CIRCO DA NOTíCIA >
Hacker, Informant and Party Boy of the Projects
In his Lower East Side apartment, the nights were racket-filled and without end. Neighbors lived with the pounding music and the sound of a pit bull being chased around the living room. The revelry sent scores of calls to the city’s complaint line.
In that same apartment he hatched the online plots, the ones intended to cripple the governments of Algeria and Zimbabwe, to shame some of the biggest brand-name companies in the world.
On the Internet he was Sabu, a notorious celebrity who led a scattered tribe of politically motivated “hacktivists,” revered as the sly mastermind of brash computer attacks. Then, when he was caught, he slipped into the role of federal informant.
But always he was Hector Xavier Monsegur, party boy of the projects.
The multiple worlds of Sabu converged on Tuesday when court papers revealed his real identity.
As an informant, he helped bring down a batch of prominent fellow hackers in Europe and the United States. They were indicted on a charge of computer crimes that the authorities said affected one million victims, along with major companies and government agencies.
Hackers, concealed behind fanciful aliases on the Internet, often appropriate larger-than-life dimensions. In reality, other than in physical proportions, Sabu seemed considerably smaller than life. A defensive-lineman-size man known as Booby, he was raising the two young children of his imprisoned aunt in a public housing project. Court documents showed that Mr. Monsegur, 28, paid bills with stolen credit cards and dabbled in drug sales.
In one neighborly gesture, he offered to use his hacking skills to sweeten other tenants’ credit ratings.
On Twitter, both before and after he was helping the authorities catch his compatriots, he was prone to grand declarations: “Give us liberty or give us death — and there’s billions of us around the world. You can’t stop us. Because without us you won’t exist.”
In the days before his unmasking, he was strangely haunted by the subject of turncoats. “So you’re telling me if you get locked up, and your nosy neighbor who dropped the dime on you runs free — you would simply ignore?” he posted Monday.
Mr. Monsegur’s whereabouts are unknown, and his lawyers declined to comment. His background remains gauzy, but court records and interviews with relatives and neighbors offer an outline.
He was born in 1983. His father, also named Hector Monsegur, was arrested in 1997 along with his sister, Iris, for selling heroin. Both went to prison for seven years.
While his father was locked up, Mr. Monsegur apparently moved in with his grandmother, Irma, who lived in a sixth-floor apartment in the Jacob Riis Houses, a Lower East Side housing project.
School officials said Mr. Monsegur attended Washington Irving High School, but left in 2001 without finishing ninth grade. In the transcript of his guilty plea, Mr. Monsegur said that he went to college, though it is unclear if he actually did.
After his release from prison in early 2003, Mr. Monsegur’s father found work with a sanitation company. The aunt, Iris, ran a credit repair company from her Staten Island home. Her involvement with drugs, however, continued. She was arrested again and returned to prison in 2010. By that point she had had two girls. They were entrusted to the care of the younger Mr. Monsegur, and he gained legal custody of them.
Even after his aunt left prison last August, her children remained with Mr. Monsegur.
He worked sporadically, including for a few months at OpenPlans, a nonprofit group that tries to improve government through technology. His profile on the networking site LinkedIn, which listed him as a senior systems administrator there, disappeared on Thursday. A former co-worker described him as friendly and competent.
But authorities said he had been unemployed in recent years.
Mr. Monsegur was active in computer and hacking circles as far back as the late 1990s, and started a group for local programmers in 2002. “My name is Xavier,” he announced, inviting others to join and “integrate their knowledge into one big mass of hairy information.”
He soon came to embrace strong antigovernment and anticapitalist ideologies that steered him into the hacking world.
In what was identified as a question-and-answer interview with Sabu published in New Scientist magazine last year, he said that he became a hacktivist when he was 16. He said he became disturbed that the Navy was using Vieques Island in Puerto Rico as a bombing range for exercises, and that he helped disrupt communications. In 2010, he said in the interview, he was drawn to Anonymous, a leaderless, antiauthoritarian movement that has taken up a variety of political causes. The catalyst, he said, was his outrage over the arrest of Julian Assange, founder of WikiLeaks, the whistle-blower site.
In particular, he became a leader of a splinter group, Lulz Security, or LulzSec, which claimed to attack computer security companies for laughs, or lulz, rather than for financial gain.
Describing himself, he said in the interview, “I’m not some cape-wearing hero, nor am I some supervillain trying to bring down the good guys. I’m just doing what I know how to do, and that is counter abuse.” For his online handle he chose Sabu, adopted from a former professional wrestler.
In 2010 and 2011, according to court documents, Mr. Monsegur participated in a relentless string of online attacks against companies and governments. Targets included Visa, MasterCard, PayPal and Sony. He also played a role in attacks on computers belonging to the governments of Tunisia, Yemen, Algeria and Zimbabwe, as well as those of the United States Senate.
Though he was self-taught, Mr. Monsegur was probably among the most skilled technologists in the bunch. As the “rooter,” federal authorities say, he was in charge of identifying vulnerabilities of LulzSec targets and creating the attack strategy.
Copies of LulzSec chat logs posted online show that he was sometimes wary of getting caught. In one discussion, he is irate at his fellow hackers for revealing the name of a site used in an attack, because it could expose his computer’s location. Another participant is deferential: “Mm, okay, ill not say anything further without conferring with you.”
In another chat, Sabu is told about a hacker who spots weaknesses of target organizations. He issues an order: “Can you bring them to this network for private chats with me? I want some realtime coordination.”
On Twitter he posted about a variety of political causes: repression in Syria, the American colonization of Puerto Rico, legislation that would restrict the Internet.
Mr. Monsegur’s value as an informant is on display in an online chat with Jeremy Hammond, a Chicago man accused of attacking a company called Stratfor last December, as excerpted in court papers. Mr. Hammond gleefully describes his attack to Mr. Monsegur, who praises him. Then Mr. Monsegur extracts a valuable piece of information. He calls him by one of his other nicknames, Anarchaos, and Mr. Hammond responds — linking the two aliases.
“If I get raided anarchaos your job is to cause havok in my honor,” Mr. Monsegur says.
“It shall be so,” Mr. Hammond replies.
Neighbors and relatives said that offline, Mr. Monsegur became more disruptive after his grandmother died a couple of years ago. “That messed him up,” a family member said.
Most residents of the complex who knew him would speak only on condition of anonymity, out of fear of retribution from him and his friends. These neighbors said that besides the children, he seemed to live with a number of others.
Some found him an irksome presence. “He partied all night,” one neighbor said. “I always made complaints to the police. Nothing was done.”
One neighbor complained twice to Community Board 3 about the chronic noise, as recently as last week. She said it would persist from 7 p.m. to 4 a.m., seven days a week.
Several neighbors said that they smelled marijuana wafting from the parties. One neighbor said that when she left in the morning the hubbub persisted. “The music gives me headaches,” she said. Among his visitors, neighbors said, were a half-sister and several brothers, one of whom brought along a white pit bull named China.
There were those who found Mr. Monsegur gracious. One man who lived in the complex told of losing his wallet a year ago while stepping out of a cab. Mr. Monsegur happened to find it, tracked down the man and returned it.
Neighbors said Mr. Monsegur told them he spent the bulk of his days huddled in front of his computer. “He would brag how he changed bad credit to good credit on his computer,” one neighbor said. She said she had heard another tenant talk about how Mr. Monsegur helped him upgrade his credit.
They were in disbelief that he could be the man authorities unmasked.
In pleading guilty, Mr. Monsegur admitted that he applied his hacking skills not simply for laughs or noble causes but for money. In court documents, he said that he had hacked into an auto parts company and had it ship him four automobile motors worth $3,456.
According to sources briefed on the investigation, the Federal Bureau of Investigation learned in February of last year that Sabu was Mr. Monsegur. He had made elementary mistakes, like logging into an online chat room without using anonymity software and revealing the name of a Web site he controlled in a chat room.
Last summer, authorities arrested Mr. Monsegur. Two F.B.I. agents visited him in his apartment and employed the classic Good Cop-Bad Cop method to pressure him into cooperating, according to a person briefed on the matter.
In August, he pleaded guilty to a dozen criminal counts, most involving conspiracy to hack computers, and entered into a cooperation agreement. The agreement also detailed an array of crimes that prosecutors did not charge him with, including hacking into an online casino, using and trying to sell marijuana and buying $15,000 worth of merchandise with a former employer’s credit card.
He was freed on bail and began functioning as an informant, continuing to speak on Twitter and elsewhere as Sabu.
According to the cooperation agreement, authorities said that if Mr. Monsegur felt endangered they would take steps to protect him, including trying to get him and “his family and certain loved ones” into the witness protection program.
His crimes carry a maximum sentence of 122 years, though his cooperation agreement said that if he provided “substantial assistance” to the government, prosecutors would recommend leniency.
Reporting was contributed by William Rashbaum, Nicole Perlroth, Tim Stelloh, Alex Vadukul, Toby Lyles and Jenny Anderson.
This article has been revised to reflect the following correction:
Correction: March 10, 2012
An article on Friday about Hector Xavier Monsegur, a computer hacker and informant who led law enforcement agents to several prominent fellow hackers, misstated the given name of one of those he exposed. He is Jeremy Hammond, not Darrell.