Hector Xaviar Monsegur, the notorious hacker known as Sabu, arrives for sentencing on Tuesday. Photo credit: Reuters.
A former Anonymous hacker who faced 26 years in prison for staging global cyber-attacks, was set free by a judge who credited him with helping prevent at least 300 such intrusions, including one on the U.S. Senate website.
U.S. District Judge Loretta Preska in Manhattan federal court today cited Hector Xavier Monsegur’s “extraordinary assistance” in secretly working with the U.S. government, sentencing him to the seven months he’d already spent in custody. She credited him for immediately agreeing to cooperate when confronted about his hacking by federal agents.
“That personal characteristic of turning on a dime and doing good instead of evil is the important factor in this sentence,” Preska said. “You’ve done as much as any human being can do in terms of helping the government to make up for past wrongs and to avert other damage to probably millions of people.”
Monsegur, 30, who used the online name Sabu, belonged to the hacker groups Internet Feds and LulzSec, an offshoot of Anonymous. LulzSec attacked computer networks at Nintendo Co. and stole confidential data on more than 70,000 potential contestants on Fox Television’s “X-Factor,” according to prosecutors. The group also attacked the computer networks of Sony Corp. (6758), the U.K.’s National Health Service, the Arizona State Police, and technology-security company HBGary Inc., U.S. said.
After agreeing to cooperate with the government, Monsegur worked “around the clock,” talking to hackers around the globe, including LulzSec which had vowed to destroy evidence and disband if any members were arrested, the judge said. Monsegur also helped prevent a cyber-attack on a foreign energy company and another on the water supply in a major U.S. city, Preska said.
Today in court, Monsegur, wearing a black short-sleeved shirt and grey slacks, apologized for the harm he’d caused and said he had learned many lessons since he pleaded guilty to 12 crimes in August 2011.
“I assure you I will not be back in this courtroom,” he said. “I’m not the same person you saw three years ago. I’m ready to move on.”
Assistant U.S. Attorney James Pastore asked Preska not to impose a mandatory two-year prison term, citing Monsegur’s help.
While federal sentencing guidelines, which are advisory, called for 21 1/2 years to more than 26 years in prison, court officials recommended probation.
“It’s difficult to quantify Mr. Monsegur’s cooperation,” said Pastore, adding that the defendant helped identify “back doors” or weaknesses in computer systems in corporations and foreign governments. “He was able to unmask and thwart outright or minimize hundreds of attacks,” he said.
During the time of his secret cooperation, Monsegur worked from his apartment, staying up all night talking online to his fellow hackers and then meeting with authorities passing on what he learned.
Evidence Monsegur helped develop led to the prosecution of at least five hackers, including Jeremy Hammond, who was convicted and sentenced to 10 years in prison by Preska for an attack on the intelligence firm Strategic Forecasting Inc., or Stratfor, and for interfering with eight other computer systems.
Anonymous called Monsegur a traitor in a posting on Twitter today, following the sentencing.
“Jeremy Hammond is serving a ten-year sentence for hacks that Sabu (working for the feds) told him to do,” the group said in a posting.
Philip Weinstein, Monsegur’s lawyer, said after today’s sentencing that the hacker is still helping the government with other cases. Monsegur has been unemployed while awaiting sentence, Weinstein said.
“He’s taught the government things that they don’t know,” he said.
Before Monsegur’s cooperation, he was the only member of a crew of hackers behind a series of cyber-attacks who had been identified by authorities, the U.S. said. LulzSec had developed a plan to destroy evidence and disband if the group determined that any of its members had been arrested, according to prosecutors.
Hackers affiliated with Monsegur had attacked the websites of the governments of Algeria, Yemen and Zimbabwe, the U.S. previously said.
Monsegur’s family had to be relocated by the FBI when his identity as a government informant was made public, his lawyer Peggy Cross-Goldenberg told Preska today. He was also threatened by some who incorrectly speculated that he assisted in the investigation and prosecution of Silk Road, the billion-dollar online website where customers used bitcoins to buy and sell drugs, according to the U.S.