Keep Your Friends Close, Especially If They Are Anonymous

Sabu's traitorous ways reminds us of the sage advice to keep your friends close and your enemies closer

Mike Rothman, Analyst & President, Securosis

March 22, 2012

3 Min Read
Dark Reading logo in a gray background | Dark Reading

Hindsight is 20/20. It must be, since it seems no one was surprised by the big reveal that a main player in LulzSec and Anonymous, a fellow code-named "Sabu," had been working with the FBI and ratted on some of his partners in crime -- except maybe those said partners, as they were being led out of their hovels by federal agents.

Sabu acted to save himself, as it seems someone who outwardly cared about no one did care about the two young girls in his care. Maybe he reduced his sentence a little by cooperating, but I think he'll find his hacking skills relatively useless in the big house. Unless he becomes the sysadmin for the jail for $2.50 an hour. What could go wrong with that?

The other folks arrested will also spend some time in the big house, that much is clear. As Baretta says, "If you can't do the time, don't do the crime."

But there are some instructive lessons here. First, in terms of how they caught Sabu, evidently he forgot to run his session through Tor on a few occasions and the FBI tracked his IP address. From there they got the proper warrants to monitor what he was doing and had him dead to rights. Game over. Security folks complain the bad guys have to be right only once to compromise a system. That is true, but the sad tale of Sabu shows that the bad guys also need to be right every time to not get caught. They can never put their guard down. The FBI is watching. Always.

Ultimately, we learn once again that crime doesn't pay -- especially when the crime isn't financially motivated. They are banking on change, so let's ask the question: Has anything changed from the journeys of the Lulz boat? Maybe, but probably not the change the hacktivists intended. It has definitely been a wake-up call for organizations that they can (and probably will) be attacked in a brazen fashion. Maybe they'll even improve their security programs. Sony? Bueller? Bueller?

Will the turning of Sabu act as a deterrent to the cybervigilantes? If you listen to the rhetoric coming via the Anonymous marketing machine, then probably not as they are talking about the next dox drop and defacing on Twitter as you read this. But I'm not so sure. Seems these folks forgot about basic human nature. The self-preservation gene is strong in humans, as is the need to protect offspring. Every person has a breaking point, and law enforcement seems to be pretty effective at finding it. So there are decent odds that they've turned many other folks within these groups.

Remember, many of these folks don't "really" know each other. Do you think they continue to trust with a jail sentence on the line? That's to be determined, but in the good ol' days if you turned on your partners in crime, then they took it out on your family. There doesn't seem to be a similar retribution model among hacktivists. Not yet, anyway. And we'll also hear about hacktivism is an ideal, not a person or a group.

Some of those folks are questioning with whom they are collaborating. Just as you don't know whether someone on the Internet is a dog, you don't know whether Sabu is really an FBI turncoat. And that sows the seeds of mistrust, which is the death knell of any crime syndicate, formally organized or not. There is one security truism that definitely applies in this case, and that's: "Trust No One." I don't think truer words were ever spoken.

Mike Rothman is President of Securosis and author of The Pragmatic CSO.

About the Author

Mike Rothman

Analyst & President, Securosis

Mike's bold perspectives and irreverent style are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and compliance. Mike is one of the most sought after speakers and commentators in the security business and brings a deep background in information security. After 20 years in and around security, he's one of the guys who "knows where the bodies are buried" in the space.

Starting his career as a programmer and a networking consultant, Mike joined META Group in 1993 and spearheaded META's initial foray into information security research. Mike left META in 1998 to found SHYM Technology, a pioneer in the PKI software market, and then held VP Marketing roles at CipherTrust and TruSecure - providing experience in marketing, business development, and channel operations for both product and services companies.

After getting fed up with vendor life, he started Security Incite in 2006 to provide the voice of reason in an over-hyped yet underwhelming security industry. After taking a short detour as Senior VP, Strategy and CMO at eIQnetworks to chase shiny objects in security and compliance management, Mike joins Securosis with a rejuvenated cynicism about the state of security and what it takes to survive as a security professional.Mike published "The Pragmatic CSO" in 2007 to introduce technically oriented security professionals to the nuances of what is required to be a senior security professional. He also possesses a very expensive engineering degree in Operations Research and Industrial Engineering from Cornell University. His folks are overjoyed that he uses literally zero percent of his education on a daily basis.

He can be reached at [email protected]. Follow him on Twitter @securityincite

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights