US prosecutors have postponed the sentencing of “Sabu” – real name Hector Xavier Monsegur – who led the LulzSec hacking crew during the summer of 2011 while working as a double agent for the FBI.
Monsegur was due to appear at a Manhattan federal court on Friday for sentencing on ten counts of hacking, one of bank fraud, and one of identity theft, which together carried a maximum penalty of 124 years.
But the sentencing was put off without explanation – though Monsegur had been expected to be given only a suspended sentence after having pleaded guilty to the charges in August 2011.
At the time he was still operational as a member of LulzSec, the group which hacked into sites belonging to the CIA, Serious Organised Crime Agency, Sony Pictures Europe and News International during that summer.
But unbeknownst to the other members of the group, he had been arrested and charged by the FBI on 7 June 2011 in his apartment in the Bronx. Faced with a colossal jail term – while responsible for looking after his two young nieces – Monsegur chose to cooperate. The FBI provided him with a computer and phone which was permanently monitored, and which then allowed the detection and capture of other hackers – including those behind the Stratfor hack.
Posting on Twitter as “The Real Sabu”, Monsegur had a combative style, and proclaimed a fierce dislike of the authorities.
But his FBI handlers said he was “brilliant, but lazy”: they discovered him selling stolen credit card details on Facebook, and traced him to his home when he used an unguarded internet connection to go on the 2600.com site, which is popular with young and old hackers.
The indictments cover the period between December 2010 and May 2011, and cover the hacking of sites belonging to the Tunisian, Algerian, Yemeni and Zimbabwe governments, “DDOS attacks” on Paypal, Visa and Mastercard, sites belonging to Fox News, the Chicago Tribune newspaper site, Sony Pictures Europe, Sony Music Entertainment, PBS, Nintendo, security company Unveilance, the US Senate, and video games company Bethesda Softworks.
He also hacked computers belonging to an auto parts company and had four vehicle motors worth $3,450 sent to his address in New York for free. He used more than a dozen stolen credit card details to make a number of purchases worth more than $1,000, the floor level for higher penalties under the federal code.
No date has been given for the postponed sentencing.