Was LulzSec bust part of a play against Julian Assange?

Last week's arrests of five LulzSec leaders was major news in the hacktivist world, but it looks like that takedown may have been just an intermediate step in pursuit of a more prominent fugitive: WikiLeaks founder and editor-in-chief Julian Assange.

The first shock to the loose affiliation of political hackers known as Anonymous, of which LulzSec is a spinoff, is that those arrested last week had been turned in by their leader, Hector Xavier Monsegur, 28, of New York, known by his alias "Sabu."

Monsegur reportedly had been cooperating with the FBI since last summer. He was arrested in June and pleaded guilty in August to a dozen criminal charges.

And, according to multiple sources, Monsegur also provided an FBI-owned computer to facilitate the release of five million emails taken by LulzSec from the Texas-based, global private intelligence firm Stratfor, which are now being published by WikiLeaks.

An internal email from Stratfor says that the U.S. Department of Justice has already obtained a sealed indictment against Assange.

In a March 7 blog post, D.J. Pangburn, staff editor at Death and Taxes, wrote that the FBI had confirmed that in December 2011, Chicago-based LulzSec hacker Jeremy Hammond (one of the five arrested), whose alias is "Anarchaos," messaged Monsegur about vulnerabilities in Stratfor's servers.

"The FBI then instructed Sabu to offer Hammond a server on which to store the Stratfor data. We know the rest of the story: Anonymous announces the Stratfor hack, and two weeks ago WikiLeaks began publishing the emails as the Global Intelligence Files," Pangburn wrote.

The significance of those emails is a matter of debate. Daniel W. Drezner, professor of international politics at Fletcher School of Law and Diplomacy at Tufts University, wrote in a Feb. 27 blog post that, "this kind of e-mail treasure trove should be a gold mine for research into how Stratfor does what it does -- provided one can separate the fake emails from the real thing & On the whole, however, this ain't that big of a deal."

Kevin McAleavey, founder and chief architect of the KNOS Project, agrees. "The 'spooks' all over our government not only have no use for Stratfor, but consider them to be a sad joke," he says. "I can see no real reason that there would be anything of national security need to protect them or their so-called 'assets.'"

Or, as one comment to the Drezner blog noted, "the biggest story here is the birth of the Anonymous-WikiLeaks alliance."

That has spurred debate about the presumed FBI's tactics and whether the agency was involved in entrapment by allowing the relatively harmless Stratfor emails to be given to WikiLeaks, to build a case against Assange.

In an interview with the TV/radio station Democracy Now!, Michael Ratner, president emeritus of the Center for Constitutional Rights, objected to a secret grand jury and the reported sealed indictment against Assange. Ratner calls Stratfor a "shadow CIA," and says the secrecy surrounding the pursuit of Assange is, "all for the purpose of keeping secret crimes that the United States has committed in Afghanistan and Iraq."

Ratner also notes that Assange is Australian and not a U.S. citizen, and argues that he owes no allegiance to keep classified U.S. information confidential. "What duty does Julian Assange owe the United States vis-a-vis the Espionage Act?" he asks.

Whatever happens with Assange, the events of the past weeks have reinforced the perception of many in the infosec community that Anonymous is a small collection of genius surrounded by a "legion of idiots."

McAleavey says suspicion should have been raised by the fact that the Stratfor emails went to WikiLeaks at all.

"Normally, these releases went straight to the internet, to the likes of "pastebin" or "piratebay" so this handover to WikiLeaks certainly generates suspicion as to whether the FBI might have directed this release," he says.

Beyond that, Patrick Gray, in a March 7 post on Risky.biz, observed that nobody should have trusted Sabu after he disappeared from Twitter for about a month last August.

"You would think anyone with half a brain would keep their distance from a high-profile target who was rumored to be arrested, disappeared for a month, then reappeared. But no. Everyone stayed tight. That's how the attackers allegedly behind the HBGary Federal attack, Stratfor's mail leak, the law-enforcement con call wiretap and attacks against Sony Entertainment have all wound up in the clink," he wrote.

Finally, there are indications that Monsegur himself may need security protection -- the physical kind. More than one comment on recent blog posts list Monsegur's detailed personal information -- his address, phone number, names of siblings, the model and description of the car he drives along with the threat, "WE KNOW WHO YOU ARE SNITCH. EXPECT US."

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

More about Department of JusticeFBISony

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts