Slashdot Mirror
Details Of FBI Surveillance In Lulzsec Takedown Emerge
uigrad_2000 writes "Yesterday, we learned that one of the top members of LulzSec (Sabu) had been an FBI informant for almost 6 months, and that this confidant of the LulzSec leader 'anarchaos' had given the feds what they needed to take him down. More details have come out now, completing a picture of how the sting took place from start to finish. It turns out that even the server space given from Sabu to anarchaos storing the details of 30,000 credit cards (from the Stratfor hack) had been funded by the FBI."
I don't condole the activities of LulzSec, but fuck snitches. As one said by the great Capt Jack Sparrow: "The deepest circle of hell is reserved for betrayers and mutineers." If there was a hell, this asshole belongs there.
Set out code-words you can use to indicate that you're under coercion.
"When information is power, privacy is freedom" - Jah-Wren Ryel
This Hammond person is basically exactly who you'd expect him to be. There will be more. The amount of effort it took to catch him was considerable, and required an inside man. More people will follow this path. This problem cannot be solved this way.
It could be solved if the man had turned out to be duping everybody about his values and beliefs. It could've soured and destroyed his credibility and made it less likely that anybody would trust the motives of anybody else who tried to do things like this. And while I expect a smear campaign, I also expect the smear campaign to be obvious and easily rebutted.
The FBI is fighting an idea, and is under the mistaken impression they can shut it down by finding and arresting people. It won't happen.
Need a Python, C++, Unix, Linux develop
After all that's what he did. Worse still he had actually taken a formal and solemn oath (written and oral) not to reveal the secrets he did.
and fbi funds the guys who distribute cc's?
tell, couldn't they now claim that fbi made them do it? couldn't stratfor (of all yuckies) now sue the feds for letting it happen?
(anyhow, seems like possibly the biggest "damages" are actually from using so many feds on this. seems like ridiculously overboard. it's not like this is the mexican mafia you know. and the log on the article doesn't paint a too bad picture about the intended speculated use for the cc's, to buy server time to distribute the rest of the material).
world was created 5 seconds before this post as it is.
Black collar criminals are every bit as bad as white collar ones and street thugs. Society can quickly fall apart when a minority attempt to take laws and justice into their own hands.
I think the most interesting part of this by far is how the FBI managed to undermine the credibility of Wikileaks by getting them to leak arguably bogus material: Sabu actually used FBI equipment to hack Stratfor while under their employment. So... next time an intelligence leak rolls around, how are we supposed to know it wasn't a three-letter-agency spreading disinformation?
If Bradley Manning had revealed those secrets because someone had bribed him or for some other sort of personal gain, sure.
Though, I do not apply the term 'traitor' to this Sabu fellow. The FBI can bring a lot of pressure to bear and were highly motivated to solve this case. I wouldn't be surprised if his children were obliquely threatened with some sort of negative consequence should he not cooperate. So, just like I would not apply the label 'traitor' to a soldier who cracked under torture, I will not call Sabu a traitor. I do not think highly of him, but a traitor he is not.
Need a Python, C++, Unix, Linux develop
You have to remember the deals the police make are very much a "You help us and get results or all bets are off." So if you agree to turn CI and then tip all your mates off, well they are going to figure it out. Mysteriously everyone disappears after you talk to them and so on. Then you get no deal.
Remember the reason people do this is to get a better deal for themselves. The prosecution says "We've got X evidence on you which can result in Y different charges giving you Z time in prison. However cooperate with us and we'll drop/reduce some charges and you'll spend less time in prison." It is a carrot and stick situation. They offer you a reduced (or sometimes even eliminated, but that's rare) sentence if you help them.
The people who cooperate do so willingly. Some don't, they tell them to fuck off. That was a big thing with the original mob back in the day, the Omerta, the code of silence. When someone got caught they wouldn't say a thing, they'd take the fall. Made the organization hard to break up. However many others do. People are often self interested, and criminals often even more so. So they'll cooperate willingly to get themselves a better deal.
They were working too closely together and trusted each other, rookie mistakes get behind 7 proxies and LURK MOAR
Snowden and Manning are heroes.
TFA: As it turns out, this Sabu guy wasn't the real target of the FBI. They just used him as the linchpin for a long effort to ensnare Hammond, who already has quite the lengthy rap sheet. This implies to me that the FBI was not conducting detective work to bust Lulzsec/Anonymous, but were more interested in hunting down someone who was known to be an effective anti-government actor and finding a way to put him behind bars for a long time. For all the slashdotters who often claim that allowing political dissent is the difference between US and China, well, this is how we silence political dissent in the US. Take out the people who can actually effect change and reform, and allow the masses of the powerless to believe that they are free because they can speak (and nothing more). This government is no better than China's, it's just more tactful/less blatant about achieving its end goal and thereby more insidious. In either country, the average citizen is powerless against the marriage of government and corporation.
It raises a lot of questions about which initiatives of Lulzsec are actually genuinely their work and which as really the work of FBI, carried out by the willing hands of Lulzsec. Maybe FBI wanted to take down Stratfor, but lacking a legitimate way, siced their inside man on it. It will also make for a very obvious defence for anybody arrested - they have a very easy way of claiming that what they did was on orders of Sabu and hence the law enforcement agency themselves now trying to prosecute them.
This is also going to be a big blow to credibility of FBI.
While sympathetic to the fact that Sabu's children may have influenced his decision, he didn't understand how Sabu could have put his family at risk in the first place. "Why would you get involved with something like this if you had kids that relied on you?" he asked. "If I had kids I would get a 'responsible' job/hobby."
It appears that his children and their future were used against him to coerce him into snitching on LulzSec.
... you know ... he's a conflicted man with an internal conflict between morals and money. Sabu could have very much so been in a similar position.
... well ... that doesn't mean the situation is completely black and white.
It appears that Sabu's children were an exploited liability. Would you risk your loved ones for your ideals? Or is your answer still simply and obviously "fuck snitches"?
And since you're quoting imaginary Disney characters, I'll remind you <Scarface spoiler alert> of the scene in Scarface where they're going to blow up a car of a politician's family in order to stop legislation but at the last moment Scarface realizes there are children in the vehicle and instead shoots the bomber in the face? Yeah, Scarface is a traitor at that point but
Please note, this Sabu character appears to be an unsavory character with delusions of grandeur who maybe should have his children taken away from him anyway but
My work here is dung.
Both Sabu and Manning betrayed the highest level of trust. They hurt their running buddies in War. They have no honor.
"Now, those beliefs could land him in serious trouble."
Hammond is not in trouble because of his beliefs. He is free to have beliefs and advocate for change. Instead of building and making, he destroyed and discredited his ideas.
At least now I can go after them. Let me call the FBI to start an investigation... Wait... who are the "good guys" again? Can I really ask the authorities to prosecute themselves? And then the rest of the world wonders why some are drawn to vigilante justice.
If telephones are outlawed, then only outlaws will have telephones.
The FBI can bring a lot of pressure to bear and were highly motivated to solve this case. I wouldn't be surprised if his children were obliquely threatened with some sort of negative consequence should he not cooperate.
That was indeed the case. The threat to his children was not seeing their father when in prison. That's why he agreed to cooperate. [src]
The lesson for us to learn --- never have kids.
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
isn't it potentially entrapment if an fbi informant convinces others to commit cimes? do you really think sabu sat back passively and just joined in on things and never once suggested anything? if he did, wouldn't the others notice a drastic change in behavior?
good luck to the defense lawyers proving this though. it'll be his word against theirs.
Stay alert, TRUST NO ONE, keep your laser handy...
"Convictions are more dangerous enemies of truth than lies."
Are they just stupid? This is why you trust *no one*. They don't need to know your personal details, and if you're going to do something, make sure to remain anonymous (as much as possible).
I may be mistaken, but this seems to me to be a textbook example of entrapment. "Here, have a free server, get some credit card numbers for me"
LulzSec (much like Anonymous) and other Hacktivists have high minded goals about online security and privacy. But their behavior is of the most misguided sort. To bring about change you must win the hearts and minds of the public. LulzSec did neither. They may have entertained, but the generally just ticked a lot of people off and gave hackers everywhere a bad name. Remember, the average voter is not a geek/hacker and does not find LulzSec's work particularly "Lulzy"
~theCzar
Or: If you want to be mean to people, be sure you have the backing of a major government.
I freaking knew this forever alone life choice was gonna come in handy some day!
Humor must not professedly teach and it must not professedly preach, but it must do both if it would live forever. -Mark
This is all part of the game, and probably fake , they are trying to spread havoc among the crackers.
If the FBI are to stand any chance at catching these people in the future they can't rely on manpower.
Seems like an awful lot of work went in to catching Hammond. Watching his traffic - having Sabu watch when his suspected profiles log on/off. Watching what MAC addresses connected to his wireless router, etc.
If there were 100 Hammonds- 100 Lulzsecs- could they catch them all. What if there were 1000? I don't know how many hacker groups they watch at once- most don't advertise themselves like Lulz did. Seems like it required a lot of effort to catch one man- could they afford to do that in 100 or 1000 concurrent investigations.
To stand a chance the FBI needs an F-Bot-I to do the watching/monitoring, etc. Otherwise- as this problem grows- they won't be able to track everyone at once.
It'll be like one cop trying to pull over speeders on the interstate during rush hour. You can catch one or two- but the vast majority will just slide right on through.
"That's the way to do it" - Punch
Particularly the FBI. They'd figure this out. The "convenient" breaking up of a group wouldn't fly.
Also you have to keep in mind the mindset of a CI. So let's say you've been doing something highly illegal the FBI shows up at your place and arrests you. They take you away and sit you in an interview room. You ask for and get a lawyer. They then proceed to lay out the evidence they have against you and the crimes you are guilty of. You can see that their evidence is through, they've got you. You are looking at a LONG time in prison.
Then they have a proposition. You turn states evidence, you work for them and help them bust the people you were working with and they'll reduce your sentence a LOT. You were looking at 60 years, now you are looking at 5 and could be out in 2. The charges are a lot less too, they'll reflect less poorly on you upon release. Your lawyer says "Do it, it is a good deal."
What do you do? Remember getting the deal is predicated on you helping them completely and it getting results. You tip off your buddies and they scat and at best you get back to your original charges and at worst they can stick a new tampering charge on you.
Think about this seriously, don't try and play Internet Toughguy and say "Of course I'd do it! Fuck da' police!" Would you really? Or would you act in your own interests?
Also please remember that this guy was probably in complete shock. Like most of these haxs0r types I'm sure he thought he was invincible and untraceable. So all this crashing down on him scared the hell out of him. I'm sure he was extremely willing to cooperate.
or don't care about anyone so they have no leverage over you!
I'm not anti-social! Just careful!
"Science can amuse and fascinate us all, but it is engineering that changes the world. " - Asimov.
Ok Uncle Sam. If you saw your unit committing crimes (e.g. murdering civilians) you'd play the "honor thy unit" card and not say anything? That sounds more dishonorable and cowardly.
The most dangerous person to society is the person with nothing to lose. The primary mechanism of control is to make sure the individual you want to control has something to lose (a spouse, children, material possessions, reputation, afterlife, etc.) that (they know) you can take away when you want to coerce the individual to behave in a manner of your choosing. Marriage and other social/legal contracts aren't there for you, they are there for your dependents. By dependents I really mean your government/society, your rearing and indoctrination of your children is a given. None of this is, of course, necessarily a bad thing when you consider the alternatives.
(Not the OP.)
Thinking about your children and the impact that your actions have on them is awesome. I fully encourage it. It is, I think, part of the responsibility of parenthood: Your life is no longer just about you, and you need to be cognizant of that fact.
But it's rather late at the government informant stage to throw down the "look how good of a parent I am!" card, isn't it?
Would I risk my loved ones for my ideals? Probably not. But see, I would make that determination before I decided to commit federal crimes and then not commit them. If I decide to commit the crimes, I have already abandoned my children to the hope I am never caught. Having a last-minute change of heart doesn't make him noble and it doesn't make up for what he did to his kids--he's still likely to go to jail.
Since we're quoting media it reminds me of a scene from The Simpsons, where Bart is talking to an, ahem, faith healer:
Sorry, Sabu; you don't get full coverage. So yeah, he deserves our derision for being a scumbag to his children. He also deserves our derision for squealing like a stuck pig the second he was caught, and for throwing everybody who acted with him under the bus to save himself.
Every single turn on this whole LulzSec trip he has shown himself to be utterly and completely self-interested. "Should I commit crimes? Forget the kids." "Oh no, consequences! Forget the others!" He can try to paint it however he wants, but he's still a little fuck from every perspective I can see.
pwn3d.
Like it or not, the FBI did outsmart many of the members of Lulzsec.
While the Feds may lack the technology skills, they are able to make it up with their expertise in social engineering.
He should have known better as a father that they would use his children as the crutch to break him.
stoned or stupid? You don't hack a bank across state lines from your house, you'll get nailed by the FBI. Where are your brains, in your ass? Don't you know anything?"
I can't believe they caught the twats at home. If these guys were worth their salt they would have done the following:
-Stayed mobile.
-Done some of the things that this list warns people to look out for.
-TRUSTED NO ONE.
Was Sabu working for the FBI when Anonymous took down all those child porn sites in October...?
This. Anonymous isn't the only organization that lives by the slogan "We do not forgive. We do not forget. Expect us."
So do the Feds. They investigated, they established probable cause, they got warrants, they made arrests, and the suspects will receive trials.
Whatever color hat you wear (mine happens to be white, but it may or may not have a few smudgy fingerprints on it from decades past), this was good solid police work, and it was done by the book. Well-played, FBI, well-played.
Manning took the same oath that everyone entering the military takes, to defend the Constitution of the United States.
Part of every soldier's training states that if you see an officer or other members of your squad, platoon, battalion, or even Joe Random Officer committing crimes, treason, or acts unbecoming of an officer or enlisted man of the United States military, you are to take the appropriate action.
I feel he took most of the appropriate action. He saw how the war in Afghanistan was being handled, and how civilian casualties and torture of prisoners was condoned by those all the way up the CoC. He also saw how our allies were smoking up before patrols and putting the lives of every single American soldier they were near at risk.
Manning did the right thing. In hindsight, he probably shouldn't have turned the data dump over to someone like Asange, but he didn't seem aware of anything other than "Wikileaks is a safe place to get the word out and not have the data suppressed."
The response from the military and the government has been absolutely deplorable.
It is more of a guideline than a rule.
Cry moar, crybaby. This is how real police work gets done. It's not like on TV where there's semen everywhere for DNA samples and they can use the zortec II interferometer with micro-slit refreractomy. They find some guy to snitch on his asshole buddies, case closed.
>The lesson for us to learn ---
is to work on your own or in very small, non-interlocking cells.
these fools were amateurs who played with fire and got caught.
From today's New York Times:
http://www.nytimes.com/2012/03/07/business/jury-convicts-stanford-in-7-billion-ponzi-fraud.html?scp=1&sq=james%20m%20davis&st=cse
Whether his name is James M. Davis or Sammy "The Bull" Gravano, the FBI informant is the key ingredient in putting people like R. Allen Stanford and John Gotti where, in my view at least, they richly deserve to be. I don't know if Lulzsec's guys belong in jail. But if they do, finding somebody to snitch them out is the FBI's job.
You're on Slashdot. I think a high proportion of the people on here will not have a remote chance of having children. But if any of the neckbeards on here want to justify their lack of children by saying they lived in fear of one day having kids used against them by the FBI, rather than the fact that no sane woman with most of her own teeth would sleep with them, then you have helped the less fortunate of the world and done your good deed for the day.
You call me a pedant? I prefer the term "correct"
Now you tell me!!!
So a few episodes back of this show, weren't we saying that stuff wasn't adding up in the tone and the feds were False Flagging? "Informant" is a little different, but close - in that they're still going to try to point to these groups and go all "see, our kiddies aren't safe from these online terrorists!"
And out came the usual "Tin Foil Hat" arguments in response.
Except - it turned out true after all.
So now where do we stand in the Meta-Eval here?
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Manning's oath was to protect the Constitution, not American Imperialism.
Entrapment.
The FBI provided the criminal the distribution method and machine use for this activity, with certain conditions and protections afforded to create value in a criminal enterprise. The crime was even committed with an FBI laptop. All because the use of a more correct charge (domestic terrorism) still does not find correct application for the stated intent of these organizations (so described well under 18 USC 1951).
Robbing from the rich to give to the poor (so they can overthrow the government and subvert the Justice System systematically) is really no different than Texas v White (1869, US Supreme Court). Even if it does have damn good motive (Turner v Rogers, U.S. Supreme Court 2011).
In our time, hackers stopped wars, overcame U.S. Air Force Counter-Intelligence, and stole the MP3 codec from Germany to make video and audio a global phenomenon. The present generation of credit card thieves, are living in the shadow of that secret war, pale imitations. Hurting children. Harassing victims of organized crime. Generally shaming us all. Hacktivists.... seriously? More like Hipptivists Thugs. Want to accomplish something? Go look into the 3.2 million missing children in the United States or how the Conservative State Governments profit ($500,000,000/yr) in false claims of abandonment against unwed fathers stripped of all contact with their children in a birth tax, often refused the right (28 USC 1738Ae) to even be represented in court or hear evidence in these state-sponsored kidnappings favoring the religious extremism and "Progressive State Parenting Rights" claims of both parties.
While our people are sold into slavery and genocide (18 USC 1091), these overgrown children (28 years old, this cat) play cops and robbers with fiat currency. Sad. Distracted they are, while our people are sold into chains like the Trail of Tears once more.
A shame to our heritage as hackers.
Do you think making crude stereotypes like these is supposed to be funny? Speaking of social ineptitude...
Slashdot has been eclipsed by younger sites like reddit. Most of those of us who hang around here are pretty old, as a casual look at the registration numbers suggest.
xkcd is not in the sudoers file. This incident will be reported.
Would that be:
Hector X Monsegur
90 Avenue D, Apt 6F
New York, NY 10009-5511
I'm not in NYC this week. Could someone go spit on this SOB for me?
Much like the US military during/after WWII, there was a long evolution of procedures regarding warfare/counter-warfare. The korean war helped to bring the concept of OpSec (operational security) to the forefront regarding indicators, the bits and pieces of information that could screw you if enough pieces are gathered. This is even more important in the digital age as the collection of secondary information is much easier to automate and correlate.
Anonymous and its subgroups have for the most part been amateur operations. Their one merit is their hydra nature and proclivity for anonymity that helped to disguise them in a crowd and survive up to now. But now the Giant has turned its eyes on them, so they can't play it by ear as much anymore. Technological solutions can mitigate some of the more common mistakes, but OpSec is to some degrees a variation of social engineering/human weakness, so that will be hard so long as you rely on untrained amateurs for the majority. But, we may see the emergence of a higher level hacktivist, better trained/experienced to operate in decoupled cells. You also have a generation of US military enlistees who are leaving the military, and have some of the experience/knowledge that is applicable to the situation, who are bored/unemployed/annoyed vets with a grudge. While the parts are not stellar, the ingredients for something interesting are there. But, the danger exists that hackivism will soon be viewed as "online radicalization preparation for terrorism" and be treated accordingly. In some ways that is correct, as you are using civilians with some military training...
Speaking of kids, you would think the FBI would have some sympathy for his. They way they outed it all for maximum publicity with total disregard to the impact on his children. Kids are cruel and you can imagine the kind of attacks his kids will suffer as the children and such a publicly exposed betrayer.
Also one has to wonder at how those victims of the FBI orchestrated attacks over many months must feel. If I was one of those victims I'd be lawyering up to sue the hell out of the FBI for the crimes they orchestrated, not only allowing them to occur but initiating them. Easy money to make because the FBI will be forced to settle rather than battle out their criminal actions in court and considering wilful damages and penalties as well as loss of reputation and long term harm settlements could readily blow out to the millions.
Chaos - everything, everywhere, everywhen
I don't think it was crude at all. It was rather apt. I'm a neckbeard and have no plans for kids. I'm the neckbeardiest neckbeard in neckbeardurbia.
After all that's what he did. Worse still he had actually taken a formal and solemn oath (written and oral) not to reveal the secrets he did.
But his duty to report war crimes is higher than his oath of secrecy. His oath to the Consitution is higher yet.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
The response from the military and the government has been absolutely deplorable.
Agreed. They should have expedited a court martial and execution for that little cocksucker.
I hope that whomever makes the movie pays attention to the details. No spinning rubix cubes or hand waving at transparent surfaces, please!
But first, they have to decide who's the Good Guy(s)...
What's the point of seeing kids if you are dishonored? Aung San Suu Kyi didn't see her kids for many years, but was a great mother.
Why are you calling his buddies assholes, asshole?
The FBI cannot prevent someone from having visitors in prison - it's just an empty threat used along with other lies and 'games' (good cop, bad cop for instance) to intimidate their suspects.
The judge can and the prison can, given proper justification. Preventing children from visiting is even harder as they have a right to visit their father, a right that can only be removed if the father is convicted of something directly involving the children (violence, incest etc.).
Can't believe that that people still fall for this. Bad lawyers perhaps?
A good lawyer would advise the defendant to shut up and not do anything until a written plea is on the table. If no plea is offered, continue to say nothing no matter what. Make the FBI work for every inch. Agreeing to work as as informant is a defacto admission of guilt which means that once he's in, there' no way out - ever.
Finally, this guy has killed his career here. Nobody would ever trust him, especially in the hacker environment.
A guy like Kevin Mitnick can work as a security consultant these days and is also still respected in the hacker community because he didn't sell out. He stood his ground and it has since become evident that he didn't give away anything the authorities hadn't already figured out. He still has active backdoors here and there and he can still do his magic. Oh, and the technical part of his work is just a minor thing. His true force is the ability to manipulate people to do his bidding ("social engineering"). The book "The Art of Deception" hold many examples, all supposedly something somebody else did, but rest assured that some of his own work hides in there. The message being that any system that includes humans can be broken with very little effort if you know what you're doing. Anonymous did just that when they hacked HBGary, and combined with a classic lack of security protocols (and revisions that would have caught it), they completely owned everything - mails, servers, social media accounts etc. - and the feat has been repeated a dozen times now with targets including both security firms and the FBI itself, and it's still incredibly efficient.
Oh, and social engineering in itself isn't illegal. It's only if you use the information/access you are given that you start breaking laws, i.e. using obtained names and letterhead paper (found legally in a dumpster) to forge a document, or use acquired login credentials to gain access to resources you're not authorized to use.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
OK, let's do this again:
Hector X Monsegur
90 Avenue D, Apt 6F
New York, NY 10009-5511
(from public records search)
Yep, now you see how the game works - the last hidden hole cards.
They draft bills to Protect Kids From 4Chan but they threaten to kill your kids if it helps their cause.
With that kind of logic in operation, nothing else matters.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
... the FBI lay behind the credit card theft themselves?
It'd interesting to see if they drop charges against sabu completely now. After all, you can't put a man with no fingernails on trial.
US-UK-Israel: The real Axis of Evil
These guys are thieves who happen to do their thievery in cyberspace. Do the crime - do the time.