LulzSec hacker helps FBI stop attacks

Prosecutors called Mr Monsegur's help "extraordinary"

The former "leader" of hacking group LulzSec has helped the FBI stop more than 300 cyber attacks since his arrest on hacking charges in 2011. The co-operation of Hector Xavier Monsegur has helped to prevent losses of millions of dollars, according to court documents filed by prosecutors. Mr Monsegur will be sentenced on Tuesday for his role in major online hacking attacks. Prosecutors have recommended that he receives a reduced sentence.

LulzSec was formed in approximately May 2011 when Mr Monsegur - also known as Sabu - and five other members of the Anonymous hacking movement joined forces. According to the documents filed with the court the group was responsible for "major hacks" into and "thefts" from computer servers belonging to companies including Fox Television, Nintendo and Sony. Mr Monsegur was arrested in June 2011 and pleaded guilty, as part of a co-operation agreement with the US government, to nine counts related to computer hacking, amongst others.

'Extraordinarily valuable' The documents that were filed in a New York court last week state that Mr Monsegur's most substantial assistance came from his "co-operation against significant cybercriminals" affiliated with Anonymous, LulzSec and Internet Feds - another hacking group. Because of his help the FBI say they were able to identify, prosecute and convict the "number one cybercriminal target in the world" at the time - Jeremy Hammond.

Mr Monsegur was the leader of hacking group LulzSec He also helped prevent major hacking attacks that were being planned by active cybercriminals. Mr Monsegur was in contact with hackers and received information from them about attacks that were being planned. He shared this knowledge with the FBI. Victims of the attacks were to include the US Armed Forces, the US Congress and Nasa as well as a "television network, a video game manufacturer and an electronics conglomerate".

Electrical grid hack "The FBI used this information, wherever feasible, to prevent or mitigate harm that otherwise would have occurred," the prosecutors' filing said. "The FBI estimates that it was able to disrupt or prevent at least 300 separate computer hacks in this fashion. "Although difficult to quantify, it is likely that Monsegur's actions prevented at least millions of dollars in loss to these victims." He is also credited with providing officials with information about vulnerabilities that could have led to attacks on a water utility for a US city and a foreign energy company. "Law enforcement used the information Monsegur provided to secure the water utility, and the information about the energy company was shared with appropriate government personnel," prosecutors said.

A hack on the US electrical grid was also found to be a hoax after Mr Monsegur communicated with members of Anonymous. This saved the government "substantial time and resources". Under US sentencing guidelines Mr Monsegur could be sentenced to between 21 and 26 years in prison. Prosecutors have called Mr Monsegur's help "extraordinarily valuable and productive" and have recommended that his sentence is limited to "time served". He has already spent seven months in jail after breaking conditions of his bail in 2012.

read more...

America Government Charges Chinese Army Officers for Hacking...

The US has charged five Chinese army officers with hacking into private-sector American companies in a bid for competitive advantage, in the first cyber-espionage case of its kind.

Attorney General Eric Holder said the alleged breaches were "significant" and demanded "an aggressive response".

US prosecutors say the officers stole trade secrets and internal documents from five companies and a labour union.

China denied the charges and warned the case would harm US-China relations.

Potentially more victims

In Washington on Monday, Mr Holder said the hacking charges laid against the Chinese nationals were the first against "known state actors for infiltrating US commercial targets by cyber means".

He identified the alleged victims as Westinghouse Electric, US Steel, Alcoa Inc, Allegheny Technologies, SolarWorld and the US Steelworkers Union.

"The alleged hacking appears to have been conducted for no reason other than to advantage state-owned companies and other interests in China, at the expense of businesses here in the United States," Mr Holder said.

In response, the Chinese government said its "stance on the issue of internet security is consistent and clear".

Foreign ministry spokesman Qin Gang said the allegations were "made up" and would "damage Sino-American cooperation and mutual trust".

"China is a staunch defender of network security, and the Chinese government, military and associated personnel have never engaged in online theft of trade secrets," he said.

In an indictment in the western district of Pennsylvania, the heart of the US steel industry, the US named Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, all officers in Unit 61398 of the Chinese People's Liberation Army (PLA), as the alleged conspirators.

'Categorical' denunciation

FBI officials said the hacking in the years 2006-14 caused "significant losses" at the companies and that there were likely many more victims.

And Mr Holder said the US government "categorically denounces" economic espionage as a trade tactic.

"As President Obama has said on numerous occasions, we do not collect intelligence to provide a competitive advantage to US companies, or US commercial sectors," Mr Holder said.

The move is seen as largely symbolic, as five men accused are unlikely to be extradited to the US to faces the charges in court.

John Carlin, head of the justice department's national security division, said, "For the first time, we are exposing the faces and names behind the keyboards in Shanghai used to steal from American businesses."

"While the men and women of our American businesses spent their business days innovating, creating, and developing strategies to compete in the global marketplace, these members of unit 61398 spent their business days in Shanghai stealing the fruits of our labour," Mr Carlin said.

For example, Mr Carlin said that as SolarWorld, a maker of solar panels and accessories, was rapidly losing market share to cheaply priced Chinese competitors, the hackers were stealing documents on pricing strategy from them.

'Real threat'

While Westinghouse was negotiating a deal with a Chinese state-owned firm to build nuclear power plants, Unit 61398 stole secret designs for plant components, he said.

"In the past, when we brought concerns such as these to Chinese government officials, they responded by publicly challenging us to provide hard evidence of their hacking that could stand up in court," Mr Carlin said.

"Well today, we are."

Last year, cyber-defence company Mandiant published a report on a Chinese military unit the firm said was behind the vast majority of significant attacks on American federal agencies and companies.

In March, Defence Secretary Chuck Hagel said the Pentagon planned to more than triple its cyber-security capabilities in the next few years to defend against such internet attacks.

US President Barack Obama has called cyber attacks a "real threat" to US security and its economy.

read more...