Sabu, LulzSec, and the FBI's WikiLeaks Investigation

Monday 26 May 2014

Some very intriguing new details emerged on Friday about the case of former Anonymous hacker turned FBI informant Hector Monsegur, or "Sabu" as he is better known.

A document filed in a New York district court shed light on the "extraordinarily valuable and productive" extent of Sabu's cooperation with the government over a period of approximately three years.

It is already widely known that Sabu secretly helped authorities track down and jail his former hacker comrades who were part of LulzSec, a high-profile Anonymous splinter group that attacked and infiltrated major corporate and government websites in the summer of 2011.

But the latest court document for the first time hints at Sabu's broader role aiding another major FBI undercover operation — one that I believe likely relates to an aggressive investigation into WikiLeaks and its founder Julian Assange. The section of the document in question is vague, deliberately so, but offers enough detail to indicate that it directly involves WikiLeaks and is potentially of high importance, for reasons I'll explain below. The document states:

Monsegur also engaged in a significant undercover operation in an existing investigation through which, acting at the direction of law enforcement, Monsegur gathered evidence that exposed a particular subject’s role in soliciting cyber attacks on a foreign government. The evidence he enabled the Government to obtain was extremely valuable, and the Government could not otherwise have obtained it without his assistance. Although this cooperation has not resulted in any prosecutions to date, the Government believes his information, and the evidence he helped to obtain in this matter, is extremely significant.

To understand why this matters and why it struck me straight away, a bit of background is necessary.

As I reported last year in a piece for Slate, Sabu, while working as an FBI informant in 2011, was in contact with a young WikiLeaks volunteer who had established a close relationship with Assange.

The volunteer, Sigurdur Thordarson, told me that with Assange's approval he set up a line of communication between Sabu, LulzSec, and WikiLeaks. He said he then solicited the hackers to infiltrate computers at the Icelandic Ministry of Finance to find evidence of anti-WikiLeaks sentiment. "That was the first assignment WikiLeaks gave to LulzSec," Thordarson claimed, because the Ministry of Finance had months earlier thwarted an attempt by DataCell, a company that processes WikiLeaks donations, to purchase a large new data center in Reykyavik. The FBI appears to have monitored the exchange between WikiLeaks and LulzSec through Sabu, and a few days later contacted Icelandic authorities to warn them about an imminent cyber attack. Icelandic police travelled to the United States to discuss the matter, according to information published by the country's state prosecutor.

According to Thordarson, the LulzSec hackers eventually turned over some confidential documents to WikiLeaks that related to the US embassy in Iceland, as well as other hacked files, such as a huge trove of emails mined from Syrian government servers that were later released by WikiLeaks. Thordarson alleged that Assange spoke with Sabu over Skype during this time, and he showed me records of chats he had with Sabu that appear to support his version of events. Again, Sabu was secretly working as an FBI informant during his correspondence with WikiLeaks; FBI agents, who were monitoring Sabu's online activity 24/7 and directing his conduct, would have almost certainly been watching over his shoulder during any conversations with Assange or others.

In a bizarre twist, Thordarson himself later became an FBI informant, before he found out that Sabu, too, was working for the Bureau. (You can read the whole crazy backstory here.) WikiLeaks says Thordarson was a rogue operative and has accused the FBI of using "coercion and payments" in an effort to extract information that could be used against its staff in a prosecution. It is unclear whether Assange was personally involved at all in any attempt to solicit the hacking of foreign government computers.

Either way, one thing that is clear and undisputed is that Sabu was in contact with WikiLeaks while he was working for the FBI. And the new court document in Sabu's case strongly suggests to me that the contact was not some random occurrence — rather, it suggests it was part of a concerted FBI undercover sting operation aimed at implicating Assange and his colleagues in criminal activity.

The mention of "a particular subject’s role in soliciting cyber attacks on a foreign government" stood out to me immediately as a likely reference to the Assange-Thordarson-Sabu-Iceland affair, perhaps even intended as a warning shot from the Justice Department that this is an angle still being pursued. WikiLeaks seems to have noticed it, as well, tweeting on Saturday that the document contained an "apparent reference to [an] FBI operation against WL."

It is worth recalling that the FBI and the Justice Dept. still have an active and ongoing criminal investigation into WikiLeaks, a fact that was most recently confirmed just last week. But because of constitutional press freedom protections in the United States under the First Amendment, to prosecute any WikiLeaks staff for their role in publishing leaked classified US government documents would be untenable. That is precisely why it is far more likely that the FBI will be seeking to find other charges it can lay against Assange, such as conspiracy, and that is where I think Sabu comes into the frame. The new court document refers to an "existing investigation" and notes that while the information Sabu gleaned about the cyber attacks being solicited "has not resulted in any prosecutions to date," it remains "extremely significant." [Emphasis added.]

So watch this space. I expect more details about this dramatic debacle are going surface before long — possibly even in an indictment against Assange, if the FBI gets its way.