#anonymous falls

The most prominent and revered member of Anonymous, Sabu, has reportedly been an FBI informant for months. And thanks to his help, authorities today rounded up the last members of LulzSec, the notorious defunct hacking group he once led,.

Fox News reports that the Anonymous leader Sabu is Hector Xavier Monsegur, a 28-year-old father of two living in New York. He was apparently arrested last summer, pleaded guilty to 12 charges in August, and has ben working with the feds ever since.

This is a stunning development for Anonymous. Sabu, using his well-followed Twitter handle @Anonymousabu, had become the most prominent member of the loose-knit hacking collective. Sabu’s rise started with the hack of the security firm HBGary in winter of 2010, which leaked chat transcripts show he masterminded. It continued as he led the Anonymous off-shoot LulzSec; off the notoriety gained from LulzSec’s summer of hacking mayhem last year he became increasingly respected among Anonymous, acting as the group’s de facto spokesman. After LulzSec disbanded over the summer, Sabu was often the first to announce new Anonymous hacks, and he constantly cheerleaded on fellow Anons while spewing out hatred for the U.S. government.

But Sabu didn’t fall as his comrades in Anonymous and LulzSec were swept up in raid after raid—in fact he only seemed to grow more bold. This raised some suspicions that he’d turned informant, and those suspicions were right: Today authorities on two different continents rounded up some remaining key members of LulzSec “acting largely on evidence gathered by” Sabu, according to Fox News.

Who knows how many other Anons Sabu has snitched on. Just last week, he urged hackers to come forward with “data to publish (big dumps, source codes, cache of documents, etc).” Sabu was a linchpin of Anonymous, and there are going to be a lot of worried hackers out there today.

This entry was posted in Uncategorized. Bookmark the permalink.

3 Responses to #anonymous falls

  1. shulquist says:

    From the jester in Nov 2011 who picked Hectors as Sabu

    Sincerest apologies from myself and on behalf of the wider group go to Mr Hugo Carvalho (@visigod) – who many of us have previously believed to be the leader of Lulzsec, the group that sprung outta #Anonymous and have, and continue to release amongst many other things innocent folks CC nums, login credentials, emails, …. and the list goes on. In the name of what?

    Antisec? #OWS? #Anonymous? – either way google it.

    In essence… to Mr Carvalho. I officially apologize. You got caught up in something nothing to do with you. But make no mistake, you were caught up in it because @anonymouSabu used that domain sale purchase to fit you up. Also notice how he has never sprung to your defense. That’s because your ‘involvement’ suited his misinformation campaign.

    I myself have been ‘doxed’ at least 15 times by #anonymous and supporters, always incorrectly and I always defend the poor person they somehow finger as me.

    So why would I apologize, when I really have no need to, nobody gives a shit right?

    Because I said I would….

    Because the person behind @anonymouSabu is feeling the heat, not least because of what he did…. but also because of what he didn’t, in four months (as of now) he still hasn’t cared that another innocent guy was (by his doing) fingered as him. << Pro-tip. bad skillz. Bad Karma.

    Lets get right to it….

    (tick tock… 6͎̫̹̏ͦ̿̈́͗̚͠9̜̙͈͓̫̼̼ͮ̓͗̽͂̓ͨ͢4̥͙̔͊̋9̣̖͈́̾1̙̔̈͒̌5̥̣͈̮͔͈̯ͩ̈ͩd͇̲͚͖̉ͧͥ7̐͠d4͌a̙̪̫̫̝̭̓̐͂ͫ̈ͭ͞ͅc̹͔̈ͯ̏̈̓̄ͅf̱5͖͓̣͕̾̊̉̓̂͟0͆̀b̟̯̱̗͇ͤ͋̊͟b̕f͈̩̼̮͖̿̋͒4̩͍̰ͣ̏͑̾ͥͮ̽3̜̞͓͎̎̋̌̈͆͠a̛̯͎̠ͪ1̲̞̹͖̠͙̽̃̑͋͗ͤ͌ͅ0̢̼͖̮3͏͙̱̤8̱ͭ͑ͣ͗̀e͎̦̫̯͓̋̔3͖̘͎ͯ͐̓e̞͖͉̲̰͚̅͋̔͐̐͊9̗̊͊͊ͫ̄̐f̨1͚͎͑̊ͦ͗7̫̈̃̿)

    In support of my heartfelt and necessary apology to Mr Hugo Carvalho…

    So…..a lot of info has been gathered in a short space of time, remember, I dropped the name ‘Monsegur’ 4/5 months ago…

    and @anonymouSabu never once defended him. The secondary name in above linked post was ‘Hector Monesgur’ – granted a family name.

    But on the strength of those convictions, over time …we softly softly… (ps – don’t fear the Reaper(sec)) Sabu, AKA @anonymouSabu, thinks that he’s fighting for the right cause. He’s helped “compromise” many systems. He’s helped “compromise” many companies. He’s helped “compromise” many people, all under the mask (no Anonymous pun intended) of fighting for freedom for the people

    All Sabu has succeeded in is helping to “compromise” himself. Let’s take a look at http://pastehtml.com/view/be43yl8ph.html real quick.

    This dump was received on November 15, 2011, from an apparent snag that happened on November 5, 2011.

    When Anonymous fought back against AnonOps. You see, the thing about AnonOps is that they have become power hungry little skiddies are more enthralled with their “cool kids club” than with actually performing acts to support the Anonymous idea and cause.

    So a rogue hacker or group of hackers performed an attack on the AnonOps server and helped produce the afformentioned dump. (Kudos to whoever got this lovely bit of information. Over 4000 idents exposed. Kinda cutting it short on the 9001 collective legion, though, aren’t we AnonOps?)

    Back to the point. If you will go to the dump link above and search for “compromise@gmail.com” you will find that it’s the email used by Sabu to register his nick. Why would this be important? Well lets take a look at some information from the past, shall we?

    http://pastebin.com/vLXBqbeB – Pastebin link entitled SABU Xavier Monsegur

    http://pastebin.com/911rucP3 – Pastebin link entitled Lulzsec / Sabu – new info

    http://seclists.org/fulldisclosure/2006/Oct/253 – Full Disclosure link showing Xavier asking questions about things that fall in line with Sabu’s mindset. Notice the questions about Hamas, jihad, etc.

    (^^^^ I explained all about this stuff here ^^^^)

    http://www.velocityreviews.com/forums/t357473-memory-leak-in-python.html – Link to a forum thread discussing python, which is known to be a favorite of Sabu’s. Please note that the question asking to paste an example of the code comes from compromise@gmail.com

    http://ceaxx.wordpress.com/uncovered/ – Possibly the biggest hunk of research into Sabu’s identity out there. (Extreme props to the author of this post.)

    http://seclists.org/fulldisclosure/2006/Jun/177 – Another Full Disclosure link about XSS (Cross Site Scripting) flaws in (back then) major websites.

    http://seclists.org/fulldisclosure/2005/Dec/989 – Another Full Disclosure link about XXS in Myspace

    http://www.securityfocus.com/archive/1/archive/1/440126/100/0/threaded – More posted from compromise@gmail.com with xavier@tigerteam Links linking links.

    http://www.nytimes.com/2007/10/01/nyregion/01banned.html – Dad is banned from seeing his mother due to drug convictions.

    http://www.nytimes.com/imagepages/2007/10/01/nyregion/01bannedCA02ready.html – Pic of grandmom holding pics of Dad and Sabu

    http://ceaxx.files.wordpress.com/2011/08/sabu.png – From the above blog post (and Sabu’s old Myspace) Kinda looks like the kid in the pic that grandmom is holding up, don’t you think?

    Thanks to the post at http://ceaxx.files.wordpress.com and…..

    http://pastehtml.com/view/be43yl8ph.html which is the dump created by a rogue Anonymous member fed up with the direction that AnonOps has been taking the Anonymous movement.

    All possible from a single seed…

    The idealogy behind Anonymous can be considered a valiant one, even if the delivery is not something to be admired. It took a member of the group to fight back against the injustices that Sabu and AnonOps have been pushing the group towards.

    Instead of moving forward, it’s just continued to move backwards. I am sure that Sabu never thought that he could be a victim to a “compromise” such as this one.

    Then again, what do I know? I’m just another writer in a sea of watchers monitoring the happenings between the proverbial good and evil. With the good majority of Sabu’s former clique already caught by law enforcement (Topiary, kayla, tflow, etc.) only time will tell if Sabu/Xavier will meet the same fate.

  2. shulquist says:

    From Creaxx who caught Hector in Aug 2011
    with one comment

    The Sabu Connection

    Handle: Sabu
    Aliases: Xavier De Leon, Xavier Kaotico, Xavier Monsegur, Sabu
    Real Name: Hector Xavier Monsegur
    Race: Puetro Rican
    Last Known Location:
    ***Address Purposely Withheld***
    New York City
    Family: ***Information Purposely Withheld***
    AIM: Encryption (last publicly known sn)
    Twitter: @anonymouSabu
    Notes: Python, php, perl. Politically motivated even in years past. Active in AOL ‘hacking’ scene during 90s. Searches reveal several published vulnerablities, exploits and code from 90s and on, including AOL. Intelligent writer when publicly speaking but when in private conversations and non-public forums frequently uses slang normally associated with African-Americans and Puerto Ricans. Consistent dialect and word usage throughout old and new writings. Associated with other hackers from same era, many references to Nullbyte aka Haris Tahir. Nullbyte’s personal blog links to XavSec’s blog under the category ‘Lost Souls.’ Tahir’s blog makes direct reference to Anonymous & LulzSec, obviously a supporter (specifically of OpMalaysia among others). Pure-elite is seen in websites, mailing list posts and IRC. Gamer referenced by #ps3test chat logs linked to prvt.org. Prvt.org appears in several places. New York Giants fan, which coincides with NYCPug, NY perl/python lists, etc. Operated several websites and maintained personal blogs. Several talks with insiders and self-proclaimed friends have described him as Puerto Rican and have provided the first name ‘Hector’. References to Hamas, Palestine and Middle East. Quote usages in Twitter feed have direct word-for-word correlation with older forum and mailing list posts.

    Email Addresses: (past and present)
    X*************R@gmail.com (exact address unknown but Xavier[ ]Monsegur fits perfectly)

    Websites: (past and present)
    Gfy.com (Member of forum)
    Several Google Profiles


    Website Screenshots: (some images credited to Sabu.pdf by @Le_Researcher, validated and reused to save time)

    Pure-elite.org | Notice the poster named ‘erika’
    ‘Erika’ comments on myspace


    Personal blog


    Sabu offers python help

    NY Giants fan

    Went by Sabu during aol days
    Politically motivated defacement referencing Puerto Rico

    Xavier starting NYC group

    There are many more connections made that were taken down in hand written notes, which will not be scanned and uploaded. The complete set of all digital research, notes and images is available in the Research section of this website.
    Specific personal information has been withheld to avoid harm to non-involved family members and others.
    The majority of this information was found using open source intelligence methods. Some specific details and key parts were obtained through insider information, privately leaked chat logs and other methods that will not be disclosed or published for privacy and security reasons.


  3. shulquist says:

    Profile of Jeffrey Hammond
    At the time of his latest arrest, Jeremy Hammond was living on Chicago’s South Side, about three dozen miles and an entire political spectrum away from the conservative DuPage County community where he grew up.

    Already a rock star to anarchists and cyberterrorists worldwide, Hammond was one of five computer hackers charged Tuesday with crimes related to high-profile cyberattacks against major corporations and government entities. Court documents tie Hammond to “Anonymous,” a decentralized international collective of “hacktivists,” or people who use computer networks for political protests and other actions.

    His mother, Rose Collins, offered a heavy sigh when informed that the FBI had arrested her 27-year-old son.

    “Again?” she asked. “I love my son, but he is a genius with no brain. He has a 168 IQ, but he has no wisdom.”

    Hammond is Collins’ firstborn, just a few minutes older than his twin brother, Jason. From birth, the boys’ father believed they could be geniuses and went to great lengths to stoke their intelligence, Collins said. In addition to reading to them constantly, he played a recording of multiplication tables on a continuous loop while they slept in their cribs, she said.

    At age 8, Hammond was designing simple, Pong-like games on a home computer. By 11, he could code his own databases. When Collins once took the young twins’ Nintendo away as a punishment for misbehaving, she caught them a few hours later trying to build their own game console.

    The boys’ parents, who never married, broke up before the twins started kindergarten, Collins said. Though they saw their mother on alternate weekends, the twins lived primarily with their father, Jack, a musician who encouraged them to speak out against perceived injustices.

    As a student at Glenbard East High School, Hammond refused to study and still brought home stellar grades, his mother said. He soon grew bored with school and Glendale Heights — a bedroom community in right-leaning DuPage County — and began channeling his restlessness into pranks and social protests.

    While still a student, he hacked into the high school’s mainframe computer to show administrators its weaknesses, and was thanked for calling attention to the gaps, according to his mother. She said Hammond did the same thing at the University of Illinois at Chicago and was kicked out.

    A UIC spokesman confirmed that Hammond, a computer science major, left the school in spring 2004. He would not comment on disciplinary issues, citing federal privacy laws.

    By many accounts, the punishment left Hammond bitter, transforming him from a helpful hacker into a self-proclaimed cyber-vigilante determined to use his talents to attack powerful companies and organizations. A year after leaving college, he was arrested for hacking into a website called Protest Warrior, a conservative group best known for organizing counterprotests in support of the Iraq War. He was sentenced to two years in prison.

    “Whoever said it’s a blessing to have a gifted child obviously doesn’t know what they are talking about,” Collins said. “It can break your heart.”

    Hammond remained in custody Tuesday and will be transferred later to New York, where the federal hacking investigation was based. After his court appearance, Hammond seemed curious about the charges against him, asking officials if he could keep a copy of the criminal complaint outlining the case.

    Federal prosecutors charged Hammond with three felony counts related to computer hacking, including conspiracy and fraud. They allege that Hammond in December broke into the computer network of Strategic Forecasting Inc., or Stratfor, a global intelligence firm in Austin, Texas.

    Authorities allege Hammond and unidentified co-conspirators defaced Stratfor’s website, deleted information and stole confidential data, including employees’ emails, “as well as personally identifying information and credit card data for Stratfor’s clients; (and) publicly disclosed at least some of that data by dumping it on certain Internet websites.”

    Federal authorities say Hammond and others stole the personal information of about 60,000 credit card users, then charged at least $700,000 on the cards.

    Records state that on Dec. 29, days after the Stratfor hacking, a message was posted on a file-sharing website that encouraged people to use the stolen credit card information.

    “We call upon all allied battleships, all armies from darkness, to use and abuse these password lists and credit card information to wreak unholy havoc upon the systems and personal email accounts of these rich and powerful oppressors,” the message read, according to court documents.

    Court records state Hammond was involved in militant, left-leaning activities and anarchist groups. For years, he has been a “freegan,” someone who eats food that has been thrown into Dumpsters and elsewhere as “part of the anti-consumerist movement,” according to records.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s