In early 2012, members of the hacking collective Anonymous carried out a series of cyber attacks on government and corporate websites in Brazil. They did so under the direction of a hacker who, unbeknownst to them, was wearing another hat: helping the Federal Bureau of Investigation carry out one of its biggest cybercrime investigations to date.
A year after leaked files exposed the National Security Agency’s efforts to spy on citizens and companies in Brazil, previously unpublished chat logs obtained by Motherboard reveal that while under the FBI’s supervision, Hector Xavier Monsegur, widely known by his online persona, “Sabu,” facilitated attacks that affected Brazilian websites.
The operation raises questions about how the FBI uses global internet vulnerabilities during cybercrime investigations, how it works with informants, and how it shares information with other police and intelligence agencies.
After his arrest in mid-2011, Monsegur continued to organize cyber attacks while working for the FBI. According to documents and interviews, Monsegur passed targets and exploits to hackers to disrupt government and corporate servers in Brazil and several other countries.
Details about his work as a federal informant have been kept mostly secret, aired only in closed-door hearings and in redacted documents that include chat logs between Monsegur and other hackers. The chat logs remain under seal due to a protective order upheld in court, but in April, they and other court documents were obtained by journalists at Motherboard and the Daily Dot.
On June 7th, 2011, just hours after the FBI appeared at Monsegur’s doorstep in New York City’s Jacob Riis housing projects, he quickly confessed to his crimes and had his battered laptop swapped out for a fresh one provided by investigators. As “Sabu,” he quickly resumed his communications with activists, journalists, and other hackers.
In a closed hearing on August 5th, 2011, government prosecutors noted that Monsegur worked “around the clock… at the direction of law enforcement” to provide information on “targets of national and international interests,” and “engaged his co-conspirators in online chats that were critical to confirming their identities and whereabouts.”
“During this time the defendant has been closely monitored by the government,” said prosecuting US attorney James Pastore, according to a transcript. “We have installed software on a computer that tracks his online activity. There is also video surveillance in the defendant’s residence.”