 21st century equivalent of setting a poop-filled bag on fire on someone's
porch, or something along those lines. But without actually requiring anything
so taxing as getting up from the computer, going outside, and running.

~~~
yabai
The only difference is that instead of people thinking that it is a harmless
prank they will send in homeland security/swat team/etc with loaded weapons.

------
st3fan
"The offshoot of the loose network of hackers, Anonymous, believed to have
caused billions of dollars in damage to governments, international banks and
corporations..."

Wait .. what ... !?

We are talking about those guys with The Love Boat theme right?

------
tokenadult
The Fox News reporting can be supplemented by the official FBI press release
on the arrests:

[http://www.fbi.gov/newyork/press-releases/2012/six-
hackers-i...](http://www.fbi.gov/newyork/press-releases/2012/six-hackers-in-
the-united-states-and-abroad-charged-for-crimes-affecting-over-one-million-
victims)

------
vetler
No honor among hackers?

------
gavinlynch
One question: If the FBI knew of additional hacks that could expose things
such as customer credit card numbers, should they have intervened? Did they
intervene?

~~~
hack_edu
If they were involved an operation to export thousands of guns to Mexican drug
gangs[1], surely killing hundreds in the process, then yes. If they knew, they
probably wouldn't intervene. Even still, few (any?) Lulzsec attacks actually
leaked unencrypted credit card data. Even then, the damage done by exposing
credit cards is pretty negligible anyway.

[1] <http://en.wikipedia.org/wiki/ATF_gunwalking_scandal>

~~~
gavinlynch
Forgive me if this information is not correct, but wasn't their latest attack
of Stratfor exactly such a hack?

I recall that Stratfor kept a lot of customer information in plaintext,
including CC's.

------
ohashi
I wonder what will happen to Sabu after this?

~~~
Karunamon
Probably lots of phone calls, some random unsolicited pizza appearing on his
doorstep, and all kinds of slander on every chan board ever made.

Oh, you mean IRL? Dunno. You'd think they'd have cut him a deal for helping
them out.

~~~
celticninja
They will have cut a deal with him already, however that deal usually means
reduced jail time in an easy prison, he still has to be charged with the
offences. His "good behaviour" is then taken into account by the prosecuting
authorities when sentencing him.

They arrest him and publicise his arrest as psyops, any other hackers out
there see that the #1 from lulzsec was caught and turned therefore who knows
how many lower level hackers have also been turned, thus it increase the
paranoia within hacker circles.

Of course this works 2 ways, first off it scares people off from hacking or
being involved in it and makes them more likelyo to turn tail and rat out
anyone they know who is undertaking nefarious online activity in an effort to
protect themselves. The second response is the one they dont like, these
groups become more security concious, go deeper underground, become less
likely to admit new members, etc. This is counter productinve for the FBi as
it makes it more difficult to catch them later down the line.

~~~
gavinlynch
It's not just the assistance to authorities, but the fact that he brought
actionable intelligence that brought arrests towards others. His getting other
LulzSec members arrested and prosecuted is key to diminishing his own
sentences.

Other hackers have offered help and not proven useful, only to find themselves
up a creek with little to no lightening of their sentences.

------
feralchimp
It will be a while before we have a real sense of how "crippling" this rollup
really was.

------
wladimir
It's strange that it was revealed at all whether he works with the FBI. Is
that normal? Why not keep it secret for somewhat longer to catch even more
hackers? Exposing him as informant could also bring his life in danger.

This makes me doubt the truth of the story a bit.

~~~
dagw
There is propaganda value in revealing it. I'm guessing they're hoping that
members of other groups are going to start asking themselves "if lulzSec was
infiltrated by the FBI without anybody noticing, then how can I be sure that
they haven't infiltrated my group as well". At the end of the day scaring
people into not committing crimes is better for everybody than catching them
after the fact.

~~~
wladimir
Yes, the propaganda angle is clear, and exactly what makes me doubt the story
(especially as this is fox news we're talking about).

------
cygx
So did someone from 4chan actually phone the FBI as threatened last June?

See <http://i.imgur.com/HlHnJ.png> if you don't mind coarse language...

------
mhurron
What an ass.

~~~
watty
You're joking right? Sure, he WAS an ass but at least he did some good by
helping the FBI take down these criminals - enjoy jail.

------
colbyh
Is this the ultimate troll move?

------
mellifluousmind
Well, you can pretty much imagine how it went down. FBI caught up to him with
threats like "eh..you are unemployed, and you still have two kids. You want to
see them in foster care system?" ... well, no surprise there. too many buttons
that FBI can push on this guy

~~~
SoftwareMaven
Vapid speculation based on TV plots doesn't really help the level of discourse
at HN. Given the list of hacks and the outrageous hacking laws in the US, the
default penalty could easily be life in prison. I wouldn't think the Feds
would need to push much harder than that.

~~~
mellifluousmind
Vapid or not, everyone is entitled to their opinions. If you can't accept
that, you are not welcome on HN discussion either. End of story.

Simply stated, if HN is heading towards Reddit-like behavior where comments
must gear towards "singular" minded thinking, that's the also the day I stop
visiting this site.

~~~
kiloaper
I think it's a bit naive to think that's what's been dubbed 'hivemind'
behavior is absent on HN. I think it appears on every site, differing just by
degrees. The threads on the recent GitHub hack were quite telling.

------
werdnanoslen
They defaced a few websites and stole plaintext/unsalted databases, and Fox
makes them sound like terrorists. How surprising.

------
nakkiel
Any idea why they don't mention the nationality of Hector Xavier Monsegur? His
name sounds like Spanish or French but it could be otherwise. In the end, it's
confusing and I can't really get a geographical idea of the Lulzsec thing.

~~~
trotsky
US national - NY.

~~~
corford
Apparently he's Puerto Rican but lives in NY (at least according to:
[http://www.guardian.co.uk/technology/2012/mar/06/lulzsec-
sab...](http://www.guardian.co.uk/technology/2012/mar/06/lulzsec-sabu-working-
for-us-fbi?newsfeed=true)).

------
KarlJakober
Can someone image link so I dont have to go to fox news?

------
tannerburson
So a guy hacks github, he's a hero. A guy hacks a bunch of media
organizations, and he's a villain. I really don't understand the groupthink
these days.

How is one of these okay, and the other not?

~~~
sek
[http://en.wikipedia.org/wiki/Hacker_(computer_security)#Clas...](http://en.wikipedia.org/wiki/Hacker_\(computer_security\)#Classifications)

