HACK THE PLANET, PART II
The week of August 9, 2015
sabu-most-hated

The blacklisting of Hector ‘Sabu’ Monsegur

By Kevin Collier

“Just bought my first suit,” Hector Monsegur grins, holding up a garment bag. He’s over six feet tall, heavy and wide like a just-retired pro football player. On this mid-June afternoon in New York City’s Financial District, he’s wearing an oversized T-shirt with jeans, sneakers, and a thin gold chain around his neck, a new black baseball cap shielding his thin-rimmed rectangular glasses and dark eyes.

Even when Monsegur smiles, he’s still clearly on guard. His reputation precedes him. Better known online by his alias Sabu, he’s the most controversial hacker of his generation—a contradictory character who served both as the brash voice of Anonymous’s triumphs and the federal informant who helped secure the hacking group’s downfall.

At this Burger Burger joint, we’re caught between two poles of Monsegur’s past: Less than three miles away sit the still-dilapidated Lower East Side projects where he grew up and helped organize hacks that devastated corporate and government systems around the world. A mile north stands the FBI office where he was taken after finally being caught in June 2011. The FBI threatened to take away his two young cousins, the girls he’d raised as daughters; for Monsegur, the choice was no choice at all.

For eight long months under the banner of LulzSec, Monsegur played his part—an even bigger, mouthier version of himself, an exaggerated Sabu, still coordinating attacks and giving advice—while the feds slowly built cases against eight other hacktivists, most notably Jeremy Hammond. After the arrests began, Monsegur was quickly outed as an informant. He was denounced as a traitor and a snitch, received death threats, and had his personal information, along with that of his two nieces, spread across the Internet.

For another two years, Monsegur collaborated with authorities, helping law enforcement understand the hacker underworld and its players. In May 2014, at his sentencing hearing in the U.S. District Court’s Southern District of New York, the government’s attorney said, “Mr. Monsegur has been cooperating with law enforcement for approximately three years,” with “substantial historical cooperation as well as substantial proactive cooperation.” The FBI estimated he’d helped avert more than 300 intrusions—including one that could have compromised the water supply of an major, unnamed United States city, and the “takeover of a supply and distribution channel of a foreign energy company”—and saved “many millions, if not billions of dollars.”

Monsegor was a model collaborator, his defense attorney testified: his assistance “was significant. It was truthful. It was extensive. And it was done at great risk of retaliation and danger to him and his family.” The judge agreed. “So, to me,” she concluded, “that personal characteristic of turning on a dime and doing good and not evil is the most important factor in this sentencing.”

He was sentenced to time served—the seven months he’d spent in prison the year before, during which he helped teach computer skills to other prisoners—plus potential restitution for his crimes. He’s only recently been allowed to return to the Internet without supervision.

“It’s so fucking weird to come back,” he says, lighting a cigarette. “My concern those first couple days after I came back on Twitter was, ‘Are they gonna raid me again? Are they gonna come arrest me again? Am I supposed to do this?’ It’s a fucked-up thing they put in your head. It seems like anything is against the law. It feels like this conversation is against the law.”

He’s still wary, both online and IRL. He agreed to speak to me but had to be cajoled into meeting in person; he refused to let me into his family’s house, where his young cousins live. He had mentioned being on food stamps, and he seemed pretty down about not finding work.

For most of his life, Monsegur’s been a hacker outcast—and taken pride in that persona, remaking himself as a fighter for the downtrodden, a spokesperson for the ideal of Anonymous as a leaderless collective action. Now, cut off from that life but freed from government supervision, he has to remake his identity. But he can’t escape his past or the roles he’s been assigned: traitor, villain, snitch.

“I’ve been gagged,” he says in the long spaces between bites of his burger. A native New Yorker, he speaks quickly and with an accent: “Legally, by the United States of America Department of Justice. For those four years.”

But today, he has his suit and his grin. He has his voice back; he has opportunities. And he wants to tell his side of the story.

‘How the Other Half Lives’

Before you pass judgment on Monsegur, it’s important to at least consider where he came from.

Born in 1983, he grew up along Avenue D, in one of the 19 buildings that comprise the Jacob Riis Houses. This housing development is named after one of the most effective activist-journalists in history. Riis, born in Denmark in 1849, was horrified by the squalid conditions of much of lower Manhattan and set about documenting its poverty in his 1890 book, How the Other Half Lives. When the New York City Housing Authority completed the towers in 1949, the city dedicated them to Riis in an attempt to honor his desire to dignify the city’s less fortunate. The development became a den of crime and cyclical poverty by the 1970s.

“I was born into a drug gang called Champions,” Monsegur says. “That lifestyle wasn’t this lifestyle. It wasn’t Twitter, it wasn’t Anonymous, it wasn’t even hacking. It was murder, kidnappings, and control of that scene.”

Monsegur’s mother left when he was young, he says. “It is what it is,” he shrugs. That made his paternal family—Monsegur’s father, Hector Senior; his aunt, Iris; and his grandmother, Irma—that much closer.

“It’s so fucking weird to come back. My concern those first couple days after I came back on Twitter was, ‘Are they gonna raid me again? Are they gonna come arrest me again? Am I supposed to do this?’”

Champions—Champion Crew, according to cops and the press at the time—took its name for the Champion Pool hall one block west, on Avenue C. In its heyday, it was a major operation, a network of dozens of people that penetrated five states. The Monsegurs weren’t at the top, but they weren’t too far from it, either. According to police testimony, by around 1992, when young Hector was about 9 years old, Iris had secured a prime corner, on East Fourth Street and Avenue D, where she sold heroin from around 6pm until midnight, pulling in up to $10,000 gross in a week.

Hector rejects the notion that they were truly rich from the enterprise: “If that’s the case, my friend, then why the fuck are we in the projects?”

Violence came with the drugs. “As a small child, I didn’t see nothing,” he says. “Eventually, as you get older, you see things don’t make sense, like ‘Why am I right in the middle of a fucking shootout?’” In 1993, one guy who clashed with Champions, Jesse Vega, was killed. The murder went unsolved for four years.

Members of the Champion Crew cycled in and out of prison. Iris and her brother did a stint for dealing. By 1996, they were both out and had established a new corner three blocks north on Seventh Street. According to the District Attorney’s office, kids helped with the operation and made about $500 a week. While Hector isn’t named in news or available court documents, an Associated Press story from 1997 says that Iris “supervised street deals by her 13-year-old nephew,” an apparent reference to Hector, who was 13 at the time.

Monsegur balks at the implicit accusation. “Never happened,” he says. “My aunt is very protective of me, the same way I’m very protective of her children. When she went to prison, she left her children in my care. And I did what I had to do to protect them, the same way that she protected me back when I was a child.”

At the time, you could find Champion Crew heroin in five states, as far away as Georgia and Virginia, branded with names like Satisfaction, Mad Dog, and Body Bag. But in 1996, it all came crashing down. “All that shit just disappeared,” he says. “All the biggest gangsters, the biggest murders, the kidnappers were all in prison.”

His family was no exception. Cops had gathered enough evidence around Vega’s death and the gang’s operation, and they moved on the Champion Crew, arresting 48 people, including the Monsegurs. They hit Iris with nine charges related to conspiracy and sale of a controlled substance. Even her mother got a conspiracy charge.

Court records show both Hector Senior and Iris pled guilty to charges that would net them seven years to life. “They did plead guilty, in order for my grandmother to be released,” Monsegur says. “They used my grandmother as fodder, a bargaining chip.”

For two months before his grandmother was released, he says, he was alone. When she was out, it was just the two of them: He was still just a kid, and she was extremely sick. “I had to take care of her. Feeding her and all that.

“That entire frame was just me and my grandmother in that house, completely isolated in that world,” he continues. “It was a really sad reality, depressing. I’m surprised I ain’t come out with some sort of mental problems, come out with fucking… You develop something from that extended period of depression and loneliness. Thank God I came out pretty healthy after that.”

That sad, lonely, smart kid in the projects slowly laid the foundation for someone who would one day be a hacker renowned and feared around the world. He recognized computer systems early on as a potential way out from out of his dismal world. “I started off by reading manuals: Microsoft manuals, Windows 95. I got AOL and chatted on IRC, and got advice on what else to read and where to find it.” That led to a book about hacker culture that he says changed his life: The Hacker Manifesto, written by The Mentor (security hacker Loyd Blankeship), who belonged to the second generation of Legion of Doom, a hacker team that fought with another group that caught Monsegur’s eye, the Masters of Deception. (“Stupid fucking names,” he says.)

“I was born into a drug gang called Champions. That lifestyle wasn’t this lifestyle. It wasn’t Twitter, it wasn’t Anonymous, it wasn’t even hacking. It was murder, kidnappings, and control of that scene.”

Legion of Doom was largely based in Texas, but Masters of Deception was affiliated with a real-life New York City gang, the Decepticons, who evoked a mythical terror among schoolkids. That’s where his worlds collided. Masters of Deception proved that not all hackers were white guys in the suburbs. Some of the most respected hackers in the world were people of color, guys who were in New York gangs.

Monsegur dropped out of high school but kept up his fascination with computers and security, landing a series of internships and some real security jobs while living a secret life as an unknown hacker hobbyist on the side. Over the years, his world began to crumble again. In 2009, his aunt went back to prison for another heroin charge and left her daughters with her mother. The next year, Monsegur lost his grandmother to failing health, and so he became the legal guardian of his two nieces.

By 2010, according to court documents, he was hacking enough foreign and corporate sites to catch law enforcement’s attention. A year later, he was operating as part of Anonymous. By that point, hacking was second nature.

“A lotta people ask me the question, if you had the kids, why were you hacking?,” he says. “I’ve been hacking since ’95, before the kids ever existed. There’s only so much you can do before you get caught.”

‘The Many Faces of Anonymous’

Hector Monsegur was a leader, or as close to a leader as Anonymous got. That’s part of what made him such an easy target.

His detractors draw a simple dichotomy: Monsegur is free, but Jeremy Hammond—who spoke eloquently of civil disobedience when he received his 10-year sentence—will spend his 30s behind bars for the attacks that Monsegur orchestrated.

“Fuck Sabu/Free Jeremy Hammond,” reads one T-shirt that used to sell on Etsy. Another, still available for purchase, has a caricature of Monsegur as Porky Pig and reads “I snitch folks!/Fuck Sabu.” There are countless videos and screeds against him, some erased, many still visible. They call him “traitor,” “snitch,” “coward,” “rat,” and “a notoriously mediocre hacker.” A few make fun of his weight or use racial slurs. Haters have digitally altered his face to look like a pig’s, pasted it onto an image of a cop, and distorted it to cartoonish proportions. Some have released personal information about him and his family.

“People considered Sabu to be legend. That’s a literal word that was used,” notes Gabriella Coleman, an anthropologist who’s spent considerable time in Anonymous chatrooms and who authored the book Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous. “He commanded a lot of power.”

Monsegur claims that he never actually gave up the names of his hacking contemporaries to the FBI. He says the authorities stitched together the details about their identities on their own. It’s impossible to prove this negative, and the few authorities who could corroborate it, former and current members of the FBI, refused requests for comment. Two journalists who have extensively studied the since-leaked private chat logs between Monsegur and other members of LulzSec—Daily Dot contributors Dell Cameron and Dan Stuckey—have never seen any evidence that Monsegur knew his companions’ real identities before the FBI did. In my previous investigation into the FBI’s case against Hammond, I found that the agency used various comments Hammond made to Monsegur from different screen names to tie them together, likely without Monsegur ever actually knowing Hammond’s name.

In fact, he says, he did his part to subtly advise others away. “Before my arrest, I didn’t really give a fuck what people were doing, if they were protecting themselves. I was just being me, I was hacking the planet, I was on a rampage. After my arrest, I started saying, ‘Hey, listen guys, you have no leader. I’m not your leader.’”

Monsegur is not the only Anonymous hacker to work with the feds. He’s not even the only person affiliated with LulzSec to do so: at least four other people associated with the group had some sort of formal relationship with the FBI.

One Guardian investigation, coincidentally released the day before Monsegur was arrested, estimated that a whopping 1 in 4 hackers was secretly an informant for the FBI. Looking back, Ed Pilkington, who summarized the investigation results at the time, stands by its conclusion. “I think it was an underestimate. What’s become quite clear is that the hacking community is riddled with informants.”

“My aunt is very protective of me, the same way I’m very protective of her children. When she went to prison, she left her children in my care. And I did what I had to do to protect them, the same way that she protected me back when I was a child.”

Several people affiliated with Anonymous who had criticized Monsegur in the past refused to speak to the Kernel for this story, citing a desire to not give him further publicity. But in Coleman’s mind, Monsegur’s greatest crime in the court of public opinion is one of branding.

“Once he was allowed to talk publicly about his position and showed not a lot of remorse, that really sealed the ire for a lot of people,” she says. “I think he could justify what he did because he was put in a corner, but then to say he really played no role whatsoever in order to catch other hackers when all the court documents say otherwise, is the core problem.” She cited his first major interview after his arrest, with Charlie Rose. “He basically said everyone else messed up and said everyone else was responsible,” Coleman says.

That’s not how Monsegur sees it. For him, he worked in character with the feds but never gave anyone up directly. He didn’t name them. They all made their own security mistakes, same as he did.

“[They say] ‘he’s not taking responsibility.’ Of course I’m taking responsibility,” he says. “But here’s the problem with that: What they’re expecting from me is an apology that’s supposed to be crafted to their liking. Me saying ‘sorry’—but what is there to be sorry about? You want me to say sorry for something I didn’t do?”

Barred on both sides

In the hacking world, definitions for “legal” and “illegal” are notoriously slippery. The FBI used Monsegur as a cooperating witness and put Hammond away for 10 years but openly advertises to hackers to join the agency and pays freelance informants to snitch on each other. The FBI didn’t intervene during the times that LulzSec, under the agency’s apparent supervision, hacked into foreign government sites and caused multimillion-dollar damage to a U.S. security company, but it opens investigations when foreign hacking groups like the Syrian Electronic Army break into private American companies.

One generally learns how to hack by embracing a kind of tinkerers’ ethos, poking and prodding at systems to see what works. But laws in many countries, including the U.S., prohibit nearly any kind of “unauthorized access” to a computer. That doesn’t always apply to government agencies, though. Documents released by Edward Snowden show that the National Security Agency has created exploits in encryption software, and a number of nations—the U.S. and China are the best-known example—are widely believed to be engaged in a constant back-and-forth of cyberattacks.

“People considered Sabu to be legend. That’s a literal word that was used.”

Hackers frequently switch sides, too: between representing the law and breaking it, between working for the government and working for themselves. Kevin Mitnick, once the most infamous hacker in the world, now runs a successful security company after spending a then-landmark five years in prison. At least two FBI employees who oversaw Monsegur’s case, arresting agent Chris Tarbell and executive assistant director Shawn Henry, now work for cybersecurity firms in the private sector (neither were willing to comment for this story). Other hackers have made the jump from criminals to security professionals. Even his former LulzSec compatriots in the U.K., who received far lighter sentences than Hammond and have since rejoined society, have found work in the industry.

That’s what Monsegur wants, but his name has proven toxic.

“After LulzSec, what happened to the cybersecurity industry? It exploded,” he says. “Multibillion-dollar industry, post-LulzSec. It’s kinda ironic, because I can’t get a fucking job in something that I helped build.”

f5cbe68bee79f3607128fc385356a45cMonsegur at his sentencing in May 2014. Photo by Brian Knappenberger

Life is hard right now for Monsegur. He no longer lives in the Jacob Riis Houses but declines to say where he and the girls live. He’s struggling to find work. He swears to me, as he has in his limited other interviews, that he’s done with illegal hacking. “I’m retired. I’m an old fart now.” But finding an aboveboard job in cybersecurity is near-impossible.

There’s precisely one area where he’s qualified for a job. With LulzSec and its associated AntiSec campaign, Monsegur and his crew openly mocked and particularly targeted security companies. They wanted to prove that even self-proclaimed security professionals would fall to their skills. And they did.

“You would expect that the security industry would say, ‘Damn, you know, Hector’s pretty knowledgeable; he’s got skills, and he’s been around for quite some time. By all means, let’s hire this guy,’” he says. “[But] the cybersecurity industry has an issue with me, a taboo. Yeah, they could hire a kid from Columbia or a kid from wherever the fuck, and they won’t have the PR risk. That doesn’t bother me. What does bother me is blackballing.”

A few months ago, Monsegur got what seemed to be his golden ticket. The RSA Conference, one of the biggest industry events in the world, invited him to speak in San Francisco in April. Finally, he’d get a chance to address some of the industry’s bigwigs directly and have a chance to pitch them about what kind of an asset he could be.

It didn’t happen. Soon before he flew out, he got the message that due to an unspecified security threat, he wouldn’t be speaking after all. Instead, he wound up in a private room, doing a one-on-one interview that has still not been released to the public.

“The initial excuse was security concerns,” he says, though he suspects the excuse arose from one of RSA’s sponsors actually being one of the companies he hacked. RSA, for its part, stuck with the vague threat to security. In a statement to the Kernel, an RSA representative said, “Security is always a paramount concern when developing our program, and we felt that a video interview was the most effective way to present Hector’s story.”

Monsegur kept pitching himself to different companies. He’s received three different job offers from three different cybersecurity companies, he says, and each of them backed out.

An employee of one of those companies spoke with the Kernel, on the condition that neither his name nor his company’s name be mentioned. “For me, he’s extremely talented at what he does,” the employee said. “Some [companies] can see him as a really cool marketing tool, where he’s out speaking, out being the face man, but that takes away from his key talents, which are reverse engineering and finding exploits.

“I hate to admit it, but Anonymous trolls had an impact, even if they don’t show up.”

“I don’t know why anyone in their right mind wouldn’t hire him,” he added. But it wasn’t to be. “My boss wanted to bring him on for a job, and all of a sudden he changes his mind,” he said.

Jeffrey Carr, who runs both the Suits and Spooks cybersecurity discussion events and heads the cybersecurity company Taia Global, sees it plainly.

“Regarding Hector being blackballed by the security industry, there’s no doubt in my mind,” he says. “It’s really a shame. But frankly, I couldn’t hire him, and I’m a supporter. I think he deserves a second chance.”

An uncertain future

Controversy follows Monsegur everywhere he goes, on- and offline. When he authored a pair of guest pieces for the Daily Dot earlier this year—reviews of the blockbuster movie Blackhat and CBS show CSI: Cyber from a hacker’s perspective—it was met with an Anonymous campaign to “destroy” our site.

In mid-June, Monsegur was invited to speak at a Suits and Spooks event scheduled to take place at SoHo House in New York. Word of his scheduled appearance spread quickly online. Anonymous—or at least people who identify as such and despise Monsegur—bombarded SoHo House with calls. Hundreds pledged on Facebook to protest outside, a move that ultimately forced a change of venue.

The change of venue also quickly leaked, but on the day of the event, the actual protest was a bust. Only about 20 protesters showed up at the Crosby Street Hotel. None wore the iconic Guy Fawkes masks. Attendees were convinced Monsegur was somehow getting rich—at least $100,000 a year—either by selling consulting services to the Daily Dot or to Carr. (Carr has never hired Monsegur for consulting, and the Daily Dot commissioned Monsegur’s reviews at a standard Web freelancer rate.)

When I caught up with him afterward for another burger, Monsegur was pleased. “Suits and Spooks was great.” He seemed unfazed by his critics. “Bunch of Anonymous idiots. Threats on the phone. … They were staking out the front and back of the building. I don’t know why; they were going to attack me?”

During the talk, he said, he was interrupted by questions about his motives and role in the Stratfor hack—the primary attack that led to Jeremy Hammond’s imprisonment—but he felt like he handled himself well. (Journalists weren’t allowed inside, though at least one, Fusion’s Tim Pool, snuck out a clip of Monsegur speaking.)

Carr was more rattled. He confessed that that sort of liability would keep him from hiring somebody like Monsegur.

“I hate to admit it, but Anonymous trolls had an impact, even if they don’t show up,” Carr said. “That’s the power of trolling,” he chuckled bitterly. “You can’t just ignore them or not feed them.”

Monsegur was nevertheless chipper. He’d talked to some guys, he said, and planned to start a new security company on his own. Also, he was talking to some documentary filmmakers. He didn’t want to say who either group was—the former because it was still too nascent, the latter because they were afraid of getting trolled by Anonymous. I’d heard both lines from him before, but this time, he said, he meant it.

“I’m just going to start my own security company,” he says. “The security industry can’t push me away.”

 

Correction: The Hacker Manifesto was written by The Mentor (Loyd Blankenship), and Monsegur no longer receives support from the Supplemental Nutrition Assistance Program. This story has been updated accordingly. 

Additional reporting by William Turton

Photo by Kevin Collier | Remix by Jason Reed