The hacker known as "The Real Sabu" is one of the members of the hacktivist group LulzSec who has been using Twitter to pump out prolific wisecracks and revolutionary messages. As far as anyone can tell, anyway, given the murky status of Twitter identities.
This week, it was revealed that he may have been tweeting to the feds, too. Singing like a bird, in fact. So much for honor among hackers.
Hector Xavier Monsegur, 28, who made New York's Lower East Side the base of his operations, was arrested last summer. Since then, reports say, he has been busy playing stool pigeon, passing information to the authorities that bore fruit this week with a series of arrests. Monsegur's assistance seems to have allowed the authorities to strike not only at LulzSec, but Anonymous and Anti-Sec, too. You can imagine how much trust and goodwill this will spread among the hacking community.
AntiSec/Anonymous has already retaliated, breaching subdomains of the Panda Security Website to post their own promotional videos along with email addresses and passwords for some Panda Security account holders. In a Pastebin post, they accused Panda of assisting law enforcement -- or "snitching." They also referred to the Monsegur situation:
Yeah yeah we know... Sabu snitched on us. As usually happens FBI menaced him to take his sons away. We undestand, but we were your family too... It's sad and we can't imagine how it feels having to look at the mirror each morning and see there the guy who shopped their friends to the police.
As far as we can tell, then, at least some hackers, probably involved in the Panda exploit, believe that Monsegur is an informant.
"The Real Sabu" continued to tweet anti-government, pro-hacking messages on his Twitter feed until Monday, when he closed with a message in German which may turn out to be his swan song: "Die Revolution sagt ich bin, ich war, ich werde sein." ("The revolution says I am, I was, I will be.") This paraphrases a comment published by the German socialist Rosa Luxemburg shortly before her arrest and death in police custody.
On Tuesday, court records were released showing Monsegur had pleaded guilty to hacking and financial fraud. Specifically, he had been involved in identifying vulnerabilities in third-party systems and either exploiting them himself or passing them to other hackers.
Is it possible, however, that Monsegur didn't flip his fellow hackers? Although it has been suggested that he denied being an informer in an Internet conversation with a Guardian journalist last year, the excerpts from that chat, published today, are actually quite ambiguous.
Assuming that Monsegur has been assisting the authorities, what are the implications for the loose underground federation that has claimed success in breaching a series of governmental, law enforcement, and enterprise Websites over the past year? The arrests, as the Panda Security exploit shows, are unlikely to bring down the curtain on Anonymous and LulzSec. Hackers, as Anonymous famously claims, "are legion."
The larger impact is likely to be on trust within the hacktivist networks. "The Real Sabu" was a high profile LulzSec member -- "one of the world's most-wanted hackers," as Reuters described him yesterday. Even in the shadowy corners of the "Darknet," hackers inevitably share some potentially identifying information. If a figure as central to operations as Monsegur cannot be trusted, who can?
The situation underlines the risks to individuals in working alongside anyone else in pursuit of hacking goals. The vulnerability at the heart of Anonymous-AntiSec-LulzSec turns out not to be technological, but very human.
— Kim Davis , Community Editor, Internet Evolution