Not Lulzing Anymore: Five Hackers Charged in U.S., U.K. and Ireland
Well, it finally happened: The hacking troupe variously known as LulzSec and Anonymous appears to have been beheaded. Fox News is reporting that five people who function as the group’s leaders have been arrested in the U.S., the U.K. and Ireland.
I’m working on getting copies of the criminal complaints, and will add them here when I do, but here’s the rundown: It looks like one of the group’s insiders got caught and probably made some kind of misstep in covering his tracks, and then worked secretly with the government to inform on other members. This is exactly what I said was likely to happen in this case, way back in June.
According to Fox, the one who turned is a New Yorker named Hector Xavier Monsegur, who worked under the handle Sabu. He’s 28 years old and the father of two, and lives on the Lower East Side of Manhattan. This is his Twitter feed. He’s been a cooperating witness since June, which coincides nicely with the moment when the first rumors started to emerge that the FBI had penetrated the group.
Fox says that according to documents that will be unsealed in a New York federal court today, Monsegur pleaded guilty in August to several hacking-related crimes. His cooperation led to charges against five more people in Chicago, the U.K. and Ireland. Among them is Jake Davis, the 18-year-old resident of the Shetland Islands, who went by the handle Topiary, and whom police in the U.K. collared on Aug. 1.
The other four are Ryan Ackroyd, who went under the handle “Kayla.” He’s a Londoner. Two people from Ireland were also charged: Darren Martyn, whose handle was “pwnsauce,” and Donncha O’Cearrbhail, who called himself “palladium.” Jeremy Hammond of Chicago went by the handle “Anarchaos.”
The news makes the following tweet by Monsegur, a.k.a. Sabu, seem sort of ironic. Among his final tweets, before word emerged that he had helped turn in his comrades, were several railing against informants and other “cowards.” Clearly, he was keeping up a brave public face:
Anonymous, the wider hacker group with which LulzSec teamed up last year, was quick to urge its followers to block Sabu’s Twitter account.
Hammond, the one in Chicago, was said to be the one who led the hack against the private intelligence company Stratfor. He was profiled by Chicago Magazine in 2007 and portrayed as something of a digital Robin Hood.
Ackroyd is said to be the one who found the weaknesses in the servers of the U.S. Senate that led to its being attacked in June. Hacking federal computer systems is considered a serious crime in the U.S., but is something that LulzSec said, in the posting to Pastebin at the time, that they carried out “just for kicks.”
Update: So the US Attorney’s Office in New York has issued its press release confirming most of what Fox reported. Here it is.
Six Hackers in the United States and Abroad Charged for Crimes Affecting Over One Million Victims
Four Principal Members of “Anonymous” and “LulzSec” Charged with Computer Hacking and Fifth Member Pleads Guilty; “AntiSec” Member also Charged with Stealing Confidential Information from Approximately 860,000 Clients and Subscribers of Stratfor
U.S. Attorney’s Office March 06, 2012
Five computer hackers in the United States and abroad were charged today, and a sixth pled guilty, for computer hacking and other crimes. The six hackers identified themselves as aligned with the group Anonymous, which is a loose confederation of computer hackers and others, and/or offshoot groups related to Anonymous, including “Internet Feds,” “LulzSec,” and “AntiSec.”
RYAN ACKROYD, a/k/a “kayla,” a/k/a “lol,” a/k/a “lolspoon”; JAKE DAVIS, a/k/a “topiary,” a/k/a “atopiary”; DARREN MARTYN, a/k/a “pwnsauce,” a/k/a “raepsauce,” a/k/a “networkkitten”; and DONNCHA O’CEARRBHAIL, a/k/a “palladium,” who identified themselves as members of Anonymous, Internet Feds, and/or LulzSec, were charged in an indictment unsealed today in Manhattan federal court with computer hacking conspiracy involving the hacks of Fox Broadcasting Company, Sony Pictures Entertainment, and the Public Broadcasting Service (“PBS”). O’CEARRBHAIL is also charged in a separate criminal complaint with intentionally disclosing an unlawfully intercepted wire communication.
HECTOR XAVIER MONSEGUR, a/k/a “Sabu,” a/k/a “Xavier DeLeon,” a/k/a “Leon,” who also identified himself as a member of Anonymous, Internet Feds, and LulzSec, pled guilty on August 15, 2011 in U.S. District Court to a 12-count information charging him with computer hacking conspiracies and other crimes. MONSEGUR’S information and guilty plea were unsealed today. The crimes to which MONSEGUR pled guilty include computer hacking conspiracy charges initially filed in the Southern District of New York. He also pled guilty to the following charges: a substantive hacking charge initially filed by the U.S. Attorney’s Office in the Eastern District of California related to the hacks of HBGary, Inc. and HBGary Federal LLC; a substantive hacking charge initially filed by the U.S. Attorney’s Office in the Central District of California related to the hack of Sony Pictures Entertainment and Fox Broadcasting Company; a substantive hacking charge initially filed by the U.S. Attorney’s Office in the Northern District of Georgia related to the hack of Infragard Members Alliance; and a substantive hacking charge initially filed by the U.S. Attorney’s Office in the Eastern District of Virginia related to the hack of PBS, all of which were transferred to the Southern District of New York, pursuant to Rule 20 of the Federal Rules of Criminal Procedure, in coordination with the Computer Crime and Intellectual Property Section (“CCIPS”) in the Justice Department’s Criminal Division.
Late yesterday, JEREMY HAMMOND, a/k/a “Anarchaos,” a/k/a “sup_g,” a/k/a “burn,” a/k/a “yohoho,” a/k/a “POW,” a/k/a “tylerknowsthis,” a/k/a “crediblethreat,” who identified himself as a member of AntiSec, was arrested in Chicago, Illinois and charged in a criminal complaint with crimes relating to the December 2011 hack of Strategic Forecasting, Inc. (“Stratfor”), a global intelligence firm in Austin, Texas, which may have affected approximately 860,000 victims. In publicizing the Stratfor hack, members of AntiSec reaffirmed their connection to Anonymous and other related groups, including LulzSec. For example, AntiSec members published a document with links to the stolen Stratfor data titled, “Anonymous Lulzxmas rooting you proud” on a file sharing website.
The following allegations are based on the indictment, the information, the complaints, and statements made at MONSEGUR’s guilty plea:
Hacks by Anonymous, Internet Feds, and LulzSec
Since at least 2008, Anonymous has been a loose confederation of computer hackers and others. MONSEGUR and other members of Anonymous took responsibility for a number of cyber attacks between December 2010 and June 2011, including denial of service (“DoS”) attacks against the websites of Visa, MasterCard, and PayPal, as retaliation for the refusal of these companies to process donations to Wikileaks, as well as hacks or DoS attacks on foreign government computer systems.
Between December 2010 and May 2011, members of Internet Feds similarly waged a deliberate campaign of online destruction, intimidation, and criminality. Members of Internet Feds engaged in a series of cyber attacks that included breaking into computer systems, stealing confidential information, publicly disclosing stolen confidential information, hijacking victims’ e-mail and Twitter accounts, and defacing victims’ Internet websites. Specifically, ACKROYD, DAVIS, MARTYN, O’CEARRBHAIL, and MONSEGUR, as members of InternetFeds, conspired to commit computer hacks including: the hack of the website of Fine Gael, a political party in Ireland; the hack of computer systems used by security firms HBGary, Inc. and its affiliate HBGary Federal, LLC, from which Internet Feds stole confidential data pertaining to 80,000 user accounts; and the hack of computer systems used by Fox Broadcasting Company, from which Internet Feds stole confidential data relating to more than 70,000 potential contestants on “X-Factor,” a Fox television show.
In May 2011, following the publicity that they had generated as a result of their hacks, including those of Fine Gael and HBGary, ACKROYD, DAVIS, MARTYN, and MONSEGUR formed and became the principal members of a new hacking group called “Lulz Security” or “LulzSec.” Like Internet Feds, LulzSec undertook a campaign of malicious cyber assaults on the websites and computer systems of various business and governmental entities in the United States and throughout the world. Specifically, ACKROYD, DAVIS, MARTYN, and MONSEGUR, as members of LulzSec, conspired to commit computer hacks including the hacks of computer systems used by the PBS, in retaliation for what LulzSec perceived to be unfavorable news coverage in an episode of the news program “Frontline”; Sony Pictures Entertainment, in which LulzSec stole confidential data concerning approximately 100,000 users of Sony’s website; and Bethesda Softworks, a video game company based in Maryland, in which LulzSec stole confidential information for approximately 200,000 users of Bethesda’s website.
The Stratfor Hack
In December 2011, HAMMOND conspired to hack into computer systems used by Stratfor, a private firm that provides governments and others with independent geopolitical analysis. HAMMOND and his co-conspirators, as members of AntiSec, stole confidential information from those computer systems, including Stratfor employees’ e-mails as well as account information for approximately 860,000 Stratfor subscribers or clients. HAMMOND and his co-conspirators stole credit card information for approximately 60,000 credit card users and used some of the stolen data to make unauthorized charges exceeding $700,000. HAMMOND and his co-conspirators also publicly disclosed some of the confidential information they had stolen.
The Hack of International Law Enforcement
In January 2012, O’CEARRBHAIL hacked into the personal e-mail account of an officer with Ireland’s national police service, the An Garda Siochana (the “Garda”). Because the Garda officer had forwarded work e-mails to a personal account, O’CEARRBHAIL learned information about how to access a conference call that the Garda, the FBI, and other law enforcement agencies were planning to hold on January 17, 2012 regarding international investigations of Anonymous and other hacking groups. O’CEARRBHAIL then accessed and secretly recorded the January 17 international law enforcement conference call, and then disseminated the illegally-obtained recording to others.
MONSEGUR, 28, of New York, New York, pled guilty to three counts of computer hacking conspiracy, five counts of computer hacking, one count of computer hacking in furtherance of fraud, one count of conspiracy to commit access device fraud, one count of conspiracy to commit bank fraud, and one count of aggravated identity theft. He faces a maximum sentence of 124 years and six months in prison.
ACKROYD, 23, of Doncaster, United Kingdom; DAVIS, 29, of Lerwick, Shetland Islands, United Kingdom; and MARTYN, 25, of Galway, Ireland, each are charged with two counts of computer hacking conspiracy. Each conspiracy count carries a maximum sentence of 10 years in prison.
O’CEARRBHAIL, 19, of Birr, Ireland, is charged in the indictment with one count of computer hacking conspiracy, for which he faces 10 years in prison. He is also charged in the complaint with one count of intentionally disclosing an unlawfully intercepted wire communication, for which he faces a maximum sentence of five years in prison.
HAMMOND, 27, of Chicago, Illinois, is charged with one count of computer hacking conspiracy, one count of computer hacking, and one count of conspiracy to commit access device fraud. Each count carries a maximum sentence of 10 years in prison.
DAVIS is separately facing criminal charges in the United Kingdom, which remain pending, and ACKROYD is being interviewed today by the Police Central e-crime Unit in the United Kingdom. O’CEARRBHAIL was arrested today by the Garda.
The case is being prosecuted by the U.S. Attorney’s Office for the Southern District of New York. The investigation was initiated and led by the FBI, and its New York Cyber Crime Task Force, which is a federal, state, and local law enforcement task force combating cybercrime, with assistance from the PCeU; a unit of New Scotland Yard’s Specialist Crime Directorate, SCD6; the Garda; the Criminal Division’s CCIPS; and the U.S. Attorneys’ Offices for the Eastern District of California, the Central District of California, the Northern District of Georgia, and the Eastern District of Virginia; as well as the Criminal Division’s Office of International Affairs.
The charges contained in the indictment and complaints are merely accusations, and the defendants are presumed innocent unless and until proven guilty.
And here’s the initial indictment on Hector Monsegur, initially filed in the US District Court for the Southern District of New York in August of last year. I’m gathering up documents on the other people charged in this and will share it as I get it.