FBI informant 'Sabu' leads cyber attacks against Turkish government

The US government is being questioned over its involvement in several cyber-attacks against the Turkish government, which were reportedly carried out by hacker turned FBI informant Hector Xavier Monsegur.

FBI informant 'Sabu' leads cyber attacks against Turkish government
FBI informant 'Sabu' leads cyber attacks against Turkish government

Monsegur - known online as 'Sabu' - is the infamous co-founder of the LulzSec hactivisim group and has been working with the FBI to take-down key figures of the Anonymous group since his arrest in June 2011, in order to avoid a likely 20-year prison sentence for cyber-crimes.

Monsegur's work so far has resulted in the arrest of eight ‘key' hackers and the prevention of approximately 300 cyber-attacks, and saw him freed from prison with a “time served” sentence of seven months (from back in 2012) and a one-year supervision order.

On his acquittal in May, technology magazine Wired reported that Monsegur provided “crucial, detailed information regarding computer intrusions committed by (hacking) groups, including how the attacks occurred, which members were involved, and how the computer systems were exploited once breached”.

This “contributed directly to the identification, prosecution and conviction of eight of his major co-conspirators,” including fellow LulzSec members based in the UK: Ryan Ackroyd, aka “Kayla” of Doncaster; Jake Davis, aka “Topiary” of London; and Mustafa Al-Bassam, aka “T-Flow.”

But now new information has emerged that “Sabu” was the ringleader of cyber-attacks against the Turkish government, while he was incarcerated in the US, in a bid to snare some of the FBI's most-wanted hackers.

Citing ‘sealed court documents' withheld from public view by order of a New York judge, The Daily Dot newswire reports that Monsegur was the ringleader behind the attacks, which saw him orchestrate an alliance between his own group ‘AntiSec' and the politically-motivated Turkish ‘Red Hack'. He recruited Jeremy Hammond – who was on FBI's cyber-crime most-wanted list – and later asked him to “pop off” several foreign government websites from a list provided.

Hammond was told that access to any hacked Turkish websites would be provided to RedHack, and after he obtained access to more than 10 government servers; Hammond, Sabu and ‘Redstar' - a prominent member of RedHack – discussed what to do next in an encrypted chat discussion.

Monsegur told 'RedStar': "We rooted these for you. Get into the boxes and do what you do."

US role called into question

However, the court documents call into question the US government's role especially as they show that stolen data (including confidential documents from various governments) was stored on a server under FBI control. The FBI insists that it acted within the law.

“Why was our government, which presumably controlled Mr Monsegur during this period, using Jeremy Hammond to collect information regarding the vulnerabilities of foreign government websites and in some cases, disabling them,” asked Hammond's defence at his court trial. He has since been given a ten-year sentence.

According to The New York Times, Monsegur has also worked with the FBI on cyber-attacks against governmental websites in Brazil, Iran, Iraq, Pakistan and Syria, and this has led to suggestions that the FBI – or some other agency working with the former LulzSec co-founder – is using hackers to gather foreign intelligence.

In an email exchange with SCMagazineUK.com, 451 Group researcher analyst Javvad Malik said that there is a degree of inevitability that countries engage in cyber surveillance.

“Should it be lawful for any government to circumvent laws to hack into foreign states? I don't think so, but everyone seems to be doing it. I don't think any laws will stop any government in engaging this activity so the onus is really on the defence side. 

As for the true purpose of the exercise, who knows? Why was Stuxnet created? Why does ‘APT1' steal intellectual property from corporations, what difference is there between hackers and what the NSA does? It's all very political.”

David Lacey, a former CISO and current futurologist at IOActive, added that these tactics are “risky”, not least because you're not sure who to trust in these circumstances.

“Shadowy techniques such as entrapment, blackmail and secret agents are high risk tactics for law enforcement,” Lacey told SC.

“You can't trust anyone to be loyal in such circumstances. Dirty tricks can easily lead to dodgy behaviour. Albert Gonzalez was a classic example of that. He was hacking TJ Maxx while working for the US Secret Service. It would be nice to think we can fight the bad guys without resorting to underhand tactics.”