We wrote recently about the FBI turning a Anonymous-type LulzSec hacker into a mole, a double agent. This mole then worked with the FBI to (among other things) crack into the email server of a top private security firm, Stratfor, and pass 5 million emails to Anonymous, who gave them to WikiLeaks for release.
(To come up to speed on that story, see here; it's fascinating. There's a Julian Assange angle.)
Now thanks to The Register, we know just how "Sabu" was found (h/t John Byrne via Twitter):
The man named by the FBI as infamous hacktivist Sabu was undone by an embarrassing security blunder, it has emerged. ... "They caught him because just once, he logged onto IRC without going through Tor [an anonymization service], revealing to the FBI his IP address," Graham claims.And that was all they needed.
According to Robert Graham of Errata Security [Sabu] exposed his IP address, which allowed federal investigators to request records from ISPs and track down his location to a flat shared with his two sons on Manhattan's Lower East Side.About the FBI, Graham said:
"This reveals a little bit about the FBI, namely that they've infiltrated enough of the popular IRC relays to be able to get people's IP addresses. We've always suspected they could, now we know."And:
The report said investigators had coerced the unemployed dad [Sabu] into co-operating by threatening him with two years in prison away from his children on the easy-to-prove ID theft charges alone if he failed to turn informant on the rest of the LulzSec crew. The feds also persuaded him to turn over the encryption keys on his battered laptop, allowing them to obtain evidence of Monsegur's "hacking activities".There's more, including information about the anti-Anonymous hackers the FBI was working with, how some LulzSec members confronted the now-turned Sabu, and how he evaded identification as a mole. It's quite a story.
There's lesson here for non-hackers as well. You have no idea who's peeping at you when you browse or chat. The FBI is apparently watching IRC traffic, and we learned years ago about "NSA telecom closets" that routinely monitor calls and internet traffic.
Anonymization services, on the other hand, are perfectly legal and have a variety of uses, especially in this world of hoped-for–PIPA and government spying.
I've seen Tor in particular recommended a number of times. More here, as well as at the google.
(To follow on Twitter or to send links: @Gaius_Publius)