Did the FBI cleverly direct hackers to break into the servers of foreign governments? And did it do so without the hackers being aware of who was really directing their actions? We can’t give a definitive ‘yes’ for legal reasons, but anybody in possession of the facts couldn’t help but reach that conclusion.
An intriguing story broke the other day that reveals just how murky the depths of hacking can be while shedding some light on the shadowy world of international spying in the internet age.
You’ve probably heard of LulzSec the infamous hacktivist group. One of its founders was a certain Hector Xavier Monsegnur, known in hacking circles as Sabu and a driving force behind high profile attacks on companies like Mastercard and PayPal.
I spy for the FBI
In 2011, Sabu became an FBI informant following his arrest for hacking activities. He helped nail five other expert hackers that the FBI was chasing.
Until these arrests, Sabu maintained his hacking profile as a cover for his FBI activities. In one of his last tweets before he was exposed as an FBI informant he said: “The feds at this moment are scouring our lives without warrants. Without judges approval. This needs to change. Asap.”
Target Syria, Iran and Pakistan
However, when he tweeted this, perhaps he had something else on his mind other than maintaining a cover. According to heavily redacted court documents Sabu was at this time directing other hackers to attack websites and computers belonging to Iranian, Syrian, Turkish, Brazilian and Pakistani governments, among others.
These attacks that he coordinated only took place after he became an FBI informant. Apparently the FBI agents were aware of his activities. It’s further claimed that the information lifted from these websites and computers was later passed onto other US intelligence agencies.
Tense and heated
While the FBI has naturally refused to comment there are so many fingers pointing in its direction, not to mention tensely heated political conditions between the US and many of the targeted countries, that it’s less of a smoking gun and more of a bubbling volcano.
The court documents claim that at least one hacker was directed by Sabu to extract huge amounts of information, including bank records and login information, from the government servers of these countries and upload it to a server monitored by the FBI. Other targeted government sites included the Polish Embassy in Britain and Iraq’s Ministry of Electricity.
The actual court documents were lodged by lawyers representing Jeremy Hammond one of the hackers directed by Sabu. Sabu provided Hammond with a list of foreign government server targets which included 2,000 Internet domain targets.
Doing dirty work – then 10 years in clink
Hammond is currently sitting out a ten year prison sentence for sabotaging the servers of Stratfor Global Intelligence, a private intelligence outfit based in Texas. After the Stratfor hack and before Hammond was nailed for it, he began working for Sabu targeting foreign government servers.
Sabu had already been turned by the FBI at this time and a recent statement made by Hammond from prison indicated the scale of the attacks: “After Stratfor, it was pretty much out of control in terms of targets we had access to.”
Of course, at the time Sabu’s cover as an FBI informant had not been blown so Hammond could not have known he might have been actually hacking on behalf of the FBI.
A nice job, a sweet promotion for someone – probably
We say ‘might’ because there is no direct evidence suggesting the FBI actually directed attacks against foreign government servers. However, given the overwhelming circumstantial evidence and Edward Snowden’s revelations about the sweeping scope of NSA hacking you’d have to be a bit brain dead or comatose to not see the connection.
Bringing it down to a personal level, it’s also not too difficult to imagine some law enforcement officers rubbing their hands in glee; Sabu is turned, Hammond a notorious hacker unwittingly provides vital information for the intelligence services and then gets 10 years for an earlier hack. Promotion anyone?