• United States



Sabu, ex-LulzSec hacker turned FBI snitch, sentenced to time served

May 27, 20144 mins
CybercrimeData and Information SecurityMicrosoft

Hector ‘Sabu’ Monsegur, who was the former LulzSec leader turned informant for the feds, will serve no additional jail time.

After being flipped by the FBI, former LulzSec leader Hector Xavier Monsegur, aka the snitch Sabu, gets to walk away with time served and one year of supervised release. Flipping unbelievable, especially considering that Jeremy Hammond is serving a 10-year prison term.

After seven sentencing delays and a sentencing recommendation by the feds, Monsegur will see no more jail time than the seven months he previously served. He was facing between 259 and 317 months in prison. Court documents, according to the New York Times, asked for leniency due to Monsegur’s “extraordinary cooperation” such as helping to disrupt 300 web attacks which prevented unknown millions of dollars in losses.

The FBI approached Monsegur on June 7, 2011, and he “immediately admitted his role in Internet Feds and LulzSec” and then he “provided, in real time, information about then-ongoing computer hacks and vulnerabilities in significant computer systems.”  Court documents (pdf) reference hacks of HB Gary, Fox Televesion, Tribune Company, PBS, Sony, Nintendo,, Bethesda/Brink video game, and FBI affiliate Infragard.

Monsegur proactively cooperated with ongoing Government investigations. Working sometimes literally around the clock, at the direction of law enforcement, Monsegur engaged his co-conspirators in online chats that were critical to confirming their identities and whereabouts. During some of the online chats, at the direction of law enforcement, Monsegur convinced LulzSec members to provide him digital evidence of the hacking activities they claimed to have previously engaged in, such as logs regarding particular criminal hacks.

His “substantial proactive cooperation” contributed “directly to the identification, prosecution and conviction of eight of his major co-conspirators, including Hammond, who at the time of his arrest was the FBI’s number one cybercriminal target in the world.”

Last year Jeremy Hammond, who is serving 10 years, released the following statement:

“What the United States could not accomplish legally, it used Sabu, and by extension, me and my co-defendants, to accomplish illegally. Why was the United States using us to infiltrate the private networks of foreign governments? What are they doing with the information we stole? And will anyone in our government ever be held accountable for these crimes?”

Today Monsegur told Judge Loretta Preska, “I’m not the same person you saw three years ago.” His defense attorney, according to Ars Technica’s John Timmer, likened Sabu’s actions to Robin Hood, adding “he did not break these systems, he revealed vulnerabilities.”

Judge Preska “was impressed by Monsegur’s ‘turning on a dime and doing good and not evil’ and his ‘extraordinary cooperation’.” She suggested that Monsegur should “deploy his tech skills for good.” During his year of supervised release, there will be a keylogger on his computer and his parole officer can search Sabu, his vehicle and his premises at any time.

Conversely, here’s what happened to Sabu’s former LulzSec members: 10 years in prison for Jeremy Hammond, aka Anarchaos. 30 months in prison for Ryan Ackroyd, aka Kayla. Two years in a juvenile detention facility for Jake Davis, aka Topiary. Mustafa Al-Bassam, aka T-Flow, was sentenced to 20 months, which was suspended for two years. Darren Martyn, aka pwnsauce, and Donncha O’Cearrbhail, aka palladium, both received probation and a fine. Ryan Cleary, aka ViraL, was sentenced to 32 months in prison. Only “Avunit” – one of the core LulzSec members – was unidentified; he reportedly left the AntiSec group after it began its “F–k the FBI Friday” campaign.

Like this? Here’s more posts:

  • Hacking hotels, shells, cellphones, cars and more mischief coming to Black Hat
  • Microsoft knew about ‘new’ Internet Explorer zero-day for 7 months but won’t patch
  • Yikes, ICS-CERT reminds public utilities about dangers of remote access without firewall
  • New NSA Chief expects attacks attempting to damage, destroy critical infrastructure
  • Huge demand for NSA-proof email: ProtonMail uses a month’s server capacity in 3 days
  • Smart toilet spying on health is a hoax, but is there privacy in a public potty?
  • No reasonable expectation of privacy when third parties cross the creepy line?
  • Over 70% of energy and financial firms say cyberattacks coming within 12 months
  • Microsoft shares 2 cybersecurity papers to protect infrastructure and supply chain

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.