Hector Xavier Monsegur, a hacker with the group Anonymous cooperating in a U.S. probe, won’t face prosecution on charges including attempted drug- dealing and illegal gun possesion, according to a plea deal.
The agreement, made public today, stated Monsegur, 28, won’t face federal charges for hacking the website of an online casino, trying to sell five pounds of marijuana, receiving stolen property and gun possession.
The U.S. also said Monsegur won’t be prosecuted for using an employer’s credit card to make $15,000 in unauthorized charges. The government said Monsegur’s hacking activities date back to 1999. Some of the alleged criminal acts are too old to be charged or are outside federal jurisdiction, according to the agreement.
Monsegur, a former member of the Anonymous, Internet Feds and LulzSec hacker groups, began secretly cooperating with U.S. investigators after his arrest on June 7, according to a court transcript. Monsegur began working “around the clock” to inform on his colleagues, prosecutors told a judge.
Prosecutors said in the agreement that Monsegur faces possible retaliation from the targets of his cooperation and may require federal witness protection.
Monsegur, who pleaded guilty Aug. 15, began cooperating with U.S. authorities, including Federal Bureau of Investigation agents, after his arrest, Assistant U.S. Attorney James Pastore told U.S. District Judge Loretta Preska at a court hearing in August, according to a transcript.
Monsegur, who used the nickname Sabu and is described as an “influential member” of all three hacker groups, admitted to staging cyber-attacks against the websites of the governments of Algeria, Yemen and Zimbabwe, according to a criminal information unsealed March 6. He also said he conducted hacks on Tribune Co. (TRB) and News Corp. (NWSA)’s Fox television, prosecutors said.
“Since literally the day he was arrested, the defendant has been cooperating with the government proactively,” Pastore told Preska at the Aug. 5 hearing, according to the transcript made available yesterday. “The defendant has literally worked around the clock with federal agents. He has been staying up sometimes all night engaging in conversations with co- conspirators that are helping the government to build cases against those co-conspirators.”
Monsegur was charged with computer crimes by U.S. prosecutors in five districts in four states, court records show. During the two months after his arrest, he provided the U.S. with valuable information, Pastore said. Monsegur continued to work with Anonymous until last week, Barrett Brown, an informal Anonymous spokesman, said March 6.
He helped identify and “patch” or notify potential targets about more than 150 cyber-security vulnerabilities. The FBI had sometimes even been able to alert the would-be victim of an attack before it occurred, Pastore said.
“The defendant’s information is also helping the government close in on several prominent cybercriminals,” Pastore said.
Monsegur, who is cooperating in hopes of leniency, faces more than 122 years in prison, with a mandatory minimum of two years, according to prosecutors.
Lives in Manhattan
Monsegur has been unemployed since April 2010, lives in Manhattan and supports two nieces, ages 7 and 5, the documents show. He earned $6,000 a month at his previous job, which wasn’t described, according to court records.
Manhattan U.S. Attorney Preet Bharara’s office revealed Monsegur’s role as a cooperator this week as it announced the arrest of five other men linked to Anonymous and offshoot groups in the underground hacking movement.
“Exposure of the defendant’s cooperation would jeopardize substantial ongoing investigations into the defendant’s former co-conspirators, several of whom are suspected of carrying out substantial computer hacks against several businesses,” Pastore said in a June 8 request to seal his case file.
Monsegur’s “efforts have involved cooperation against targets of national and international interest,” Pastore told Preska at the August hearing. “The defendant has already incurred a significant amount of personal risk by deciding to cooperate.”
Prosecutors said in Monsegur’s cooperation agreement that they will take any necessary steps to protect him from “individuals who might use violence, force and intimidation against the defendant, his family and loved ones,” including their possible relocation under the U.S. Marshals Service Witness Security Program.
FBI agents arrested Monsegur at 10:15 p.m. on June 7, court records show. After an initial appearance the next day before U.S. Magistrate Judge James Cott in New York, he was released on $50,000 bond and directed to remain under FBI supervision, records show.
Documents related to his case had been sealed until yesterday.
Monsegur’s identity as a defendant remained secret because if hackers learned he had been arrested and was cooperating, he would be in danger, Pastore said in a June 8 filing.
Hackers monitor federal court dockets for information about informants and would recognize Monsegur’s name because his identity was already known to them, the prosecutor said.
Some hackers retaliate against informants through a “dox,” putting “the personal identification information of a cooperator and their family members” online, Assistant U.S. Attorney Stephanie Christensen, a prosecutor in Los Angeles, said in court papers.
Pastore told Preska that hackers had other ways of retaliating. For example, they might have hundreds of pizzas delivered to the cooperator’s house or report a hostage situation and have a SWAT team sent to the cooperator’s home.
“It’s actually called ‘swatting,’” Pastore said.
Ryan Ackroyd, Jake Davis, Darren Martyn and Donncha O’Cearrbhail were charged in an indictment unsealed March 6 in Manhattan federal court. They are accused of conspiracy and a variety of cyber-attacks tied to Monsegur.
A fifth man, Jeremy Hammond, who identified himself as a member of AntiSec, was arrested in Chicago March 5 and charged with the December hack of Austin, Texas-based intelligence firm Stratfor, which the U.S. says might have affected 860,000 victims. Hammond has been transferred to the custody of federal prosecutors in New York to face the charges.
The hackers charged by Bharara’s office are among the de facto leadership of Anonymous, the self-professed hacker- activist group, and LulzSec, or Lulz Security, an affiliated group, U.S. authorities said.
U.S. authorities said there could be more than 1 million people who were victimized by the defendants’ activities.
The case is U.S. v. Monsegur, 11-cr-666, U.S. District Court, Southern District of New York (Manhattan).
To contact the reporter on this story: Peter Blumberg in San Francisco at firstname.lastname@example.org
To contact the editor responsible for this story: Michael Hytha at email@example.com