FBI informant tied to cyber attacks abroad


An informant working for the FBI has coordinated a campaign of hundreds of cyberattacks on foreign websites, including some operated by the governments of Syria, Brazil and Pakistan, according to documents and interviews with people involved in the attacks.

Exploiting a vulnerability in a popular web hosting software, the informant directed at least one hacker to extract vast amounts of data — from bank records to login information — from the government servers of a number of countries and upload it to a server monitored by the FBI, according to court statements.

The details of the 2012 episode have, until now, been kept largely a secret in closed sessions of a federal court in New York and heavily redacted documents. While the documents do not indicate whether the FBI directly ordered the attacks, they suggest that the US government may have used hackers to gather intelligence overseas even as investigators were trying to dismantle hacking groups like Anonymous and send computer activists away for lengthy prison terms.

The attacks were coordinated by Hector Xavier Monsegur, who used the Internet alias Sabu and became a prominent hacker within Anonymous for a string of attacks on high-profile targets, including PayPal and MasterCard. By early 2012, Monsegur of New York had been arrested by the FBI and had already spent months working to help the bureau identify other members of Anonymous, according to previously disclosed court papers.

One of them was Jeremy Hammond, then 27, who, like Monsegur, had joined a splinter hacking group from Anonymous called Antisec. The two men had worked together in December 2011 to sabotage the computer servers of Stratfor Global Intelligence, a private intelligence firm based in Austin, Texas.

Shortly after the Stratfor incident, Monsegur, 30, began supplying Hammond with lists of foreign websites that might be vulnerable to sabotage, according to Hammond, in an interview, and chat logs between the two men. The New York Times petitioned the court last year to have those documents unredacted, and they were submitted to the court last week with some of the redactions removed.

Exactly what role the FBI played behind the scenes during the 2012 attacks is unclear. Hammond said he had been in constant contact with Monsegur through encrypted Internet chats. The two men often communicated using Jabber, a messaging platform popular among hackers. Monsegur used the alias Leondavidson and Hammond used Yohoho, according to the court records.