The New York time published the news that an FBI informant, Hector Xavier Monsegur, coordinated in 2012 a campaign of hundreds of cyberattacks on foreign websites. In many cases we discussed the possibility to exploit hacktivism to support military operations against a foreign government, the US intelligence was accused to have infiltrated popular collectives of hacktivists to coordinate attacks on foreign governments including Iran, Syria, Pakistan and Brazil.
According declarations of participant to the attacks, the group of hackers exploited a vulnerability in a popular web hosting software to steal sensitive information from the government servers. All the information collected during the offensives were uploaded on a server monitored by the FBI according to court statements.
“The details of the 2012 episode have, until now, been kept largely a secret in closed sessions of a federal court in New York and heavily redacted documents. While the documents do not indicate whether the F.B.I. directly ordered the attacks, they suggest that the government may have used hackers to gather intelligence overseas even as investigators were trying to dismantle hacking groups like Anonymous and send computer activists away for lengthy prison terms.” reported the New Youk Times.
Hector Xavier Monsegur, aka Sabu, was one of the leaders of the popular group of hacktivists LulzSec that breached many high profile targets during in the last years, including Sony Pictures (2011). The group also claimed responsibility for taking down many other notorious targets such as AT&T, Viacom, Disney, EMI, and NBC Universal, The Sun, PayPal, MasterCard, The Times and the CIA.
Sabu once arrested decided to collaborate with law enforcement to track down other members of Anonymous. Various members of the popular group of hacktivists have been identified and arrested.
Thanks Monsegur, F.B.I. arrested another popular hacktivist, Jeremy Hammond that joined in the group of hackers known as Antisec. Hacktivist Jeremy Hammond was sentenced to 10 years in federal prison, he collaborated with Monsegur to conduct the attack on the private intelligence firm Stratfor.
During the process Hammond declared that FBI coordinated numerous attacks of Anonymous on foreign governments, after the Stratfor hack in fact Monsegur began supplying Hammond with lists of foreign vulnerable websites representing the targets of the offensives. The collective of hackers led by Mr. Hammond exploited a zero-day vulnerability in the web-hosting software Plesk to install a backdoor into thousands of websites and gaining their complete control.
The attack pattern was quite similar, once installed the backdoor on the target, sensitive data like emails and databases were extracted and uploaded to a computer server controlled by Monsegur.
“Mr. Hammond would not disclose the specific foreign government websites that he said Mr. Monsegur had asked him to attack, one of the terms of a protective order imposed by the judge. The names of the targeted countries are also redacted from court documents.”
The list included more than 2,000 Internet domains, Monsegur directed Mr. Hammond to hack government websites in Iran, Nigeria, Pakistan, Turkey and Brazil and other government sites, including the Ministry of Electricity in Iraq.
The sentencing statement confirmed the involvement of Mr. Monsegur in the attacks against Syrian government websites, including banks and ministries of the government of President Bashar al-Assad.
“The F.B.I. took advantage of hackers who wanted to help support the Syrian people against the Assad regime, who instead unwittingly provided the U.S. government access to Syrian systems,” the statement said.
According Hammond, Mr. Monsegur never carried out the hacks himself:
“Sabu wasn’t getting his hands dirty,” said Hammond.
The exact role of the FBI is still unclear, the involvement of groups of hackers capable to hit any target on the Internet is a known and efficient strategy adopted by governments. Characters like Mr. Monsegur can influence large masses of hacktivists that taking part to a cyber attack support a tactical operation of the US government.
(Security Affairs – Hacktivist, Monsegur)