The hacker known as "The Real Sabu" is one of the members of the hacktivist group LulzSec who has been using Twitter to pump out prolific wisecracks and revolutionary messages. As far as anyone can tell, anyway, given the murky status of Twitter identities.
This week, it was revealed that he may have been tweeting to the feds, too. Singing like a bird, in fact. So much for honor among hackers.
Hector Xavier Monsegur, 28, who made New York's Lower East Side the base of his operations, was arrested last summer. Since then, reports say, he has been busy playing stool pigeon, passing information to the authorities that bore fruit this week with a series of arrests. Monsegur's assistance seems to have allowed the authorities to strike not only at LulzSec, but Anonymous and Anti-Sec, too. You can imagine how much trust and goodwill this will spread among the hacking community.
AntiSec/Anonymous has already retaliated, breaching subdomains of the Panda Security Website to post their own promotional videos along with email addresses and passwords for some Panda Security account holders. In a Pastebin post, they accused Panda of assisting law enforcement -- or "snitching." They also referred to the Monsegur situation:
Yeah yeah we know... Sabu snitched on us. As usually happens FBI menaced him to take his sons away. We undestand, but we were your family too... It's sad and we can't imagine how it feels having to look at the mirror each morning and see there the guy who shopped their friends to the police.
(Punctuation added.)
As far as we can tell, then, at least some hackers, probably involved in the Panda exploit, believe that Monsegur is an informant.
"The Real Sabu" continued to tweet anti-government, pro-hacking messages on his Twitter feed until Monday, when he closed with a message in German which may turn out to be his swan song: "Die Revolution sagt ich bin, ich war, ich werde sein." ("The revolution says I am, I was, I will be.") This paraphrases a comment published by the German socialist Rosa Luxemburg shortly before her arrest and death in police custody.
On Tuesday, court records were released showing Monsegur had pleaded guilty to hacking and financial fraud. Specifically, he had been involved in identifying vulnerabilities in third-party systems and either exploiting them himself or passing them to other hackers.
Is it possible, however, that Monsegur didn't flip his fellow hackers? Although it has been suggested that he denied being an informer in an Internet conversation with a Guardian journalist last year, the excerpts from that chat, published today, are actually quite ambiguous.
Assuming that Monsegur has been assisting the authorities, what are the implications for the loose underground federation that has claimed success in breaching a series of governmental, law enforcement, and enterprise Websites over the past year? The arrests, as the Panda Security exploit shows, are unlikely to bring down the curtain on Anonymous and LulzSec. Hackers, as Anonymous famously claims, "are legion."
The larger impact is likely to be on trust within the hacktivist networks. "The Real Sabu" was a high profile LulzSec member -- "one of the world's most-wanted hackers," as Reuters described him yesterday. Even in the shadowy corners of the "Darknet," hackers inevitably share some potentially identifying information. If a figure as central to operations as Monsegur cannot be trusted, who can?
The situation underlines the risks to individuals in working alongside anyone else in pursuit of hacking goals. The vulnerability at the heart of Anonymous-AntiSec-LulzSec turns out not to be technological, but very human.
Oh, you're right Mike. Most of the hacking of law enforcement sites amounts to no more than publicity stunts, not serious cybercrime. But embarrass people, and you make them hate you.
=" I think the FBI is just bound to go after hackers who keep embarrassing them by hacking their sites."
which represents what percentage of the total problem?
One of the reports I read indicated that HB\Gary was in the business of attempting to make root kits for the feds that would be undetectable. How do you feel about that ?
One of my co-workers liked to chide me about my concern for wire-tapping,-- on cell phones, e\mail, web activity and the like, saying "I'm not doing anything interesting or illegal so I don't care if they read all my e\mail"
I reminded him: "while you may not be doing anything interesting or illegal what about the guys doing the wire tapping?"'
While I sympathise with your "whack-a-mole" comment, Mike, I think the FBI is just bound to go after hackers who keep embarrassing them by hacking their sites.
Kurt: You are right: software has been exempt from product liability law for years.
Schneier notes in his essay that liability will be necessary to get secure software, also that that liability ought to be limited in a sensible way
My thought on that is this: If your computer holds a Commercial Certification and then fails a software inventory audit the O/S OEM is responsible to reformat your disk, re-install the O/S and authorized software and to re-certify the computer, i.e. re-apply the software audit and create the commercial certification.
the last step of the commercial certification is a maintenance lock down which remains in effect until regular scheduled maintenance is required. at that time the certification is revoked, the maintenance is applied and the software audit re-applied. This would result in a maintenance lock-down followed by a new commercial certification.
the thorny problem that remains is what to do with executable documents. if the customer moves an executable document to another area of the system or network and then that document is picked up with different privileges this can be trouble. this is an issue that will have to be addressed. one solution I think Google looked at for Chrome is to simply strip the executable code out of any document that is to be saved. Rough, but it might be necessary: making portable documents executable was a mistake to begin with.
the real answer lies in re-examinining what the code in an executable document is permitted to do. this won't be easy.
I think this is a a good topic for IEv as I think "whither the Internet" hinges on the outcome. There will be others who will attempt to remove all anonyminity in order to fix responsibility fpr all activity to the net. But we must consider the further implications of this as it relates to the public dialog. Valuable opinions often encounter violent opposition.
Hopefully some more of our IEv correspondents will chip in ont this topic.
Those are all valid points by some intelligent people. But they, just like you and I and every other user on the planet, all sign a end user license agrement that always states that the software is delivered as-is and is not gauranteed to work as advertised. And furthermore, the company granting the license holds no responsibility for any loss or damage that arises from use of the software. Even loss or damage from the use of the program as it was intended to function...
So, I assume those people are suggesting that licencing of software be fundamentally changed some how to make the license grantor responsible or liable for the damages incurred from using their software... To which I respond GOOD LLUCK.
Ha. People always tend to be brave when they're NOT in a tight situation. Much like those hackers who claim they do it for passion and not truly for vengeance of some sort. If you put them in a scared straight scenario, I'm pretty sure they'd straighten out really quick.
consider the catch: 25 hackers. and the cost : ? the time and resources used ?
put this in perspective: there have been reports that something arond 70,000,000 new malware samples were identified in 2011 and 2012 shows no signs of slowing up
chasing these 'bad guys' is the world's most futile game of 'whack a mole' : you can never win at that
and in the end chasing hackers is really treating the symptoms of a problem rather than getting at the real cause
Right now consumers support the cost of unreliable software, Schneier said, adding that software vendors won't take security seriously until it's cheaper to do it than not to do it.
Liabilities are everything, because they change the economic incentives, Schneier said. Vendors shouldn't support all costs if something goes wrong because of their software, but they shouldn't get away without paying anything either, he said.
"If you waste your time a-talkin' to the people who don't listen to the things that you are saying, who do you think's gonna hear?" -- Kris Kristofferson\To Beat the Devil
Reports today suggest Monsegur was an eager and diligent informant, working all night on chats which the Feds could follow. Doesn't say much for consistency of belief, does it? I mean, you could imagine him doing the minimum necessary to get a plea deal, but he seems to have been an...over-achiever.
Oh legion right uh huh sure you are. When you're facing the FBI in person and they are explaining you're looking at a 128 year term in the slammer then one becomes humanized pretty quickly and all the invincibility and loyalty goes right down the toilet. Keep your pants up boyz and get used to showering with your new "room mates" Good luck!
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Extending existing US wiretap laws to give federal agencies easier backdoor access to Internet communications -- especially real-time P2P services like VoIP -- will give, not only aid and comfort, but also technical assistance, to the country's enemies. Not to mention cyberthieves.
When David E. Sanger of The New York Times broke the news that the United States was responsible for the Stuxnet malware exploit against Iran's nuclear program, Senator John McCain accused the administration of deliberately leaking the story to enhance President Obama's national security record.
The Gamma Group's business of supplying surveillance technology exclusively for use by government agencies may be legitimate. But not when it poses as the popular, free, open-source web browser Firefox.
Yesterday's hack of the official Associated Press Twitter feed demonstrated the enormous risk attached to the platform's lazy, single factor approach to security.
The FBI recently issued a warning to smartphone users, highlighting two mobile malware applications: Loozfan, which steals personal information, and FinFisher, which is spyware that takes over a smartphone's functions.
It wouldn't be the first time, but a group of Chinese engineers has proposed a means by which the Internet's root could be split, enabling secondary, independent networks that could be government-controlled. The Internet's root security committee is taking such proposals seriously.
Recently, security software supplier Kaspersky identified Win32.Flame as malicious code that seems to have been developed, not by hackers, but by government agencies. Warring nations may set aside their bombs and wage their wars online.
The plan for unmanned police drones to patrol traffic and other city conditions in Seattle has sparked a new set of legal concerns about privacy. Law traditionally lags technology, but we can expect now to see a new round of activity in the courts as legal definitions begin to emerge on what "next-gen privacy" will look like.
US counterterrorism expert Richard Clarke, who came to prominence with his prescient warnings before the 9/11 attacks, tells Smithsonian Magazine the US was responsible for the Stuxnet supersmart worm that attacked parts of nuclear reactors in Iran – and in the process, has given away one of the world's most sophisticated cyberweapons.
Malware designed to infect Google Android smartphones has increased dramatically, and now the government is stepping in. The National Security Agency has developed SE Android, a system that tries to close up its security holes.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
Email This
