A screen grab of the PBS website, showing how it looked following LulzSec’s hack-attack (Image: AP Photo)

Update: We now know that when “Sabu” – real name Hector Xavier Monsegur – gave the interview below to New Scientist, he was cooperating with the FBI to gather intelligence on Anonymous activities. Read more: “Was our interview with LulzSec hacker an FBI set-up?“

Original article, posted 4 July 2011

It was early May when LulzSec’s profile skyrocketed after a hack on the giant Sony corporation. LulzSec’s name comes from Lulz, a corruption of LOL, often denoting laughter at the victim of a prank. For 50 days until it disbanded, the group’s unique blend of humour, taunting and unapologetic data theft made it notorious. But knowing whether LulzSec was all about the “lulz” or if it owed more to its roots as part of Anonymous – the umbrella group of internet subculture and digital activism – was pure speculation. Until now.


Who is “Sabu”?

I’m a man who believes in human rights and exposing abuse and corruption. I generally care about people and their situations. I’m into politics and I try my best to stay on top of current events.

We’ve seen you cast as everything from the greatest of heroes to the most evil of villains. How would you characterise yourself?

It is hard for me to see myself as either. I am not trying to be a martyr. I’m not some cape-wearing hero, nor am I some supervillain trying to bring down the good guys. I’m just doing what I know how to do, and that is counter abuse.

What was your first experience with “hacktivism”?

I got involved about 11 years ago when the US navy was using Vieques Island in Puerto Rico as a bombing range for exercises. There were lots of protests going on and I got involved in supporting the Puerto Rican government by disrupting communications. This whole situation was the first of its kind for the island and the people didn’t expect things to go that route. Eventually, the US navy left Vieques.

How did you get involved with Anonymous?

When I found out about what happened to Julian Assange, his arrest in the UK and so on, I found it absolutely absurd. So I got involved with Anonymous at that point.

What operation really inspired you and why?

Earlier this year, we got wind of the Tunisians’ plight. Their government was blocking access to any website that reported anti-Tunisian information, including Tunileaks, the Tunisian version of Wikileaks, and any news sites discussing them.

Tunisians came to us telling us about their desire to resist. “Disrupt the government of Tunisia,” they said, and we did. We infiltrated the prime minister’s site and defaced it externally. When Tunisia filtered off its internet from the world, it was the Tunisians who came online using dial-up and literally allowed us to use their connections to tunnel through to re-deface the prime minister’s websites. It was the most impressive thing I’ve seen: a revolution coinciding both physically and online. It was the first time I had proof that what Anonymous was doing was real and it was working.

What would you like to say to people who say that you and other Antisec/Anonymous/LulzSec members are just troublemakers who have caused untold damage and loss to people for no apparent reason?

Would you rather your millions of emails, passwords, dox [personal information] and credit cards be exposed to the wild to be used by nefarious dealers of private information? Or would you rather have someone expose the hole and tell you your data was exploitable and that it’s time to change your passwords? I’m sure we are seen as evil for exposing Sony and others, but at the end of the day, we motivated a giant to upgrade its security.

But what about hacks that were done “for lulz”?

Yes, some hacks under LulzSec were done for the lulz, but there are lessons learned from them all. In 50 days, you saw how big and small companies were handling their user data incorrectly. You saw the US federal government vulnerable to security issues that could have just as easily been exploited by foreign governments. You saw affiliates of the US government handling sensitive emails and they themselves ignored the FBI’s better practice manuals about password re-use.

With the Public Broadcasting Service site, you saw the media vulnerable to fake articles. And yes, our Frontline hit [the group attacked the PBS’s Frontline television programme website after perceived unfair treatment of Wikileaks] was political, but we also showed what could happen if an organisation were to hack 50 of the biggest media publications right now, online, and distribute a mass news article designed to blend in on each outlet’s site. That kind of thing would cause some serious havoc. I mean, we’re talking about the potential of crashing stocks or spreading damaging rumours. Everything we did had a duality: a lesson and some LOLs at the same time.

When did you realise you had hit the point of no return?

I was at the point of no return when I realised that I could make a change. Operation Tunisia was it for me. Then HBGary [a security firm attacked by LulzSec]. Now Antisec is the biggest movement in years, unifying all hackers and free thinkers across Anonymous and other groups. There’s no going back.

How do you describe what Antisec is about?

Expose corruption. Expose censorship. Expose abuses. Assist our brothers and sisters during their operations in their own countries like the one we have going in Brazil now, Operation Brazil, which is about internet/information censorship. Expose these big multinational companies that have their hands in too much, that have too much power, and don’t even take the time to secure your passwords and credit cards. And finally, discussion and education. We are not sitting idly by and letting our rights get thrashed. It’s time to rise up now.

So what would an Antisec “win” look like?

There is no win. There’s just change and education.

The popularity of LulzSec and Anonymous has inspired many to follow in your footsteps. What words of wisdom do you have for them?

Those who are with me in the fight do not have to be hackers. They can be reporters, artists, public speakers. This movement is about all of us uniting against corruption. But I don’t ask anyone to take my risks. I don’t want anyone to follow me down my path.

Are you afraid of being caught?

There is no fear in my heart. I’ve passed the point of no return. I only hope that if I am stopped, the movement continues on the right path without me.

Profile Anonymous is a leaderless organisation. Among its typical strategies are website defacement, “sql injections” to extract information about files within a server, and email/fax bombing by constant barrage with the group’s demands. Messages are signed: “We Are Anonymous. We Are Legion. We Do Not Forgive. We Do Not Forget. Expect Us.”