The hacker known as "Sabu" inspired fear in corporations and loyalty from his LulzSec/Anonymous associates, but when he showed up in a Lower Manhattan federal courtroom on August 15, 2011, he was a humbled man.

Hector Monsegur was there to plead guilty to 12 counts of hacking, bank fraud, and identity theft. Only 27 years old, he was facing a possible sentence of 122 years in prison for the charges—and he was also wanted in California (in two separate judicial districts), Virginia, and Georgia. The case was critical for the government; the US Attorney for the Southern District of New York, Preet Bharara, personally attended the hearing.

Monsegur had been arrested by FBI agents back in June after they had linked Monsegur to the "Sabu" name; agents found him operating out of a modest sixth-floor apartment in public housing. Neighbors had long complained about the noise and revelry from his apartment, which often went on all night long.

By August, Monsegur had agreed in principle to a plea deal with the government. He now feared for his own safety. The government, first his foe, became his protector; after all, his enemies had already correctly identified him in various Internet postings. The guilty plea hearing therefore took place in a sealed courtroom "in light of the danger to defendant," said Judge Loretta Preska in a transcript of the hearing obtained by Ars Technica.

Monsegur was polite, saying little but "Yes" and "Yes, your honor" as the the judge ensured that he was making a plea voluntarily, and that it was in his best interests to do so. The deal on offer was "a little unusual," as Assistant US Attorney James Pastore told the court. It was a "global" plea deal that applied not just to the charges brought by Bharara and his staff, but by any charges that might be filed by the other 93 US Attorneys in the country.

Monsegur would agree to help the government make its case against his former associates and he would plead guilty to a string of offenses. The government would ask for leniency, but Monsegur was guaranteed a minimum two year prison sentence, and he agreed to pay restitution. The plea deal did not cover any criminal tax violations; if Monsegur had screwed the IRS, he was on his own.

Confession

The agreement was acceptable to the court, but the judge had one further question. "And do I understand that you are offering to plead guilty because you are in fact guilty?" Monsegur answered a short "yes." And with that, it was time to confess on the record.

"Tell me what you did, sir," said Judge Preska, and Monsegur began.

All of the illegal conduct I am about to admit took place between 2010 and 2011. All of the conduct also involved the use of a computer located in Manhattan. I was not authorized to gain access to any of the computer systems involved in my offense conduct. For the conduct referred to in Counts One to Eight it was my intent to cause damage to these systems. As a result of this conduct, damages of $5,000 occurred in each instance... I agreed with others to participate in a scheme, and I personally participated in a DoS attack on computer systems, PayPal, MasterCard, and Visa. I also participated in those attacks against computer systems of Tunisia and Algeria. In addition, I attempted to obtain information from the EAGLE server of Zimbabwe. I knew my conduct was illegal... I agreed with others to participate in the scheme and personally participated in obtaining access to a PBS Web site and defaced it...I also participated to gaining access to computer systems used by Sony Pictures and stole confidential information... I also participated in a cyber attack on the systems of Infraguard-Atlanta... I agreed with others and personally participated in cyber attacks on the systems of HBGary and Fox resulting in a loss of more than $5,000, and I knew my conduct was illegal.

And so it went, down the list of known and suspected hacks. One surprise emerged.

"I gained unauthorized access to the computer systems of an auto supply company with the intent to defraud the company," Monsegur admitted, "and fraudulently caused about $3,456 worth of automobile motors to be shipped to myself. I knew the conduct was illegal."

He also admitted to using stolen credit card numbers to "pay my own bills" and to obtaining "names, Social Security numbers, and addresses of [bank] accounts and account holders."

Some of this involved hacking; some did not. After a moment of confusion, the judge asked Monsegur to clarify how he had obtained bank account information and Social Security numbers.

"I downloaded the PDFs of TurboTax returns that were publicly accessible over Google, and that's it," he responded. "And due to the downloading of the PDFs, I had access to the bank account information, Social Security numbers, names, and all of that."

"Great personal danger"

With that, the hearing came to a close, but it would leave no record in the court's official docket. Not only were all documents around the case sealed, but the case itself was subject to "delayed docketing." As the judge noted in her final remarks, "the facts here are sufficiently unique that it is possible that the defendant could be identified and, thus, be in great personal danger."

As Monsegur left the courthouse and stepped out into Pearl Street's August heat, he had a new secret—one that he would have to keep for the next seven months until his betrayal splashed onto the front pages of newspapers around the world.