Welcome!

Blog Feed Post

What the LulzSec Bust Says About Cyber Criminal Investigations

In a recent high-profile bust, the FBI arrested five alleged leaders of the collective Anonymous and related hacking group LulzSec. Understandably, the majority of law enforcement, white hats, and journalists rejoiced at the FBI’s newfound cyber prowess. After months of embarrassment through denial of service attacks, major data leaks, and website defacements, it looked as though law enforcement and the federal government had finally won against the rising menace of cybercrime, alleged by FBI Director Robert Mueller to soon surpass terrorism as a national security concern. They had bested Sabu, the leader of LulzSec, so thoroughly that he joined their side and helped bring down the most dangerous men in cyberspace. Headlines declared that lawmen had finally brought order to the Wild Wild Web. Yet while I applaud what the FBI achieved  an adept operation, LulzSec wasn’t taken down by digital whiz kids, and certainly not by cybersecurity practitioners employed by the Bureau, but by old fashioned investigations and human intelligence.

The key to the entire bust was Hector Xavier Monsegur, better known under the hacking alias Sabu. Outside of data dump repository and hacker hangout Pasebin, Sabu first briefly entered the spotlight when he was arrested as the alleged leader of LulzSec in July. The cybersecurity crowd reacted with highly cautious excitement. Many did not believe that the FBI had managed to apprehend the real leader, LulzSec denied the news, and Anonymous gave their standard “we are legion” and “you can’t arrest an idea” responses to setbacks. Then, suddenly, there was nothing from either camp until Sabu reemerged several months later. Given the severity of the charges against him, this seemed to confirm that the FBI had been mistaken or exaggerated his importance.

In reality, Sabu actually was the major hacker that the FBI alleged. While LulzSec’s attacks were often basic, such as SQL injections and distributed denial of service and opponents have accused Anonymous of being “script kiddies” running premade attacks, Sabu’s skills were respected worldwide. He was recognized as the elite hacker of the group and had been hacking since 1999. This level of “street cred” proved invaluable for the FBI after he turned informant.

Sabu’s initial arrest, by a pair of FBI agents with bullet proof vests instead of laptops, had more to do with old fashioned sleuthing than hacking. Sabu was famous, but  also famously obnoxious. That, combined with the illegality and questionable morality of many of LilzSec’s attacks, earned him numerous enemies in the hacking community. Hackers like The Jester would post possible leads online, complete with evidence for the FBI to examine. While generating this information took some forensics skill, all the FBI had to do was develop sources like in any intelligence operation or investigation. If anything, collecting evidence against Monsegur was even simpler as it didn’t take a forensics lab to make sense of the clues, which were posted for everyone to see. Once the FBI had a lead, it was just a question of manpower and diligence. Monsegur eventually slipped and logged into a chat room without obscuring his IP address, allowing the FBI to find him.

The rest of the operation proved even more conventional. The FBI turned Monsegur into an informant not with computers but with simple leverage. A laundry list of charges meant that Monsegur could be imprisoned for over a century, and he was the guardian of two young children whom he gained custody over while their mother, his aunt, was in prison. If he went away, there would be nobody to raise them. After some good cop, bad cop, Monsegur began cooperating within the first 24 hours.

Monsegur was describes an ideal informant, working consistent 8-16 hour days for the FBI, gathering incriminating information from the hackers who looked up to him in chat rooms. He would even investigate attacks to tip law enforcement off before they took place to prevent or minimize the damage, and once used his influence to call off an embarrassing attack on the CIA. So that nobody knew who he was working for, he would give misleading online interviews to journalists while monitored by the FBI or, in some cases, the FBI would give the interviews in his name.

In the aftermath, the government gained what looked like a stunning victory over an elusive foe and a boost to its cyber credentials when in reality, the operation that beheaded LulzSec had more in common with turning Sammy the Bull against the Gotti family than a duel in cyberspace. The FBI still can’t compete with hackers at what they do best. The feds remain grossly outnumbered and, despite marked improvements in this area, lacking in talent. The FBI struggles to recruit truly skilled hackers, even white hats, because they don’t match the squeaky-clean applicant profile, have little love for law enforcement, and would be more valued in the private sector or black market. Still, that doesn’t mean that law enforcement can’t win. As we saw when Anonymous considered challenging the cartels, cyber eventually gets real, and nobody actually lives in cyberspace. The FBI’s LulzSec busts are an example of how it can successfully target hackers doing what it does best, proving the effectiveness of human intelligence operations even against cybercrime.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder and partner at Cognitio Corp and publsher of CTOvision.com

Latest Stories
Everyone wants to use containers, but monitoring containers is hard. New ephemeral architecture introduces new challenges in how monitoring tools need to monitor and visualize containers, so your team can make sense of everything. In his session at @DevOpsSummit, David Gildeh, co-founder and CEO of Outlyer, will go through the challenges and show there is light at the end of the tunnel if you use the right tools and understand what you need to be monitoring to successfully use containers in your...
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
SYS-CON Events announced today that Hitachi, the leading provider the Internet of Things and Digital Transformation, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Hitachi Data Systems, a wholly owned subsidiary of Hitachi, Ltd., offers an integrated portfolio of services and solutions that enable digital transformation through enhanced data management, governance, mobility and analytics. We help globa...
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
NHK, Japan Broadcasting, will feature the upcoming @ThingsExpo Silicon Valley in a special 'Internet of Things' and smart technology documentary that will be filmed on the expo floor between November 3 to 5, 2015, in Santa Clara. NHK is the sole public TV network in Japan equivalent to the BBC in the UK and the largest in Asia with many award-winning science and technology programs. Japanese TV is producing a documentary about IoT and Smart technology and will be covering @ThingsExpo Silicon Val...
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor – all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
Building a cross-cloud operational model can be a daunting task. Per-cloud silos are not the answer, but neither is a fully generic abstraction plane that strips out capabilities unique to a particular provider. In his session at 20th Cloud Expo, Chris Wolf, VP & Chief Technology Officer, Global Field & Industry at VMware, will discuss how successful organizations approach cloud operations and management, with insights into where operations should be centralized and when it’s best to decentraliz...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
“DevOps is really about the business. The business is under pressure today, competitively in the marketplace to respond to the expectations of the customer. The business is driving IT and the problem is that IT isn't responding fast enough," explained Mark Levy, Senior Product Marketing Manager at Serena Software, in this SYS-CON.tv interview at DevOps Summit, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
@DevOpsSummit at Cloud taking place June 6-8, 2017, at Javits Center, New York City, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long developm...
Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the USA and Europe, we work with a variety of customers from emerging startups to Fortune 1000 companies.
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Analytic. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.