March 6, 2012 will be a day that will live in infosec history for quite some time. This is the day that it was made known to the world that the LulzSec/AntiSec/Anonymous hacker known as “Sabu” was indeed Hector Xavier Monsegur, something that many had believed for close to a year. This revelation came through a news story that was originally posted on FoxNews, and Sabu’s identity was just the tip of the iceberg. Not only had he been outed by a main stream news medium, the article also stated that he rolled on key players in the LulzSec group. A three part series with part one here, part two here, and part three here explained more about Sabu and his affiliation with Anonymous/LulzSec and his reasoning behind rolling on his friends online. (Not to mention you get to see the face of Sabu giving out the most love face of all internet glory, the duckface, as if to tell his friends to “kiss their asses goodbye.”)
One of the first mentions of Sabu being Hector was found in @backtracesec‘s file named namshub. This was posted in March of 2011. This was compliments of Hubris and Asherah, aka @fakegregghoush. This was broken FIRST by those in Backtrace Security, not from others, as many would have you believe.
This brings us to another point that we would like to make. Those who would have their garnered masses believe that they are something that they are really not. Today, which should have been a day of rejoicing for many, was tarnished a bit by one very egotistical hacktivist that we all know of by now named th3j35t3r.
th3j35t3r would tweet most of the morning, giving little snippets about how he “told everyone Sabu was the rotten apple” and that “he knew from the beginning that it was Hector,” etc. But that’s not the case. As seen in this blog post, th3j35t3r at one point thought that Sabu was a man by the name of Hugo. He stated that if he was wrong, he would apologize, which he did in this blog post. But oh wait. Something is wrong about this post. It’s not the original.
You see, th3j35t3r asked if he could use portions of a blog posted by x_ryujin_x for a post he was working on. It was agreed upon that he could use what he wished as long as he credited ReaperSec with the assist in information. But if you look at the above link as it is now, there is only one minor mention of don’t fear the Reaper(Sec). The original can be found right here. Notice there was more of a mention than what is currently up there. Pieces of his particular blog were taken from x_ryujin_x’s post written on November 17, 2011. th3j35t3r wrote his article on November 19, 2011. But th3j35t3r’s masses won’t know all of this, because it’s been long enough that things can get “fuzzy” in someone’s memory.
This isn’t the only thing that th3j35t3r has slipped upon. Stealing credit is minor compared to the all out lies that were written about LulzSec’s CloudFlare account. How would we know, you might be asking. Well, when it comes from the CEO of CloudFlare at a talk he gave at DefCon 19 stating that th3j35t3r was wrong, it’s kind of difficult to dodge the bullet on that one. Here’s the talk from Mathew Prince, part of Sam Bowne‘s presentation at DefCon 19.
Our advice to those following or keeping tabs on th3j35t3r: please take everything with a grain of salt and ask the anti-jihadist activist to show you undeniable proof of the things that he alleges.
Credit for calling it out first goes to Asherah and Hubris and Zud of BacktraceSec. They had the information before everyone else and gifted it to the world before everyone was ready to comprehend what was going on. Whether you agree with them, their methods, or their beliefs, it is without a shadow of a doubt that they said Sabu was Hector first.
For everyone else not trying to ride piggy back style on one of the biggest arrests in Anonymous’ history, remember that on June 7, 2011, Hector Xavier Monsegur was arrested and decided to begin cooperating with Federal Law Enforcement. At the peak of LulzSec’s hacks, understand that Sabu was already arrested quietly. Everything after that date was done as a lie. All the trash talking, all the hacks, all the direction given to Anonymous/AntiSec was seen by an FBI agent monitoring a government issued PC that was viewed remotely. Every thing that Sabu did from that point forward was seen by an agent. Every PM. Every DM. Every question, statement, or plan made was seen by an agent.
Sabu wasn’t the first to roll, and he won’t be the last. Get off of the boat, Anons, because it’s sinking fast and the good guys are winning. Are you wearing your floaties?
irc.reapersecurity.net port SSL 6697 #graveyard