For years, it was assumed that Hector “Sabu” Monsegur was the only hacker-turned-FBI-rat responsible for bringing down Lulzsec, the international group of hackers that left a trail of bedlam across the Internet in 2011.
But according to FBI search warrants leaked by the Anonymous hacker group (@youranonnews) Wednesday night, there may have been two other informants also working with the FBI.
The unnamed Lulzsec member was arrested on June 29, 2011, and put through a court-ordered mental competency exam, which showed he or she had a form of autism. This informant specifically gave up information on core Lulzsec member Ryan “Kayla” Ackroyd regarding his involvement in the Dec. 11, 2010, hack of more than 1 million registered accounts on Gawker websites.
Two warrants compiled by FBI special agent Olivia Olson, issued four months apart in 2011 refer to two confidential witnesses. Both “CW-1” and “CW-2” were arrested on June 29, 2011, and put through a psychiatric exam.
CW-1 was arrested on credit card fraud charges—the same charges that eventually brought in Monsegur. But neither of the informants mentioned in these warrants appears to be Monsegur, who was reportedly arrested June 7, not June 29.
While documents don’t reveal the identity of the second informant, in late June the FBI conducted a search in Ohio at the residence of a suspect allegedly connected with LulzSec. A report published by Threatpost at the time identified the suspect as a hacker known as M_nerva. LulzSec members accused M_nerva of cooperating with authorities, alleging he provided information that led to the arrest of a British Lulzsec member named Ryan Cleary in June 2011.
Anonymous leaked nine other warrants Wednesday from two other agents. One of them, dated the same day as Monsegur’s arrest, was to search his Facebook profile, lesmujahideen.
The FBI had already obtained Monsegur’s IP address during a hack of a business referred to in the warrants “corporation-1.” This challenges earlier reports that he was first identified by a web security company called Backtrace Security.
Anonymous timed the release of the warrants to coincide with the 29th birthday of Lulzsec member Jeremy Hammond. In November, Hammond was sentenced to 10 years in prison for breaking into the private servers of Stratfor, a global intelligence firm, where he deleted corporate files and stole some 5 million emails, uploading the messages to WikiLeaks.
Lulzsec rose to prominence in June 2011 after it hacked 1 million names, email addresses, and passwords from Sony Pictures entertainment databases. The hack also included 75,000 music codes’ and 3.5 million music coupons. Lulzsec allegedly cost Sony $600,000.
While Lulzsec occasionally made political statements, most of its hacks, as the groups name suggested, were for the “lulz,” “a corruption of ‘lol’ or a purpose misspelling of ‘lol,’” Urbandictionary states.
In March 2012, Monsegur, one of the founders of Lulzsec, was publicly arrested in his dingy New York apartment after working with the FBI for months to bring down key players in the organization.
Monsegur had been a FBI informant since he was first arrested in June 2011.
“Monsegur pleaded guilty Aug. 15, 2011, to 12 hacking-related charges and information documenting his admissions is expected to be unsealed in Southern District Court [of New York],” Fox News reported. “As a result of Monsegur’s cooperation, which was confirmed by numerous senior-level officials, the remaining top-ranking members of LulzSec were arrested or hit with additional charges Tuesday morning.”
Monsegur was granted bail during a secret hearing in order to return home and provide the FBI with information on Lulzsec.
Five other Lulzsec members, including Hammond, were charged in March 2012.
These arrests decimated Lulzsec. The only real news the group made in 2013 was regarding its members’ ongoing legal troubles.
Correction: An earlier version of this story incorrectly identified Ryan Cleary as one of the FBI’s possible informants. There is no evidence to suggest that is the case. We regret the error.