Entrapment claims emerge after LulzSec arrests

Powered by SC Magazine
 

Did Sabu's handlers go too far?

News of several high-profile hacker arrests this week have quickly led to claims the FBI attempted to actively entrap other suspects.

Anonymous and LulzSec participant Hector Monsegur, better known in hacking circles as Sabu, is thought to have spent the better part of the past year serving as an FBI informant.

He often took to Twitter to rally his 50,000 followers to commit crimes and, as recently as last week, urged them to "infiltrate" Interpol after the police agency helped coordinate the arrests of 25 suspected Anonymous members.

At the same time, however, chat logs show the 28-year-old, who lived in a housing project on New York's Lower East Side, instigated others through more direct communication.

A hacker using the alias Havittaja this week linked to a Pastebin document that he claimed documents a January 24 chat exchange with Monsegur, in which the informant offers to provide stolen credentials to access a Brazilian government website.

"The question why he was giving me passwords if he was with the FBI?" Havittaja tweeted.

Hacking group Anonymous suggested the trove of five million Stratfor emails, leaked to Wikileaks and now progressively being published by media globally, may have been part of an FBI-sanctioned attack.

Others have suggested Monsegur may have induced people to perpetrate attacks that they may otherwise have been unable or unlikely to commit, a legal defense term known as entrapment.

"I think we're going to be hearing the word 'entrapment' a lot coming up," Gregg Housh, an internet activist and Anonymous observer who still participates in internet relay chat (IRC) discussions with members, told SC Magazine on Wednesday.

"A lot of the hacks happened under his supervision or at his behest...A lot of things might not have happened if he wasn't so vocal."

Legal quandary

But proving entrapment presents a complex legal challenge according to Pamela Johnston, a partner with Foley & Lardner and a former federal prosecutor in Los Angeles.

She said one must first show the government "had you do something", which may be true in the case of Monsegur.

The second burden of proof is more difficult, however. A defendant must show that they had never before engaged in this type of conduct, even before they interacted with an informant.

"Entrapment is a defense often discussed, but which rarely prevails," Johnston said, adding that accused individuals often have better luck arguing this defense before an appeals judge rather than a jury.

Still, juries don't typically appreciate cases in which informants go "rogue" and take their role too far.

"Deception is permitted," she said.

"A person in that circumstance is allowed to be dishonest and not truthful...[But] law enforcement is not really supposed to be turning people into criminals."

A spokeswoman for the US attorney's office in the Southern District of New York, where the criminal complaints were unsealed on Tuesday morning, declined comment when contacted by SC Magazine.

Victims at stake

Questions have also been raised as to whether Monsegur's FBI handlers permitted attacks to glean evidence used in charging others.

Housh said the devastating breach last last year of global affairs firm Stratfor could be a clear example.

According to the chat logs between Monsegur and Chicago resident Jeremy Hammond, who was charged with having a role in the Stratfor hack, Monsegur not only knew that Hammond was allegedly considering invading the company's network but also volunteered a server to store the stolen booty.

"The FBI pretty much left Stratfor out to dry," Housh said.

"They screwed over Stratfor knowingly. That pretty much blows my mind."

He added that the FBI may have done this in order to build a stronger case against WikiLeaks founder Julian Assange.

The FBI declined to comment to SC Magazine.

A Stratfor spokesman could not immediately be reached for comment.

Johnston said protocols exist within the FBI so that incidents only are permitted to progress to a certain point. In some cases, she admitted, there is victim blowback.

"That's when things get tense," Johnston said.

"You're letting entities be victimized. It's not really desirable, although sometimes it happens."

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Entrapment claims emerge after LulzSec arrests
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1799

Vote
Do you support the abolition of the Office of the Information Commissioner?