Welcome!

Blog Feed Post

What the LulzSec Bust Says About Cyber Criminal Investigations

In a recent high-profile bust, the FBI arrested five alleged leaders of the collective Anonymous and related hacking group LulzSec. Understandably, the majority of law enforcement, white hats, and journalists rejoiced at the FBI’s newfound cyber prowess. After months of embarrassment through denial of service attacks, major data leaks, and website defacements, it looked as though law enforcement and the federal government had finally won against the rising menace of cybercrime, alleged by FBI Director Robert Mueller to soon surpass terrorism as a national security concern. They had bested Sabu, the leader of LulzSec, so thoroughly that he joined their side and helped bring down the most dangerous men in cyberspace. Headlines declared that lawmen had finally brought order to the Wild Wild Web. Yet while I applaud what the FBI achieved  an adept operation, LulzSec wasn’t taken down by digital whiz kids, and certainly not by cybersecurity practitioners employed by the Bureau, but by old fashioned investigations and human intelligence.

The key to the entire bust was Hector Xavier Monsegur, better known under the hacking alias Sabu. Outside of data dump repository and hacker hangout Pasebin, Sabu first briefly entered the spotlight when he was arrested as the alleged leader of LulzSec in July. The cybersecurity crowd reacted with highly cautious excitement. Many did not believe that the FBI had managed to apprehend the real leader, LulzSec denied the news, and Anonymous gave their standard “we are legion” and “you can’t arrest an idea” responses to setbacks. Then, suddenly, there was nothing from either camp until Sabu reemerged several months later. Given the severity of the charges against him, this seemed to confirm that the FBI had been mistaken or exaggerated his importance.

In reality, Sabu actually was the major hacker that the FBI alleged. While LulzSec’s attacks were often basic, such as SQL injections and distributed denial of service and opponents have accused Anonymous of being “script kiddies” running premade attacks, Sabu’s skills were respected worldwide. He was recognized as the elite hacker of the group and had been hacking since 1999. This level of “street cred” proved invaluable for the FBI after he turned informant.

Sabu’s initial arrest, by a pair of FBI agents with bullet proof vests instead of laptops, had more to do with old fashioned sleuthing than hacking. Sabu was famous, but  also famously obnoxious. That, combined with the illegality and questionable morality of many of LilzSec’s attacks, earned him numerous enemies in the hacking community. Hackers like The Jester would post possible leads online, complete with evidence for the FBI to examine. While generating this information took some forensics skill, all the FBI had to do was develop sources like in any intelligence operation or investigation. If anything, collecting evidence against Monsegur was even simpler as it didn’t take a forensics lab to make sense of the clues, which were posted for everyone to see. Once the FBI had a lead, it was just a question of manpower and diligence. Monsegur eventually slipped and logged into a chat room without obscuring his IP address, allowing the FBI to find him.

The rest of the operation proved even more conventional. The FBI turned Monsegur into an informant not with computers but with simple leverage. A laundry list of charges meant that Monsegur could be imprisoned for over a century, and he was the guardian of two young children whom he gained custody over while their mother, his aunt, was in prison. If he went away, there would be nobody to raise them. After some good cop, bad cop, Monsegur began cooperating within the first 24 hours.

Monsegur was describes an ideal informant, working consistent 8-16 hour days for the FBI, gathering incriminating information from the hackers who looked up to him in chat rooms. He would even investigate attacks to tip law enforcement off before they took place to prevent or minimize the damage, and once used his influence to call off an embarrassing attack on the CIA. So that nobody knew who he was working for, he would give misleading online interviews to journalists while monitored by the FBI or, in some cases, the FBI would give the interviews in his name.

In the aftermath, the government gained what looked like a stunning victory over an elusive foe and a boost to its cyber credentials when in reality, the operation that beheaded LulzSec had more in common with turning Sammy the Bull against the Gotti family than a duel in cyberspace. The FBI still can’t compete with hackers at what they do best. The feds remain grossly outnumbered and, despite marked improvements in this area, lacking in talent. The FBI struggles to recruit truly skilled hackers, even white hats, because they don’t match the squeaky-clean applicant profile, have little love for law enforcement, and would be more valued in the private sector or black market. Still, that doesn’t mean that law enforcement can’t win. As we saw when Anonymous considered challenging the cartels, cyber eventually gets real, and nobody actually lives in cyberspace. The FBI’s LulzSec busts are an example of how it can successfully target hackers doing what it does best, proving the effectiveness of human intelligence operations even against cybercrime.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder and partner at Cognitio Corp and publsher of CTOvision.com

Latest Stories
Amazon is pursuing new markets and disrupting industries at an incredible pace. Almost every industry seems to be in its crosshairs. Companies and industries that once thought they were safe are now worried about being “Amazoned.”. The new watch word should be “Be afraid. Be very afraid.” In his session 21st Cloud Expo, Chris Kocher, a co-founder of Grey Heron, will address questions such as: What new areas is Amazon disrupting? How are they doing this? Where are they likely to go? What are th...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
SYS-CON Events announced today that Dasher Technologies will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Dasher Technologies, Inc. ® is a premier IT solution provider that delivers expert technical resources along with trusted account executives to architect and deliver complete IT solutions and services to help our clients execute their goals, plans and objectives. Since 1999, we'v...
Though cloud is the future of enterprise computing, a smooth transition of legacy applications and systems is critical for seamless business operations. IT professionals are eager to start leveraging the cost, scale and other benefits of cloud, but with massive investments already in place in existing infrastructure and a number of compliance and resource hurdles, it can be challenging to move to a cloud-based infrastructure.
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp emp...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, will provide a fun and simple way to introduce Machine Leaning to anyone and everyone. Together we will solve a machine learning problem and find an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intellige...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
SYS-CON Events announced today that TidalScale, a leading provider of systems and services, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale has been involved in shaping the computing landscape. They've designed, developed and deployed some of the most important and successful systems and services in the history of the computing industry - internet, Ethernet, operating s...
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. They are the industry leader in DNS, DHCP, and IP address management, the category known as DDI. We empower thousands of organizations to control and secure their networks from the core-enabling them to increase efficiency and visibility, improve customer service, and meet compliance requirements.
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Services at NetApp, will describe how NetApp designed a three-year program of work to migrate 25PB of a major telco's enterprise data to a new STaaS platform, and then secured a long-term contract to manage and operate the platform. This significant program blended the best of NetApp’s solutions and services capabilities to enable this telco’s successful adoption of private cloud storage and launchi...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
Data scientists must access high-performance computing resources across a wide-area network. To achieve cloud-based HPC visualization, researchers must transfer datasets and visualization results efficiently. HPC clusters now compute GPU-accelerated visualization in the cloud cluster. To efficiently display results remotely, a high-performance, low-latency protocol transfers the display from the cluster to a remote desktop. Further, tools to easily mount remote datasets and efficiently transfer...
Cloud Expo, Inc. has announced today that Andi Mann and Aruna Ravichandran have been named Co-Chairs of @DevOpsSummit at Cloud Expo Silicon Valley which will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. "DevOps is at the intersection of technology and business-optimizing tools, organizations and processes to bring measurable improvements in productivity and profitability," said Aruna Ravichandran, vice president, DevOps product and solutions marketing...
Join IBM November 1 at 21st Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Cognitive analysis impacts today’s systems with unparalleled ability that were previously available only to manned, back-end operations. Thanks to cloud processing, IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Imagine a robot vacuum that becomes your personal assistant tha...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...