Stop putting all the blame on Sabu. There were at least five people providing information to the FBI regarding LulzSec.
All of this information has been public for a while, but as far as I know I'm the first to compile it.
Contrary to popular belief, Sabu was not the first snitch in Anonymous or Lulz Security a/k/a LulzSec. His arrest came after others snitched on him. The first official acknowledgement of this was in a speech by former FBI director Robert Mueller on August 8, 2013:
Our New York Office used confidential human sources, search warrants, and physical surveillance to identify and locate this man, who was only known then by his online moniker, Sabu.
Including Sabu, there were a total of five confidential human sources (CHSs) confirmed to have provided information to the FBI regarding LulzSec. (All informants are CHSs, but not all CHSs are informants. But for the purposes of this article, I'm using the terms more or less interchangeably as there is so little information available about the individuals.) These confirmed CHSs are:
- Hector Xavier Monsegur a/k/a Sabu in New York City. He was arrested on June 7, 2011, and the arrest was announced on March 6, 2012. It seems likely that he officially became an informant on August 15, 2011 (despite numerous press reports claiming that he became an informant "immediately" or "the very next day" after getting arrested), but may have been assisting the FBI before that.
- Sigurdur Thordarson a/k/a Siggi a/k/a Q a/k/a q in Iceland. Official documents have not been made public and "he is prone to lying," but according to the linked Wired article, he was assisting the FBI from August 24, 2011 to March 18, 2012.
- Someone whose name I don't know in Tampa, Florida (PDF). Note that this case was opened the day before Sabu's arrest, and closed two days after Sabu's arrest was announced. It seems likely that this is one of the people who snitched on Sabu.
- Someone whose name I don't know in Charlotte, North Carolina. See the same document as above, page 5 referencing "Charlotte and Tampa CHSs." I have not been able to find additional information about this person. (I haven't tried filing Freedom of Information Act (FOIA) requests though.)
Someone whose name I don't know in Albany, New York (PDF). Note that the memo says "In June 2011, Albany executed arrest and search warrants on an identified LulzSec member ░░░░░░░░░░. This individual was residing in Albany's AOR [area of responsibility] and was actively participating in high profile intrusion activity attributed to LulzSec." No additional details about this arrest have ever been announced. I am considering the identity of the Albany LulzSec arrestee to be currently unknown.1
Update: On May 13, 2014, The Smoking Gun revealed that this is Thomas Madden a/ka Eekdacat a/k/a ee of Troy, New York, arrested June 29, 2011. (Troy is within the jurisdiction of the Albany FBI office.) It is theoretically possible that Thomas Madden and the "someone whose name I don't know" are two different people, but I assume it is unlikely that there were two different LulzSec associates in the Albany area who were arrested in June 2011.
Note, however, that the memo later says, "░░░░░░░░░░ is the second Albany CHS to be opened in the past year that has verified ties to identified hacker groups responsible for criminal computer intrusion activity." Because of the redactions, it isn't clear if the CHS is the same person as the arrestee. In any case, there were at least two Albany cybercrime CHSs, one of whom may have been the Albany LulzSec arrestee, or at least had enough to do with LulzSec to be discussed in the same memo. This person provided information to the FBI from approximately September 20, 2011 to at least February 7, 2012.
(The above PDFs were originally posted on http://thefbifiles.com/, which said they obtained them via FOIA requests. As of this writing, fbifiles.com says "NOTICE: This domain name expired on 12/25/2013 and is pending renewal or deletion," but luckily the PDFs had been copied to archive.org. I have re-hosted them here for redundancy.)
There are also six people, who I believe to be different people than those listed above, who are considered (by people I consider competent to make such a determination) to possibly have cooperated with the FBI regarding LulzSec. In most cases, these allegations have been topics of public discussion, but I have not seen any official documents or other evidence to confirm or refute their FBI cooperation. I have opted not to name the "maybe informants" here, for the simple reason that I don't know who else they might have been working with or what else they might have been working on, and I would not want to put anyone in danger. (To the extent I have been indiscreet regarding such matters in the past, I hereby apologize to anyone who may have been adversely affected.)
My "confirmed" list and my "maybe" list may be incomplete.
In any case, at least five, and possibly eleven or more, CHSs were involved in the LulzSec investigation. LulzSec is generally described as a six-person hacking group, so this was something close to, or higher than, a one-to-one CHS-to-hacker ratio. That's four times higher than the oft-cited (albeit of dubious methodology) one-in-four statistic claimed by this article.
While having this many CHSs may be effective, it hardly seems efficient. In fact it can seem rather silly.
(Sorry, I don't have my website set up for comments. If you're on Twitter, please tweet at me. Or post your reply somewhere on the internet and I'll probably come across it.)
1 The Twitter account formerly known as @AnonymousIRC (now @ClipperChip) claimed on July 8, 2013 that this is the LulzSec associate known as recursion. However, multiple sources report that recursion was arrested in September, not June, and this April 18, 2013 press release from the DOJ says that recursion "formerly lived in Phoenix, Arizona, and currently resides in Decatur, Illinois." On December 30, 2013, @ClipperChip tweeted at me: "For the record: Not sure this was recursion. Nor am I sure who tweeted that specifically; [the @AnonymousIRC/@ClipperChip] account was used by many people.")
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.