Last week's arrests of five LulzSec leaders was major news in the hacktivist world, but it looks like that takedown may have been just an intermediate step in pursuit of a more prominent fugitive: WikiLeaks founder and editor-in-chief Julian Assange.
The first shock to the loose affiliation of political hackers known as Anonymous, of which LulzSec is a spinoff, is that those arrested last week had been turned in by their leader, Hector Xavier Monsegur, 28, of New York, known by his alias "Sabu."
Monsegur reportedly had been cooperating with the FBI since last summer. He was arrested in June and pleaded guilty in August to a dozen criminal charges.
And, according to multiple sources, Monsegur also provided an FBI-owned computer to facilitate the release of five million emails taken by LulzSec from the Texas-based, global private intelligence firm Stratfor, which are now being published by WikiLeaks.
An internal email from Stratfor says that the U.S. Department of Justice has already obtained a sealed indictment against Assange.
In a March 7 blog post, D.J. Pangburn, staff editor at Death and Taxes, wrote that the FBI had confirmed that in December 2011, Chicago-based LulzSec hacker Jeremy Hammond (one of the five arrested), whose alias is "Anarchaos," messaged Monsegur about vulnerabilities in Stratfor's servers.
"The FBI then instructed Sabu to offer Hammond a server on which to store the Stratfor data. We know the rest of the story: Anonymous announces the Stratfor hack, and two weeks ago WikiLeaks began publishing the emails as the Global Intelligence Files," Pangburn wrote.
The significance of those emails is a matter of debate. Daniel W. Drezner, professor of international politics at Fletcher School of Law and Diplomacy at Tufts University, wrote in a Feb. 27 blog post that, "this kind of e-mail treasure trove should be a gold mine for research into how Stratfor does what it does -- provided one can separate the fake emails from the real thing & On the whole, however, this ain't that big of a deal."
Kevin McAleavey, founder and chief architect of the KNOS Project, agrees. "The 'spooks' all over our government not only have no use for Stratfor, but consider them to be a sad joke," he says. "I can see no real reason that there would be anything of national security need to protect them or their so-called 'assets.'"
Or, as one comment to the Drezner blog noted, "the biggest story here is the birth of the Anonymous-WikiLeaks alliance."
That has spurred debate about the presumed FBI's tactics and whether the agency was involved in entrapment by allowing the relatively harmless Stratfor emails to be given to WikiLeaks, to build a case against Assange.
In an interview with the TV/radio station Democracy Now!, Michael Ratner, president emeritus of the Center for Constitutional Rights, objected to a secret grand jury and the reported sealed indictment against Assange. Ratner calls Stratfor a "shadow CIA," and says the secrecy surrounding the pursuit of Assange is, "all for the purpose of keeping secret crimes that the United States has committed in Afghanistan and Iraq."
Ratner also notes that Assange is Australian and not a U.S. citizen, and argues that he owes no allegiance to keep classified U.S. information confidential. "What duty does Julian Assange owe the United States vis-a-vis the Espionage Act?" he asks.
Whatever happens with Assange, the events of the past weeks have reinforced the perception of many in the infosec community that Anonymous is a small collection of genius surrounded by a "legion of idiots."
McAleavey says suspicion should have been raised by the fact that the Stratfor emails went to WikiLeaks at all.
"Normally, these releases went straight to the internet, to the likes of "pastebin" or "piratebay" so this handover to WikiLeaks certainly generates suspicion as to whether the FBI might have directed this release," he says.
Beyond that, Patrick Gray, in a March 7 post on Risky.biz, observed that nobody should have trusted Sabu after he disappeared from Twitter for about a month last August.
"You would think anyone with half a brain would keep their distance from a high-profile target who was rumored to be arrested, disappeared for a month, then reappeared. But no. Everyone stayed tight. That's how the attackers allegedly behind the HBGary Federal attack, Stratfor's mail leak, the law-enforcement con call wiretap and attacks against Sony Entertainment have all wound up in the clink," he wrote.
Finally, there are indications that Monsegur himself may need security protection -- the physical kind. More than one comment on recent blog posts list Monsegur's detailed personal information -- his address, phone number, names of siblings, the model and description of the car he drives along with the threat, "WE KNOW WHO YOU ARE SNITCH. EXPECT US."
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.