HACKER HELPED DISRUPT 300 WEB ATTACKS, PROSECUTORS SAY

Original Story:  NYTimes.com

A prominent hacker set to be sentenced in federal court this week for breaking into numerous computer systems worldwide has provided a trove of information to the authorities, allowing them to disrupt at least 300 cyberattacks on targets that included the United States military, Congress, the federal courts, NASA and private companies, according to a newly filed government court document.

The hacker, Hector Xavier Monsegur, also helped the authorities dismantle a particularly aggressive cell of the hacking collective Anonymous, leading to the arrest of eight of its members in Europe and the United States, including Jeremy Hammond, who the Federal Bureau of Investigation said was its top “cybercriminal target,” the document said. Mr. Hammond is serving a 10-year prison term.

The court document was prepared by prosecutors who are asking a judge, Loretta A. Preska, for leniency for Mr. Monsegur because of his “extraordinary cooperation.” He is set to be sentenced on Tuesday in Federal District Court in Manhattan on hacking conspiracy and other charges that could result in a long prison term.

It has been known since 2012 that Mr. Monsegur, who was arrested in 2011, was acting as a government mole in the shadowy world of computer hacking, but the memorandum submitted to Judge Preska late on Friday reveals for the first time the extent of his assistance and what the government perceives of its value. It also offers the government’s first explanation of Mr. Monsegur’s involvement in a series of coordinated attacks on foreign websites in early 2012, though his precise role is in dispute.

The whereabouts of Mr. Monsegur have been shrouded in mystery. Since his cooperation with the authorities became known, he has been vilified online by supporters of Anonymous, of which he was a member. The memo, meanwhile, said the government became so concerned about his safety that it relocated him and some members of his family.

“Monsegur repeatedly was approached on the street and threatened or menaced about his cooperation once it became publicly known,” said the memo, which was filed by the office of Preet Bharara, the United States attorney in Manhattan.

Born in 1983, Mr. Monsegur moved to the Jacob Riis housing project on the Lower East Side of Manhattan at a young age, where he lived with his grandmother after his father and aunt were arrested for selling heroin. He became involved with hacking groups in the late 1990s, drawn, he has indicated, to the groups’ anti-government philosophies.

Mr. Monsegur’s role emerged in March 2012 when the authorities announced charges against Mr. Hammond and others. A few months later, Mr. Monsegur’s bail was revoked after he made “unauthorized online postings,” the document said without elaboration. He was jailed for about seven months, then released on bail in December 2012, and has made no further postings, it said.



The memo said that when Mr. Monsegur (who used the Internet alias Sabu) was first approached by F.B.I. agents in June 2011 and questioned about his online activities, he admitted to criminal conduct and immediately agreed to cooperate with law enforcement.

That night, he reviewed his computer files with the agents, and throughout the summer, he daily “provided, in real time, information” that allowed the government to disrupt attacks and identify “vulnerabilities in significant computer systems,” the memo said.

“Working sometimes literally around the clock,” it added, “at the direction of law enforcement, Monsegur engaged his co-conspirators in online chats that were critical to confirming their identities and whereabouts.”

His primary assistance was his cooperation against Anonymous and its splinter groups Internet Feds and LulzSec.

“He provided detailed historical information about the activities of Anonymous, contributing greatly to law enforcement’s understanding of how Anonymous operates,” the memo said.

Neither Mr. Bharara’s office nor a lawyer for Mr. Monsegur would comment about the memo.

Mr. Monsegur provided an extraordinary window on the activities of LulzSec, which he and five other members of Anonymous had created. The memo describes LulzSec as a “tightly knit group of hackers” who worked as a team with “complementary, specialized skills that enabled them to gain unauthorized access to computer systems, damage and exploit those systems, and publicize their hacking activities.”

The memo said that LulzSec had developed an “action plan to destroy evidence and disband if the group determined that any of its members had been arrested, or were out of touch,” and it credits Mr. Monsegur for agreeing so quickly to cooperate after being confronted by the bureau. Had he delayed his decision and remained offline for an extended period, the document said, “it is likely that much of the evidence regarding LulzSec’s activities would have been destroyed.”

After his arrest, Mr. Monsegur provided information that helped repair a hack of PBS’s website in which he had been a “direct participant,” and helped patch a vulnerability in the Senate’s website. He also provided information about “vulnerabilities in critical infrastructure, including at a water utility for an American city, and a foreign energy company,” the document said.

The coordinated attacks on foreign government websites in 2012 exploited a vulnerability in a popular web hosting software. The targets included Iran, Pakistan, Turkey and Brazil, according to court documents in Mr. Hammond’s case. The memo said that “at law enforcement direction,” Mr. Monsegur tried to obtain details about the software vulnerability but was unsuccessful.

“At the same time, Monsegur was able to learn of many hacks, including hacks of foreign government computer servers, committed by these targets and other hackers, enabling the government to notify the victims, wherever feasible,” the memo said.

The memo does not specify which of the foreign governments the United States alerted about the vulnerabilities.

But according to a recent prison interview with Mr. Hammond as well as logs of Internet chats between him and Mr. Monsegur, which were submitted to the court in Mr. Hammond’s case, Mr. Monsegur seemed to have played a more active role in directing some of the attacks. In the chat logs, Mr. Monsegur directed Mr. Hammond to hack numerous foreign websites, and closely monitored whether Mr. Hammond had success in gaining access to the sites.

Sarah Kunstler, a lawyer for Mr. Hammond, said on Saturday: “The government’s characterization of Sabu’s role is false. Far from protecting foreign governments, Sabu identified targets and actively facilitated the hacks of their computer systems.”

At his sentencing in November, Mr. Hammond was prohibited by Judge Preska from naming the foreign governments that Mr. Monsegur had asked him to hack. But, according to an uncensored version of a court statement by Mr. Hammond that appeared online that day, the target list included more than 2,000 Internet domains in numerous countries.

Mr. Hammond’s sentencing statement also said that Mr. Monsegur encouraged other hackers to give him data from Syrian government websites, including those of banks and ministries associated with the leadership of President Bashar al-Assad.