New information suggests the FBI has been using renowned Anonymous hacker Sabu (aka Hector Xavier Monsegur) to direct other hackers to attack thousands of foreign websites to steal sensitive data, including details from websites of governments in Iran, Syria and Brazil.
In two weeks times Monsegur is scheduled to appear in front of Judge Loretta Preska in New York to be sentenced for multiple counts of conspiracy to engage in computer hacking.
Despite pleading guilty to all 12 charges against him, Monsegur could face a hugely reduced sentence thanks to his cooperation with the US authorities who arrested him over 1,000 days ago.
Is has been widely known that Sabu has been helping the FBI since his arrest, but details of just what this entailed has - until now - been a closely guarded secret, with court documents relating to Monsegur's sentencing being heavily redacted.
According to slightly-less-redacted court documents seen by the New York Times, along with an interview the paper carried out with former Anonymous hacker Jeremy Hammond, Monsegur was working with the FBI while coordinating hundreds of cyber-attacks on foreign websites, some of which included those operated by the governments of Syria, Iran, Pakistan and Brazil.
Sabu not getting hands dirty
The documents don't say the FBI was explicitly directing Monsegur to organise these attacks, but considering the LulzSec hacker was arrested in June 2011 and had agreed to work with the US authorities, and these attacks were carried out in January of 2012, it seems highly likely this was the case.
Monsegur was only unmasked as an FBI informant in March of 2012.
Monsegur didn't directly carry out any of the attacks himself, instead using his influence within the Anonymous community to get other hackers to do his bidding. Hammond said: "Sabu wasn't getting his hands dirty."
Hammond and Monsegur first worked together in December 2011 on the attack on global intelligence gathering company Stratfor. Hammond was last year sentenced to 10 years in jail for his part in this attack.
Out of control
A month later, in January 2012, Monsegur began sending Hammond lists of foreign websites to attack.
"After Stratfor, it was pretty much out of control in terms of targets we had access to," Mr. Hammond said during an interview at a federal prison in Kentucky.
Hammond declined to identify the specific websites he was asked to attack by Monsegur. However, according to a leaked court document published on the day of Hammond's sentencing last November the list of websites included targets in Iran, Nigeria, Pakistan, Turkey and Brazil.
The pair were able to breach the security of thousands of websites thanks to a vulnerability they had discovered in a web-hosting software called Plesk that allowed backdoor access to thousands of websites.
Once accessed Hammond was directed to upload any stolen information to a server controlled by Monsegur, but which is likely to have been controlled by the FBI. The information stolen included emails and databases according to Hammond.
As well as Hammond, the leaked sentencing document says that Monsegur directed other hackers to breach the security of Syrian government websites, including banks and ministries of the government of President Bashar al-Assad.
"The FBI took advantage of hackers who wanted to help support the Syrian people against the Assad regime, who instead unwittingly provided the U.S. government access to Syrian systems," the statement said.
Sabu's sentencing has been delayed six times since he first appeared in court in August 2011, two months after his arrest on 8 June, 2011. At that initial hearing the FBI praised Sabu for "cooperating with the government proactively" adding that he had "literally worked around the clock with federal agents."
It is understood that part of Sabu's work with the FBI was in the identification and entrapment of his fellow LulzSec hackers though the continued delay in sentencing him has led to a lot of speculation about what else Monsegur may have been helping the FBI with.
Monsegur's latest sentencing delay was for just one month, which could indicate that Sabu's time is up, though considering all the work he has been carrying out for the FBI, it is likely that he will face a significantly reduced sentence, and may even avoid jail altogether.
Monsegur is scheduled to appear in court on 8 May and his current whereabouts is unknown.
Is Sabu's Time Up as Sentencing Delays Get Shorter?
FBI's Christopher Tarbell – The Elliot Ness of Cyberspace who Busted Silk Road