Obvious Informant Is Obvious. But Why?
A cautious cybercriminal would not have worked with Hector Xavier Monsegur a/k/a Sabu after mid-2011. Those who feel that Sabu betrayed them understandably want to blame Sabu instead of their own poor judgment and opsec, or youthful naiveté, but the facts speak for themselves. A few examples will suffice to illustrate the obviousness of Sabu's status as an informant:
From a recent article by Quinn Norton: Sabu "was so persistent, and kept telling me where he was." "He wrote like multiple people." "No one had ever known where Sabu got that computing power, but they also hadn't asked." "By January Antisec was so sure it was being monitored by the FBI that more than one member talked to me about it."
From Parmy Olson's book
From Sabu himself: "Stick to yourselves. If you are in a crew - keep your opsec up 24/7. Friends will try to take you down if they have to." (This and many other warnings were reportedly made while "[t]he FBI has had an agent watching his online activity 24 hours a day.")
From my Facebook, posted publicly here for the first time (note date: he was arrested on June 7, 2011; the arrest was announced on March 6, 2012):
(My bad, he was 28.) I wasn't trying to out an informant. Rather, the fact of his arrest was so glaringly obvious that I sincerely thought that the FBI would be announcing it within days. It didn't occur to me that they would use someone as an informant when seemingly everyone knew that he'd been arrested. When the arrest wasn't announced and he continued to advocate hacking, it became obvious that he must be an informant.
Note: in a speech by FBI director Robert Mueller (one of his last before being replaced by James Comey), Sabu was Mueller's first example of the FBI's "effectiveness in cyber investigations." Think about that for a minute. Mueller's example of FBI effectiveness was an informant so obviously an informant that random people were accidentally outing him months before the arrest was announced.
As we say on the internet, #fail. #EpicFail.
Or was it?
According to Hanlon's razor, incompetence is the most likely explanation, so we needn't look any further. But hey, while we're here . . .
I was remembering this article (PDF) about the obviousness of Nigerian scammers. (Hat-tip to Bruce Schneier.) "Since gullibility is unobservable, the best strategy is to get those who possess this quality to self-identify." If this article is right, Nigerian scammers are obvious not because they're incompetent, but because they're hoping for responses from people who are gullible and easy to exploit.
A thought experiment: Suppose you want some skilled hackers to help you hack into foreign governments' computers, and don't want to pay them. What type of human resources would you be looking for? You wouldn't want experienced cybercriminals, because they would want money. You wouldn't want people with experience in law enforcement or intelligence, because they're realize what you're doing and tip off (or request money not to tip off) the governments you're targeting. Basically anyone savvy would realize what you're trying to do, and know the monetary value of their own skills, and seek ways to turn the situation to their own advantage (or avoid the whole situation, if risk-averse).
You'd want to recruit people who hack only for the joy of hacking, or ideological motives, with no interest in monetary gain. They would also have to be naive enough not to question the recruiters' motives, but assume that all collaborators are being honest about their goals. And you'd want people who hack without hesitation or fear of arrest: the job gets done quickly, and if things go south, the recruit takes the fall, or can be thrown under the bus if need be. (It's likely that such a person would already have an arrest record.)
You'd want, in other words, someone exactly like Jeremy Hammond, whose sentencing statement is very interesting. And you would target him with an informant as obvious as Sabu.
Note that in this scenario, Sabu is also a victim. His handlers would tell him what a great job he's doing, while knowing that his obviousness makes him a sitting duck for criminals with any skill at counterintelligence. Anonymous is a non-violent movement, but there are other people who take "snitches get stitches" seriously and literally. Does the FBI have a legal or ethical duty to stop using an informant once they know or should know that his cover is blown? No doubt Sabu's family would think so, if he or they became victims of "anti-snitch" violence.
Such a strategy has other risks: a sophisticated criminal could have used Sabu to feed disinformation to the FBI. This weighs against them having intended Sabu's obviousness, as the risk to FBI resources (or even national security) might have outweighed any advantages obtained from targeting gullible people.
A question for Hammond's supporters: if he had been duped not by the U.S. government, but by a repressive regime, or an organized criminal or terrorist group, would you still be defending him as vigorously? Because that could have happened just as easily. Both logistically and morally, that was Hammond's worst failing: his recklessness in allowing his skills to be exploited by people whose motivations he didn't know. Things could have gone worse, for everyone.
I'm not claiming that the FBI intentionally uses informants who are obviously informants. But I don't think it's impossible. What do you think?
(Sorry, I don't have my website set up for comments. If you're on Twitter, please tweet at me. Or post your reply somewhere on the internet and I'll probably come across it.)
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.