Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

LulzSec leader's digital trail led rival hackers and possibly FBI to him

Lucian Constantin | March 7, 2012
The disclosure Tuesday by U.S. authorities that Sabu, the former leader of prominent hacker group LulzSec, is a 28-year-old man from New York City named Hector Xavier Monsegur, corresponds with much of the information released about him by rival hackers in the past.

The disclosure Tuesday by U.S. authorities that Sabu, the former leader of prominent hacker group LulzSec, is a 28-year-old man from New York City named Hector Xavier Monsegur, corresponds with much of the information released about him by rival hackers in the past.

Sabu had been secretly arrested by the FBI last year and has since allegedly acted as an informant for the authorities, according to court papers in the case. The whole law enforcement operation resulted in the arrest of five more alleged hackers linked to LulzSec and Anonymous.

Back in June 2011, a few weeks before LulzSec decided to disband, several rival hacker crews like TeaMp0isoN (Team Poison), lone hacktivists like th3j35t3r (The Jester) and other Internet users unhappy with the group's actions, launched a virtual war against its members.

LulzSec's enemies engaged in an activity known in the hacker community as doxing, which consists of gathering personal information about an online user and publishing it online with the goal of exposing his real identity.

One of the first information dumps targeting LulzSec members was done by a group called the A-Team, and while the information later proved largely incomplete and bogus, the details about Sabu in particular appear spot on.

A-Team claimed that Sabu was a Puerto Rican man named Hector Xavier Montsegur who was living in New York. The group said that this information matched archived whois data for prvt.org, a domain name believed to be owned by Sabu, that has since been anonymized.

According to the A-Team, some of the online aliases used by Sabu were 548U, hectic_les and leon, the last of which is mentioned by the authorities in Montsegur's unsealed indictment.

A separate Sabu dox report posted by an anonymous user on Pastebin on June 21 last year, traces Montsegur's alleged online activity to as far back as 2003. It claimed that he was involved in several software and security-related projects over the years under the aliases Xavier Kaotico and Xavier de Leon -- another fake identity mentioned in his indictment.

On August 17, around the time when Montsegur is said to have started working with the FBI as a cooperating witness, another Sabu doxing project was started on a blog. It listed the hacker's known email addresses, including many that contain Sabu, Xavier and Monsegur in their names.

The project concluded that Sabu lives in New York City, is a NY Giants fan and even includes a picture of him grabbed from a MySpace profile.

Information gathered with the help of Google search and other freely available services suggests that the LulzSec leader may have been careless at the beginning of his hacking career and failed to switch to another identity when things started to get more serious.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.