LulzSec leader Sabu was working for FBI

[Tale]

Presumably to stick it right up the activists, the FBI gave an exclusive to Fox News and let them interview Sabu's handlers.

It appears they also used Sabu to catch the guy who hacked StratFor (emails published recently by WikiLeaks).

Infamous international hacking group LulzSec brought down by own leader

As a result of Monsegur’s cooperation, which was confirmed by numerous senior-level officials, the remaining top-ranking members of LulzSec were arrested or hit with additional charges Tuesday morning. The five charged in the LulzSec conspiracy indictment expected to be unsealed were identified by sources as: Ryan Ackroyd, aka “Kayla” and Jake Davis, aka “Topiary,” both of London; Darren Martyn, aka “pwnsauce” and Donncha O’Cearrbhail, aka “palladium,” both of Ireland; and Jeremy Hammond aka “Anarchaos,” of Chicago.

Inside LulzSec, a mastermind turns on his minions

Flipping Monsegur wasn’t easy. But with a charge of aggravated identity theft and a two-year prison sentence to hang over his head, the FBI forced Monsegur to weigh the political beliefs that drove him and his allegiance to cohorts around the world against his desire to be with his kids—he is the guardian of two children—and his extended family.

Sabu and his FBI handlers also disseminated false information to the public and hacker community—often through Twitter, sometimes through unsuspecting reporters who thought they’d landed an online interview with the notorious hacker. Their correspondence was sometimes directly with agents. More often it was with Sabu acting on strict guidance from the agents sitting with him, reading his every word.  

“About 90 percent of what you see online is bulls---,” said one of Monsegur’s handlers, referring to the Twitter posts from Sabu’s account and “interviews” he’s given to the press on direction from the FBI as part of their disinformation campaign.

[bhodi]

It was no secret.

http://www.deathandtaxesmag.com/179764/anonymous-has-grown-beyond-lulzsec-and-sabu/

There has been a widespread belief that Sabu was a rat for quite some time within the hacking community—an August 2011 chat between Sabu and Virus, for instance. Virus quite prophetically wrote in that infamous chat: “I’m absolutely positive, you already got raided, and are setting your friends up and when they’re done draining you for information and arrests they’ll sentence you and it’ll make nose.”

For Example:
http://www.nytimes.com/2012/03/07/technology/lulzsec-hacking-suspects-are-arrested.html?_r=3

Barrett Brown, who has spoken on behalf of Anonymous in past attacks, including the attack on Stratfor in December, said that his home in Dallas had been raided and that the F.B.I. had sent three agents to his mother’s house, where he stayed last night.

“I received an advance warning of the raid and put all my laptops in very specific places where they couldn’t be found,” Mr. Brown said. He said the agents left without making an arrest.

Mr. Brown said the arrests elsewhere would not slow down the Anonymous movement. “There are lots and lots of people here that continue to work. The F.B.I. did not really cut the head off of anything. Anonymous will go forward as usual. So will I. We hired an army of lawyers last January. We are prepared for a big slug-out.”

[ghost]

Here’s a suggestion to the FBI: Maybe you should spend a little less time pursuing Anonymous and put more effort into bringing to justice the white-collar criminals who crashed the economy in 2008, thereby pocketing billions and evaporating middle class savings, delaying retirement, and sending families into the grip of poverty; driving individuals to suicide, or illegal and prescription drug use to numb the pain; to theft, alcoholism, and welfare that the GOP hates so much; and saddling college graduates with hundreds of thousands of dollars in debt from which they won’t soon liberate themselves.

Amen.   

[Teleku]

Lol security.

[Tale]

Some notes from Twitter:

• The FBI docs say Sabu's illegality ceased on June 7th, so that's where FBI-Sabu starts (via @LeidermanDevine)
• It was Sabu who suggested handing the Stratfor data to WikiLeaks, so it will be interesting if FBI-Sabu was used to set up Assange in any way. (says insider @LulzKitten)
• Paragraph 10 of Sabu's FBI information mentions another unnamed informant involved with Internet Feds (via @YourAnonNews).
• Interesting page by Errata Security mentions "They caught Sabu because just once, he logged onto IRC without Tor, revealing his IP address".

Edit: Full district court charge sheet against Sabu - including that he hacked an auto parts company and had four motor vehicle engines shipped to himself :)

[bhodi]

Ars Technica has a pretty good article on Hammond, one guy that they tracked through Sabu.

One interesting thing I also read on twitter was that none of the people who were raided were (apparently) using disk encryption. The comment was "If we can't get these guys to use encryption, what hope do we have for the general public?"

They really need to learn their history. E911 wasn't that long ago; you'd think some of the lessons would have sunk in. Maybe they should go talk to Bruce Sterling.


Edit: Wow, the wikipedia article on him doesn't even mention it. The Hacker Crackdown is what I'm talking about. Anyone with even a passing interest in internet evolution, computer law, privacy, the psychology and behavior of the FBI, or hacking/cracking witch hunts in general should at least be familiar with it's contents. If you've never read/skimmed it, you can read it free here. This is all pretty much history repeating itself.

Tale; if you're trying to pull twitter quotes / info, you should look at csoghoian and ioerror.

[Der Helm]

I was under the impression that encryption does not do you any good once the hardware has been seized. Except buying you some time.

But I don't know shit about this, so please, if I am wrong, enlighten me.

[apocrypha]

Well the FBI recently cracked the encryption on a suspects hard drive, in a case where the suspect had been ordered by a judge to hand over the password to the drive, potentially violating her 5th Amendment rights.

That's the only case I can remember seeing in the news so I suspect it's the first time it's happened.

[Kitsune]

There's encryption and there's holy shit encryption and there's encryption where the password is 'password'.  The three things are rather different from one another.  The degree of encryption and paranoia that you should use to keep your wife from finding your porn stash is on a different level from how you should be covering your ass if your hobby is attacking governments.

[Ironwood]

I'm not sure about that.  My wife gets pretty mad.

[TheWalrus]

Yeah what that guy said. Hell hath no fury like a woman porned.

[bhodi]

Hard drive encryption is a very complex / complicated topic that is still being hashed out in (US) courts. As of now, the standing belief is that you may be forced to hand over the password and may be in contempt if you refuse if either police have already seen what's behind the encryption or if you've directly implied you know the password but are deliberately withholding it.

In one case, they walked in, saw some CP on the monitor, but when they shut the computer down for transport, booted it back up, disk was encrypted, and the defendant was trying to refuse to re-give the password so it could not be entered as evidence. In others, the computer was used every day and the password was typed multiple times a day. This last example is the meat of the article a few posts up; as the article states, they likely got that password because of password reuse, aka she used the same password elsewhere and they already had it. Which if, of course, does not necessarily mean they are allowed to use it because laws are weird.

However, there is still protection for people who can reasonably claim that they no longer remember what the password is. The bounds of this is still uncertain, but automated scripts and an absolute firm conviction to restate "I don't remember, I don't recall" is the "best bet". Who knows if it actually works, as I said, still being tested in court. However, at some level it's obviously unreasonable to jail someone indefinitely for contempt of court for refusing to divulge something they cannot.

One thing I can confirm; done properly, full-disk encryption is virtually impossible to be "cracked" without actual NSA-style entire-datacenter brute-forcing. There aren't really "levels" of encryption as you're trying to describe them, assuming you don't use one that is especially vulnerable to brute-forcing and use a proper passphrase. Nearly any reasonable one on this list will do and tons of linux distributions come with full disk encryption support or at the very least home directory encryption pre-installed and configured.

[Ironwood]

Hard drive encryption is a very complex / complicated topic that is still being hashed out in courts.

I see what you did there.

[bhodi]

Unintentional, honest! Though funny. As an aside, if anyone is actually interested in this stuff, I will spit articles at you until I am blue in the face.

[Kitsune]

I meant levels in the sense that there are completely different types of encryption out there.  There's hardware-based encryption that isn't much use if someone steals the whole computer along with the encryption module.  There's encryption where people keep the key on a USB stick, which is again useless if someone gets their hands on the stick.  There's encryption based on user accounts, but user account passwords are easier to crack than a huge encryption key, so again, an attacker who has the computer in their possession can circumvent it pretty easily just by breaking into the account. 

Encrypting the entire drive with a good password that you haven't ever used for anything else or written down on anything is pretty close to unbreakable, yeah.  But at that point you still have to worry about someone remotely accessing your computer while you're online.  Encryption doesn't count for a lot if there's a rootkit busy transmitting your files to a third party after you log in and decrypt the drive.  Similarly, a suitably motivated person could break in and stick a hardware keylogger on a computer.  Owner comes home, types in password to access drive, bad guys now have drive password.

Then you get into biometric passwords, which are dandy until the person winds up kidnapped/arrested, at which point the other party can essentially take the password.  And when it comes to law enforcement, most cops will simply lean on a person until they give up the password.  It would hardly be the first time that the police 'helped' a suspect convict themselves over the course of ten hours in the questioning room.

[Tale]

The one remaining uncaptured member of LulzSec, known as Avunit, has spoken and said his goodbyes to Anonymous.