Cracking the code: How the FBI stung two Irish hackers

When a US court charged two Irish students in their absence for their alleged involvement in some of the world’s most notorious hacking scandals, the FBI’s New York field office issued a release highlighting the international nature of the investigation and all the forces involved on either side of the Atlantic.

It was an operation which relied heavily on intercontinental co-operation. Indeed, the first Birr native and Trinity College student, Donncha O’Cearrbhail, knew of the operation being mounted against him when he was arrested by gardaí in the midlands last September.

An examination of the evidence against the culprits makes it is clear that FBI intelligence — with a massive degree of luck — was the driving force behind the arrests. Intelligence was certainly key to tracking down the alleged leader of the hackers, Hector Xavier Monsegur.

Yet the agents who collared him could not have anticipated the extent of the co-operation the 28-year-old Puerto Rican New York resident was willing to provide in order to, if not save his own skin, at least ensure that skin was in prison for as little time as possible.

It is highly unlikely Monsegur had much of a personal relationship with any of his fellow hackers. That may well explain why he so spectacularly sold them out.

Monsegur, the man who has admitted staging cyber attacks against the websites of the governments of Algeria, Yemen and Zimbabwe, as well as major credit card companies Visa and Mastercard, was arrested on Jun 7. Prosecutors later revealed it took a matter of hours for him to start spilling the beans on his co-conspirators.

“Since literally the day he was arrested, the defendant has been co-operating with the government proactively,” assistant US attorney James Pastore told a US court on Thursday. “The defendant has literally worked around the clock with federal agents. He has been staying up, sometimes all night, engaging in conversations with co-conspirators that are helping the government to build cases against those co-conspirators.”

Not only did he lay traps for his fellow hackers, he also prevented further attacks just before they happened. The prosecutors said that by August, he had worked with the FBI to “patch” 150 vulnerabilities in computer systems being targetted by hackers.

According to papers released by the southern district of New York, the FBI were able to use Monsegur’s know-how to get what ultimately could prove crucial evidence against Donncha O’Cearrbhail.

The papers quote FBI special agent George K Schultzel as saying that a person using the alias “anonsacco” — an alias which it is claimed is Mr O’Cearrbhail’s — had an internet message chat with Monsegur in mid-January. During that chat, anonsacco said to Monsegur, whose alias is Sabu: “Hi mate, Could I ask for your help? I need to intercept a conference call which would be a very good leak.” Anonsacco revealed he had the time, phone number and pin for that conference call.

As it turned out that was no ordinary conference call. It was a call between the FBI, gardaí and other law-enforcement agencies about Anonymous. And it came almost four months after Mr O’Cearrbhail had been arrested by gardaí investigating the hacking of the Fine Gael website. The FBI say the Trinity student later sent Monsegur a transcript of the call. In fact, in November last year, it is alleged, the Irish student even told Monsegur he had been “v&”, an internet slang for being arrested, as in taken away in a police van.

However, to say that the other men who stand accused — two Irish, one American and two English men — would not have been caught but for Monsegur’s enveloping self-preservation, would be a disservice to the FBI.

A huge effort has been made to track the internet activities of the alleged suspects and a number of other, as yet unnamed, offenders. For example, as they were building the case against Mr O’Cearrbhail, officers obtained a search warrant to examine the Facebook account of an unnamed “co-conspirator.”

From that account, they were able to trace an electronic message from another Facebook user with the name “Donncha Carroll” which contained computer codes which produced the same damage as appeared on the Fine Gael website when it was defaced early last year.

While a lot of detail has been released by US law enforcement agencies on the methods and information used to track Mr O’Cearrbhail, there has been little on the other Irishman, NUI Galway student Darren Martyn. All that has been released are the hackings to which he has allegedly been linked and the charges and possible jail time he could face if convicted.

While Mr O’Cearrbhail was arrested and subsequently released by gardaí this week, Mr Martyn was not brought in for questioning again.

He was arrested and released by gardaí in September in relation to the infiltration of the Fine Gael website and this week used his Twitter account to claim he turned his back on hacking prior to that arrest.


Lifestyle

Timothy Grady is in Bantry this week to host a concert, and read from his classic book about the Irish in London, writes Don O'Mahony.Giving voice to the emigrant experience

A care home builds links with kids, writes Helen O’Callaghan.Inside out: Children learn what it's like to live with dementia.

When you think of someone who is “into skincare”, you probably imagine someone in a face mask.The Skin Nerd: Why face masks aren’t as important as you’d think

With the evenings closing in and a welcome chill in the air, it’s time to embrace the new season now.Make the Transition: Turn over a new leaf this fall

More From The Irish Examiner