Sabu’s dramatic involvement in Anonymous might never have happened if it weren’t for an important introduction: around mid-December 2011, Tflow invited Sabu, who in real life was a twenty-eight-year-old New Yorker with a string of criminal misdemeanors behind him, into the #InternetFeds chat room. It was in this chat room that Sabu first met Kayla and other hackers who would help him attack myriad other targets with the mission of revolution in his mind. Until now, Anonymous raids had reacted to circumstance: Chanology because of Tom Cruise; Operation Payback because a few companies snubbed WikiLeaks. But Sabu wanted Anonymous to be more than just kids playing hacker. He wanted Anonymous to change the world.
Sabu was an old-time cyber punk. He did not use words like moralfag and lulz, and he did not go on 4chan. He conquered networks, then basked in his achievement. He was more interested in the cachet of taking over entire Internet service providers (ISPs) than pranking Scientologists. While 4chan trolls like William were looking for random fun, Sabu wanted to be a hero by taking figures of authority down a notch or two. He did not shy away from big targets or big talk. In his decade underground he claimed to have taken control of the domain-name systems of the governments of Saudi Arabia, Puerto Rico, the Bahamas, and Indonesia.
Sabu was known to exaggerate, and other hackers who dealt with him listened to his claims with some skepticism. Though he was highly skilled, Sabu would often lie about his life, telling people things he perhaps wished were true—that he came from Puerto Rico; that his real mother had been an upstanding member of the local political community; that in real life, he was married and “highly successful in his field.” The truth was that he was jobless, insecure, and struggling to support his family.
Sabu’s real name was Hector Xavier Monsegur. He lived in a low-income housing project on New York’s Lower East Side, and with help from government welfare, he supported his five brothers, a sister, two female cousins for whom he was legal guardian, and a white pit bull named China. Monsegur would refer to the two girls, who were seven and twelve, respectively, in 2012, as his daughters. He was of Puerto Rican descent and a stickler for left-wing activism. As a child, he listened to tales of the El Grito de Lares revolt and told his family that one day, he would launch his own revolution.
Born in New York City in 1983, Monsegur grew up in relative poverty. His father, also named Hector, and his aunt Iris sold heroin on the streets. When Monsegur was fourteen, they were both arrested for drug dealing and sentenced to seven years in prison. Monsegur went to live with his grandmother Irma in a sixth-floor apartment in the Jacob Riis housing project on New York’s Lower East Side.
As he settled into his new home, he discovered The Anarchist Cookbook, the notorious book originally published in 1971 that led him to tips for hacking phone lines to make free calls as well as directions for making napalm bombs out of soap. His grandmother could not afford a fast Internet connection, so the young Monsegur followed instructions to get the family computer hooked up to the Internet service EarthLink for free. As he explored the Web, he also found his way onto EFnet, a storied Internet relay chat network popular with hackers that Kayla would join years later. Monsegur eventually came across an online essay from a notorious 1980s hacker nicknamed the Mentor. It was called “The Hacker’s Manifesto” and spoke to Monsegur more than anything else he had read online. The Mentor, whose real name was Lloyd Blankenship, had written the short essay on a whim on January 8, 1986, a couple of hours before police arrested him for computer hacking.
“Did you, in your three-piece psychology and 1950’s technobrain, ever take a look behind the eyes of the hacker? I am a hacker, enter my world.…”
“Oh man,” Monsegur said, recalling the event years later in an interview. “That right there is what made me who I am today.” The last line of the manifesto was especially resonant for him: “My crime is that of outsmarting you, something that you will never forgive me for.”
The idea that figures of authority, from teachers to the media, misunderstood the true talents of hackers was something Monsegur understood all too well. As a young Latino living in the projects where his own family dealt drugs, he did not fit the description of nerdy computer hacker. More than likely he was confronted by people who doubted his abilities. But he was eager to learn. After successfully hooking his family up with free Internet, Monsegur wanted to find the next challenge to conquer.
He read more online, experimented, and took a few pointers from people on IRC networks like EFnet. Still at just fourteen, Monsegur taught himself software programming in Linux, Unix, and open-source networking.
Outside of school, Monsegur was showing off his talents: he joined a local training scheme for talented young programmers called the NPowerNY Technology Service Corps, then got work experience researching network security at the Welfare Law Center. At eighteen he had joined mentoring program iMentor as a technology intern.
By now he had grown into a tall, broad-shouldered young man, but he had a tenuous relationship with authority. According to an essay the teenaged Monsegur wrote in August 2001, it boiled down to an incident at his Washington Irving High School in Manhattan. He had been working for the school during class hours, installing Windows on what he called their “obsolete” computers, when one day while Hector was walking through the school’s metal detector, its chief of security stopped him to ask about the screwdriver he was carrying.
“I am the geek that fixes your system when you forget not to execute weird .exes,” he recalled saying.
“Hey, don’t give me an attitude, boy,” the head of security replied, staring at him. Monsegur explained it again. He was a student who worked on the “non-functioning computers during my school time.” The security head took the screwdriver.
“Thanks,” he said. “I’m keeping this.” Embarrassed and angry, Monsegur wrote a complaint and gave it to the school’s authorities, accusing the security head of “corporal punishment” and “disrespect.” When the complaint was ignored, he distributed a “controversial piece of writing” to his teachers. During class, the school’s principal paid him a visit, asking if he would step aside so they could talk. He and other school officials found Monsegur’s writing threatening, he said.
“The guy stares me down,” Monsegur wrote in his essay. “Disrespects me physically in front of tens of students. What happened to my complaint? Where is the justice I seek?” Monsegur felt jilted. Weeks later he got a call from his teacher, who he described as saying he was “temporarily expelled from the school.”
Monsegur replied, “Very well then, it is such a shame that one such as myself would have to be deprived of my education because of my writing.” Just as the teacher was about to reply, Monsegur hung up. New York’s Administration for Children’s Services then requested he meet with a psychologist for a mental evaluation. Monsegur claimed that he passed. But he also left high school without finishing the ninth grade.
Online, he could live out his ambitions and avoid the “disrespect” he felt from figures of authority. By now he was learning how to break into the web servers of big organizations, from Japanese universities to third-world governments. Monsegur liked the buzz of subjugating a computer system, and soon he was veering from protecting them on his internships, to breaking into them in his spare time.
He had meanwhile discovered hacktivism. When he was sixteen and watching TV one day, Monsegur saw a news broadcast about protests in Vieques, an island off the coast of Puerto Rico. The U.S. Navy had been using the surrounding waters as a test-bombing range, and a year earlier, in 1999, a stray bomb had killed a local civilian guard. The guard’s funeral received global press attention and sparked a wave of protests against the bombings. In the TV broadcasts, soldiers pushed against protesters, including the Reverend Al Sharpton, a community leader in New York that Monsegur had become aware of through his growing interest in left-wing activism. Something snapped inside him.
He went to his computer and drew up a network map of the entire IP space for Puerto Rico, and he found that a company called EduPro was running the government sites. He hacked into the servers, discovered the root password, and got administrative access. In the heat of the moment, he also typed up an angry missive in Microsoft Word, ignoring his own typos: “Give us the Respect that we deserve,” he wrote. “Or shall we take it by force? Cabron.” He brought down the Puerto Rican government’s websites and replaced them all with his message, which stayed up for several days. Smiling at his work, Monsegur considered this his first act of hacktivism. When the U.S. military gave control of the Vieques base back to the locals two weeks later, he felt it was partly thanks to him.
Monsegur wanted to keep going. He threw himself into hacking, joining the first stirrings of a cyber war between American and Chinese hackers, which mostly involved young men from each side trash-talking and defacing websites in the other side’s country. Operation China took place in 2001, the same year that Monsegur appears to have dropped out of high school. Beijing at that time had refused to give President Clinton access to a U.S. spy plane that had collided with a Chinese fighter jet and crash-landed on Hainan island. The surviving U.S. crew were held for eleven days, and in that time a few gung-ho American computer hackers like Monsegur broke into hundreds of Chinese websites and defaced them with messages like “We will hate China forever.” The Chinese hackers hit back with the likes of “Beat down Imperialism of America.” By this point, Monsegur was regularly using the nickname Sabu, borrowed from the professional wrestler who was popular in the 1990s for his extreme style, and who played up his minority status by claiming to be from Saudi Arabia, when he was actually from Detroit and of Lebanese descent. Sabu, similarly, claimed online to be born and bred in Puerto Rico.
Monsegur’s group was called Hackweiser; it was founded in 1999 by a talented Canadian hacker nicknamed P4ntera. It counted between ten and fifteen hackers as members when Monsegur joined. His role in the group was one that would remain the same a decade later: he hacked into, or rooted, as many servers as he could. Later in 2001, after Sabu had spent several months learning the ropes with Hackweiser, P4ntera suddenly went missing. Monsegur realized that if the group’s charismatic leader could get arrested, the same could happen to him. He wrestled with his ego. He loved seeing “Sabu” gain notoriety for the audacious hacks he was carrying out, but he did not want to go to jail.
“We humans suffer from egos,” Sabu later remembered. “We have a need to have our work appreciated.” But Monsegur decided to play it safe, and he stopped all public use of the name Sabu and went underground for the next nine years. If “Sabu” ever appeared online, it was only in private chat rooms. He also tried using his programming skills for legitimate means. In 2002 he started a group for local programmers in Python, a popular programming language. Introducing himself as Xavier Monsegur, he invited others to “integrate their knowledge into one big mass of hairy information” and said that the site he had made was “nere [sic] its final layout state…It’ll be all about us, our knowledge, our ideas, just ‘us’ having a fun time and enjoying what we have and can do.”
The sociable programmer went on to freelance for a Swedish IT security company called Tiger Team, then found work with the peer-to-peer file-sharing company LimeWire. He continued living with his grandmother and used his computer-hacking skills to help neighbors in the apartment block fraudulently raise their credit ratings. Money thus came sporadically from both legal and illegal sources: sometimes it was from Monsegur’s legitimate work; other times it was from selling marijuana on the streets, or hacking into a computer network to steal credit card numbers.
But problems came all at once in 2010, when he was twenty-six. Monsegur’s father and aunt had been released from prison, but his aunt Iris had resumed selling heroin and that year was arrested again. She left her two daughters in Monsegur’s care, and he got legal custody. At around the same time, he lost his job at LimeWire after the recording-industry group RIAA hit the company with a $105 million lawsuit and it was forced to lay off workers. Worse, Monsegur’s grandmother with whom he had lived since the age of fourteen died.
“That messed him up,” a family member later told the New York Times, referring to his grandmother’s death. Monsegur became more disruptive, hacking into auto companies and ordering car engines and disturbing his neighbors by playing loud music, often until 4:00 a.m. in the home where his grandmother no longer lived. Monsegur was unemployed and drifting.
Then in early December, out of nowhere, Anonymous burst onto the scene with WikiLeaks, offering a cause that Monsegur could be passionate about. He watched the first attack on PayPal unfold and saw echoes of his work with Hackweiser and his protest attack for the island of Vieques, but on a much grander scale. He would later say that Anonymous was the movement he had been waiting for all those years “underground.”
On December 8, when AnonOps had its highest surge of visitors for the initial big attack on PayPal, Monsegur signed into the public chat room, using the nickname Sabu for the first time in almost a decade. It was chaos on AnonOps IRC, with hundreds of trolls and script kiddies (wannabe hackers) all talking over one another.
“We need the name of the wired employee who just spoke on cnn,” he said, referring to Wired magazine’s New York City bureau chief, John Abell. “john swell? john awell? pm me the name please.!!!” As Sabu, he repeated the request three times. Eventually he zeroed in on Tflow, who was dropping advanced programming terms. After Sabu and Tflow talked via private messages, neither of them revealing his true location or any other identifying information, Tflow showed Sabu into the secret channel for hackers, #InternetFeds.
#InternetFeds was secure and quiet. In the open AnonOps chat rooms, hundreds clamored for large, impossible targets like Microsoft and Facebook. There was little point trying to reason with the horde and explain why those targets wouldn’t work, that you needed to find a server vulnerability first. It was like trying to explain the history of baseball to a noisy stadium full of people itching to see a home run. It had been the same in Chanology, when the #xenu channel was backed by the quiet planning in #marblecake. Discord grew in #operationpayback over who should feel the wrath of Anonymous next; the WikiLeaks controversy was receding from the headlines, and the hackers had grown bored with trying to attack Assange’s critics. Sabu, Kayla, and the others in #InternetFeds increasingly talked about focusing their efforts on another growing news story: revolution in the Middle East.
Sabu was already interested in the region, having attended a protest march or two for Palestine when he was younger. Now he and the others were seeing articles about demonstrations in Tunisia that had been sparked by documents that WikiLeaks had released. Tunisia’s government was known for aggressively censoring its citizens’ use of the Internet. Websites that were critical of the government were hacked, their contents deleted and their servers shut down. Locals who visited prodemocracy e-newsletters and blogs would often be met with error messages.
In early January of 2011, the government censorship appeared to get worse. Al Jazeera reported that the Tunisian government had started hijacking its citizens’ Facebook logins and password details in a process known as phishing. Normally this was a tactic of cyber criminals; here, a government was using it to spy on what its citizens were saying on social networks and mail services like Gmail and Yahoo. If officials sniffed dissenters, they sometimes arrested them. Locals needed to keep changing their Facebook passwords to keep the government out. At a time when the country of more than ten million people was on the edge of a political revolution, protesters and regular citizens alike were struggling to avoid government spies.
The hackers in #InternetFeds came up with an idea, partly thanks to Tflow. The young programmer wrote a web script that Tunisians could install on their web browsers and that would allow them to avoid the government’s prying eyes. The script was about the length of two sides of paper, and Tflow tested it with another Anon in Tunisia, nicknamed Yaz, then pasted it onto a website called userscripts.org. He and a few others then advertised the link in the #OpTunisia chat room on AnonOps, on Twitter, and in digital flyers. It got picked up by a few news outlets. The hacktivist Q was one of the #InternetFeds members and also one of the dozen channel operators in the #OpTunisia channel. He began talking with Tunisians on AnonOps—the ones who were web-savvy enough to access it via proxy servers—and encouraged them to spread news of the script through their social networks.
“OpTunisia fascinated me,” Q later said in an interview. “Because we actually did make an impact by pointing Western media to the things happening there.” Within a few days, news of the script had been picked up by technology news site ArsTechnica and it had been downloaded more than three thousand times by Tunisian Internet users.
Sabu was impressed, but he wanted to make a different kind of impact—a louder one. Thinking back to how he had defaced the Puerto Rican government websites, he decided he would support the Tunisian revolution by embarrassing its government. It helped that Arab government websites were relatively easy to hack and deface.
Sabu and a few others from #InternetFeds discovered there were just two name servers hosting Tunisia’s government websites. This was unusual—most governments and large companies with Web presences ran on several name servers, so a hacker taking down a few usually didn’t do much damage. In Tunisia’s case, however, shutting down just two name servers would take the government completely offline.
“It was a very vulnerable set-up,” one hacker that was in #InternetFeds recalled. “It was easy to shut them off.”
To take the Tunisian servers offline, Sabu did not use a botnet. Instead, he later claimed, he hijacked servers from a web-hosting company in London that allowed him to throw ten gigabytes worth of data per second at the Tunisian servers. These were broadcast servers, which could amplify many times the amount of data spam of a basic server; it was like using a magnifying glass to enhance the sun’s rays and destroy a group of ants. Sabu single-handedly kept the Tunisian servers down for five hours. Soon, though, authorities on the other side were filtering his spoofed packets, like the owner of a mansion telling his butler not to bring in mail from a particular person. The traffic he was sending was losing its effect. Undeterred, Sabu called an old friend for help, someone he knew from his days of dabbling in cyber crime. While Sabu hit the first name server, the other took down the second.
Tunisia was where Sabu really got involved in Anonymous for the first time. He not only took down the government’s online presence; he and a few others also trudged through dozens of government employee e-mails.
But the government fought back again. It blocked all Internet requests from outside Tunisia, shutting itself off from foreign Internet users like Sabu. Sabu wanted to deface the site of Tunisian prime minister Mohamed Ghannouchi, but he would have to do that from inside the country, and he wasn’t about to get on a plane. So on January 2, he signed into the #OpTunisia chat room with its dozen channel operators and several hundred other Anons from around the world, including Tunisia. There was talk of using proxies and potential DDoS attacks; questions about what was going on. Then Sabu hit the caps lock key and made his grand entrance.
“IF YOU ARE IN TUNISIA AND ARE WILLING TO BE MY PROXY INTO YOUR INTERNET PLEASE MSG ME.” The room went almost silent. After a few minutes, Sabu got a private reply from someone with an automated username like Anon8935—if you didn’t choose a unique nickname on AnonOps, the network would give you one similar to this—a man who claimed to be in Tunisia. Sabu didn’t know the man’s real name and didn’t ask. He didn’t know if Anon8935 was sitting in the sweltering heat of a city or tucked away in a quiet suburb. The man said only that he’d been a street protester and now wanted to try something different, something with the Internet. Trouble was, Anon8935 didn’t know a thing about hacking. Sabu gave him some simple instructions, then said, “My brother. Are you ready?”
“Yes,” the other replied.
“You realize I’m going to use your computer to hack pm.gov.tn?”
“OK,” the main replied. “Tell me what to do.”
Sabu sent over some brief instructions for downloading and installing a program that would let Sabu take control of the man’s computer. Soon he was operating on an antiquated version of Windows and an achingly slow Internet connection.
“See me?” Sabu asked, moving the mouse cursor.
“OK!” the man typed back.
Sabu set to work while the Tunisian man sat and watched. Sabu opened up the command prompt and began typing programming code that his new friend had never seen before, a lengthening column of white text against a black background representing the back roads of the Web. About forty minutes later, Sabu brought up the official website of Tunisia’s president. Sabu imagined the man’s eyes growing wider at this point. Within minutes, the president’s official website was gone, replaced by a simple white page with black lettering. At the top, in large Times New Roman font, it read “Payback is a bitch, isn’t it?” Underneath was the giant black silhouette of a pirate ship and the name Operation Payback. The word operation reinforced the idea that this wasn’t just a protest or anarchy; it was a mission.
In the meantime, Tflow had told Topiary that a hack on Tunisia was under way, and he asked if he could create an official deface statement. Topiary wrote it up and passed the statement to Tflow, who sent it to Sabu, who used it to replace the official site of Tunisian prime minister Ghannouchi. “Greetings from Anonymous,” the home page of pm.gov.tn now read. “We have been watching your treatment of your own citizens, and we are both greatly saddened and enraged by your behavior.” It carried on dramatically before ending with the tagline: “We are Anonymous, We are legion…Expect us.”
Sabu stared at the new page and then sat back and smiled.
“You don’t know the feeling of using this guy’s Internet to hack the president’s website,” he later remembered. “It was fucking amazing.” The Tunisian government had set up a firewall to stop foreign hackers from attacking its servers; it had never expected attackers to come from within its own borders.
“Thanks, brother,” Sabu said. “Make sure to delete everything you downloaded for this and reset your connection.” After a few minutes, the man went offline, and some days later, Sabu hung a Tunisian flag in his house. Sabu then heard that the man had been arrested. While he felt bad for his volunteer, Sabu did not feel guilty. A higher cause had been served. “Operation Tunisia,” Sabu later recalled, “was the beginning of a serious technical advancement for Anonymous.”
On January 14, Tunisian president Ben Ali stepped down. It was a landmark moment, following a month of demonstrations by thousands of Tunisians over unemployment and Ali’s overarching power and culminating in a new form of online protest, an alliance of people on the other side of the world working with local citizens.
Ali fled Tunisia and took a plane to Saudi Arabia, and Sabu ended his weeks-long attack on Tunisian government servers. By February, Ghannouchi would resign too, and over the coming months, Internet censorship in the country would fall dramatically. In the meantime, Sabu, the hackers in #InternetFeds, and the Anons on AnonOps turned their attention to other countries in the Middle East. Sabu worked with hackers to take government websites in Algeria offline, then accessed government e-mails in Zimbabwe, seeking evidence of corruption. Sabu and Kayla continued doing the rooting; Tflow did the coordinating; and Topiary wrote the deface messages. Anonymous’s new Middle East campaign was moving at light speed, with teams of volunteers hitting a different Arab website almost every day. They were spurred on by the vulnerabilities they discovered, the newfound camaraderie—and the resulting media attention.
Kayla in particular was on a roll, but not just because she wanted to support the revolution. The hacker had struck a secret deal with someone who claimed to be with WikiLeaks.