The sentencing of infamous computer hacker and known federal law enforcement informant, Hector Xavier Monsegur, is scheduled to take place the day after Memorial Day.
Monsegur, also known as “Sabu,” began cooperating with the U.S. Federal Bureau of Investigation following his arrest in June 2011, providing evidence that would eventually be used to convict eight of his fellow hackers, members of groups LulzSec, AntiSec, and Internet Feds. His sentencing has been postponed seven times before at the request of the government, presumably while they continued building criminal cases against others.
On Friday, the U.S. government submitted a notice to the South District court in New York seeking to avoid a mandatory prison for Monsegur—something the court is empowered to do, according to federal sentencing guidelines, if a defendant has provided substantial assistance in other criminal investigations. According to a pre-sentence report drafted by the U.S. Probation Office and supported by the U.S. government, the sentencing guidelines in Monsegur’s case would normally call for a prison sentence of 21-26 years. It also states that the probation office has recommended he receive credit for time served.
The government’s statement characterizes Monsegur as the ideal informant, calling his work “extraordinarily valuable and productive.” He gave authorities “unprecedented access” to other hackers under investigation, which in many cases led to their arrest. “His cooperation entailed many multi-hour meetings with FBI agents that extended into the late evening and early morning hours,” the government said. “Monsegur provided substantial historical cooperation, as well as substantial proactive cooperation, and he was prepared to testify if needed.” One the hackers Monsegur helped the FBI capture, Jeremy Hammond, is now serving the remainder of a 10 year prison sentence a medium security facility in Manchester, Ky.
Monsegur apparently began “cooperating proactively” within hours of his arrest and resumed communicating online. The fact that he flipped so quickly, the government said, was significant to their investigation. “In fact, LulzSec had developed an action plan to destroy evidence and disband if the group determined that any of its members had been arrested, or were out of touch with other group members for an extended period of time.”
According to the government, Monsegur faced a number of “hardships” during his cooperation. At one point the FBI relocated Monsegur and members of his family who were threatened. He was also “approached on the street and threatened or menaced about his cooperation,” the government said. It was noted that some of this harassment stemmed from Monsegur’s rumored involvement in the government’s prosecution of Silk Road operations, though the government says Monsegur didn’t assist in that case. Threats of violence against a cooperating witness or members of their family could also give a federal judge cause to waive minimum sentencing requirements, according to specific policy statement cited by the prosecution.
The government also confirmed that Hammond kept a powerful exploit out of Monsegur’s hands, something Hammond brought up during his own sentencing: “Sabu asked me many times for access to this exploit, which I refused to give him.”
“At law enforcement direction,” the government’s filing reads, “Monsegur attempted to learn how these targets were able to exploit this vulnerability, but was unsuccessful.” The vulnerability, which allowed Hammond to quickly infiltrate servers running web hosting platform Plesk, was discovered and patched near the end of February 2012, just before Hammond’s Chicago home was raided by the FBI.
Monsegur’s bail was revoked in May 2012 and he was subsequently jailed for seven months following some “unauthorized online postings.” It’s unclear what specific postings the government is referring to, though one of the last few tweets sent by Monsegur, on the day of Hammond’s arrest, referred to the U.S. government as “a bunch of fucking cowards.”
— Andrew Panda Blake (@apblake) May 24, 2014
“Finally,” the government added, “Monsegur engaged in a significant undercover operation in which, acting at the direction of law enforcement, he helped to obtain evidence that exposed a subject’s role in soliciting cyber attacks on the computer systems of a foreign government.” It goes on to note that this action hasn’t resulted in prosecutions, but that the evidence is “extremely significant” to the U.S. government. It doesn’t say whether “undercover,” a term not used elsewhere to describe his interactions as “Sabu,” means Monsegur took on another identity for the purpose of the operation.
Monsegur’s activities while under the FBI’s supervision (most notably his involvement in cyberattacks against foreign governments) have led to criticism over how the agency manages its informants. Hammond accused Monsegur, in his sentencing statement, of orchestrating attacks against thousands of websites. Then, in January, a letter signed by a known accomplice claimed that Monsegur played an integral role in the 2011 breach of Stratfor. The attack caused an estimated $700,000 in fraudulent credit card charges, and led to the release of some five million internal company emails, later published by WikiLeaks as the “Global Intelligence Files.”
Whether Monsegur walks free Tuesday thanks to his “extraordinary” efforts is entirely up to Judge Loretta Preska—the same federal judge who doled out a maximum prison sentence to Hammond.