The Justice Department indicted Matthew Keys, the deputy social media editor for Reuters.com, for allegedly conspiring with members of Anonymous and giving them login information so they could “hack into and alter” the Los Angeles Times‘ website.
The indictment should raise suspicion, however, because Hector Xavier Monsegur or “Sabu,” who the FBI flipped and used to catch and, to some extent, entrap LulzSec hackers, is likely involved in the indictment.
Keys is charged with “conspiracy to cause damage to a protected computer,” “transmission of malicious code” and “attempted transmission of malicious code.”
From Matthew Keys’ indictment, US Attorney Benjamin B. Wagner, who prosecuted “Sabu,” and Assistant Attorney General Mythili Raman allege, “Between on or about December 8, 2010, and or about December 15, 2010, in the State and Eastern District of California and elsewhere, Matthew Keys, together with at least one other person, did conspire to knowingly cause the transmission of a program, information, code and command and, as a result of such conduct, intentionally caused damage without authorization to a protected computer, causing loss to a person during a 1-year period aggregating at least $5,000 in value,” which violated a section of the Computer Fraud and Abuse Act.
Who could that other person be? On March 14, the same day as this indictment, Wagner and Assistant US Attorney Matthew D. Segal filed a “notice of related cases” to the United States District Court for the Eastern District of California, where the indictment was filed.
Both cases related to computer hacking attacks by the group that called itself “Anonymous.” The Keys case alleges that Keys gave login credentials to members of Anonymous and encouraged them to vandalize the web site of his former employer, a news organization. Defendant Monsegur, who used the nickname “Sabu,” appeared in the Internet chat log at the core of the Keys case, and, in that chat log, offered advice on how to conduct the network intrusion. Monsegur later became a cooperating defendant in the Southern District of New York.
In Parmy Olson’s book, We Are Anonymous, Olson writes that Sabu claimed, “Keys had given away administrator access to the online publishing system of Tribune, his former employer, in return for a chance to ‘hang out in our channel.'” Keys denied this.
“Sabu” sent this tweet:
In his indictment, it alleges, “In or about early 2011, Monsegur and his co-conspirators misappropriated login credentials to access the Tribune Company’s computer systems without authorization.”
“Sabu” had his sentencing on twelve counts of violating federal law, which carried a potential total sentence of 124 years in prison, postponed without explanation in February. In August of last year, he had his sentencing hearing postponed for six months. According to prosecutors, this was because of continued cooperation with federal agents.
According to a New York Magazine article, on June 7, 2011, he was arrested and then “secretly arraigned in a federal courtroom in lower Manhattan and released on his own signature” on the following day. He entered LulzSec chatrooms and “overachieved for the FBI, working diligently ‘since literally the day he was arrested,’ an assistant US Attorney said. He was ‘staying up sometimes all night … helping the government build cases’ against friends who the US government later called his ‘co-conspirators.'”
One could argue he helped the FBI entrap Jeremy Hammond, who is being prosecuted for hacking into Stratfor and releasing emails to WikiLeaks. Hammond’s criminal complaint reads:
As discussed in more detail below, at or around the time the Stratfor Hack took place, CW–1, at the direction of the FBI, provided to HAMMOND and his co–conspirators a computer server in New York, New York, which could be used to store data, and to which HAMMOND and his co-conspirators in fact transferred data} I have spoken to an employee of the FBI who reviewed the transferred data, and learned that it was similar in content and format to the data found in the files found on the .onion server discussed above.
CW-1 is “Sabu.”
On March 18, 2011, details on Keys’ activity in secret chat rooms where members of Anonymous were planning attacks on websites. Keys posted a statement on Tumblr where he claimed, “I identified myself as a journalist during my interaction with the top-level Anonymous hackers and at no time did I offer said individuals any agreement of confidentiality. In fact, I asked several of them for their feelings should they be exposed. They seemed, by and large, indifferent.” He also described handing over chat logs from his access to secret chats for a two-month period to media organizations.
Keys, himself, thought “Sabu” “trusted” him and he wrote in a post for Reuters on March 7, 2012:
In late December 2010, Sabu confided in me some personal details. He said he was a single, unemployed foster father of two children, and was living on government assistance,. He said he lived in the metropolitan area of New York (he was arrested at his apartment on east side of Manhattan, in fact) where he would take on technology gigs as they came. If none came for a while, he would hack into a vulnerable server used by an e-commerce website, obtain a few hundred — maybe a few thousand — names and credit card numbers, and sell them to other hackers. Before selling them, he’d make sure the credit cards were still valid by charging small donations to a variety of charities — the American Red Cross was a favorite among Sabu, Kayla and other hackers.
According to the post, Keys lost his access in January 2011. Also, while in the chats, he recorded the logs.
He wrote that he told “Sabu” he “recorded the conversations that took place in the InternetFeds chat room — not as text logs, but as screen shots, just to refute any future claims that the text had been manipulated if they were discovered or published” and “Sabu was unhappy.”
If the FBI truly thought Keys had done something, he could have been indicted long, long ago. He could have been arrested when agents identified six men—including Hammond and “Sabu”—and made charges against them public. Perhaps, the fact that Keys had identified himself as a journalist in the chat room did not lead the Justice Department to indict him until now. Maybe, even though federal agents would have had the tweet from “Sabu” on Keys, they did not believe it.
The indictment alleges that on December 8, 2010, he gave “one conspirator” unauthorized access to computer systems of Fox.” He responded under the name AESCracked, “It takes a while to grant one username permission to every site. I’m doing that now.” Then he joined the secret “InternetFeds” chat room and allegedly told “unidentified individuals that he was a former employee” and “proceeded to give them a username and password and told them to ‘go fuck some shit up.'”
Who knows where the FBI obtained this information in the indictment, but would it be surprising to find out this is all from “Sabu” or that he is the “one conspirator” referenced in the indictment?
Publicly, Keys presented himself as someone acting as a journalist in the chats with Anonymous members. He ended up writing a story on his time spent in chats so it is troubling to think the FBI may be going after an employee of a media organization to flip him and have him inform on what he knows about people in Anonymous. Even if he offered no protection to those in the chats and said they could be exposed, it is bothersome to think the investigators are going to go through his communications now and use the communications to piece together details that could lead to the indictments of others. This prosecution is almost guaranteed to destroy Keys’ life and one thing on his mind will be what he can share to make some kind of a deal (provided he knows anything the FBI doesn’t already know).