Podcast – Digital Desperados 7: The Cautionary Tale of Hacker Sabu and the Need for Robust Cybersecurity Solutions

Note: If you would like to listen to this podcast instead of reading the transcript, here are the links!






Hey there, digital defenders and internet enthusiasts!

Diving into the boundless ocean of the web can be a wild ride. There are thrills, chills, and, unfortunately, a fair share of digital sharks lurking in the depths, ready to turn your peaceful online swim into a desperate fight against cyber threats. That’s where solid cybersecurity solutions come into play, making sure you can surf, stream, and socialize without the ominous shadow of a cyber attack.

In today’s story time, we’re not just chatting about any cybersecurity solution; we’re talking about the best VPN service out there that acts like your personal internet lifeguard—SaferNet. This isn’t just another tall tale; it’s a narrative that could make you rethink every click and password you’ve ever set loose in the digital wilds.

Grab your digital popcorn, because you’re about to dive into a real-life cyber saga featuring the infamous hacker Sabu. His journey from a shadowy online figure to a white-hat hero reveals the stark reality of internet vulnerabilities and why safeguarding our digital lives with reliable cybersecurity solutions isn’t just smart—it’s essential.

So buckle up, set your browsers to incognito, and let’s get the lowdown on why even the sneakiest of cyber threats can’t outsmart a top-notch VPN service.

Transcript begins:

Jim Brangenberg: Hey, welcome to the Digital Desperados podcast featuring Dark Tales from the Web. Patrick McMurphy’s here today to tell us our dark tales and he’s joined by Brad Hawkins, founder and CEO of SaferNet. I’m Jim Brangenberg and I’ll serve as your story guide. This podcast is brought to you by SaferNet.

Anymore going online can be scary every time you click on a link. You don’t know where that link’s gonna go. Join the mission to stay secure online with SaferNet. Perfect for small to medium sized businesses and families as well. Our cybersecurity app provides a VPN, internet controls, virus protection, and it can help your work and family life to operate in harmony with 84 web filters, keeping distractions away.

Hey, get secured now. Sign up at SaferNet. com. That’s SaferNet. com. Patrick, which dark tale are you telling us about today?

Patrick McMurphy: Well, Jim, today we’re going to talk about an individual called Hector Xavier Monsegur, AKA Sabu. Now Sabu is one of my favorite go to guys these days for information about hacking.

And you, you’ll see why by the end of the episode, but So Sabu, Sabu was born in 1983 in Puerto Rico to a very, very young father. His father’s only 16 years old. Now there’s no, there’s no talk of where his mother is. That’s, that’s kind of unknown information. But he lived with his father who was 16 and his grandmother who was 40.

So two pretty young people to be a parent and a grandparent, right? Yeah, so it was a pretty challenging upbringing. His father actually ended up being arrested. He was dealing drugs. And so him and his grandmother moved to the projects in New York City, where he kind of spent most of his childhood.

And so Sabu became pretty interested in computers, computing and hacking from a young age. When he was, when Sabu was about 14 in the news at the time, there was a Puerto Rican person who was accidentally killed by the Marine Corps. Essentially he was out, he was near a test range and they were testing bombing campaigns basically, and this individual was killed.

And Sabu kind of took that as some kind of attack against the Puerto Rican people. And so he began to hack into various websites protesting what he felt was the U. S. government’s mistreatment of Puerto Ricans. So he would deface, he even managed to face a couple of military websites and he just left messages.

One, one notable message he left was just a single line and which said, Hello, I am Sabu, I am no one special for now. Which was kind of telling because he goes on to be someone pretty special in the hacking world.

Brad Hawkins: You know, you know, Patrick, this is really interesting because it’s, it’s the first time I’ve heard you tell a story about somebody that was at least starting out with the attitude of justice.

Patrick McMurphy: Yeah, and that’s, that, that definitely, that feeds into Sabu’s life and this idea of justice. Now, some may say later it’s, you know, he was, he was seeking justice in all the wrong ways, but Kind of the tools that Sabu was looking at, he was looking at exploring vulnerabilities on websites, phishing attacks, which we’ve talked about a bit, social engineering and cross site scripting, which is also known as XSS.

And so what cross site scripting is, is that it’s injecting malicious scripts into webpages. And that may be through like online forms and whatnot, where if you type in a certain string of characters, it might actually breach the form. And then you can go ahead and do whatever you want to the website. So it’s pretty nasty stuff.

Jim Brangenberg: When you say social engineering, I mean, I’m thinking they’re doing genetic engineering. What do you mean social engineering?

Patrick McMurphy: I wish it was that cool. No, social engineering, it happens regularly even today. It’s effectively just talking to people and by talking to them, getting their password.

So, you know, we’ll say you’re, you’re, you befriend someone and you get to know them well, and you know, you get talking about family and they’re like, Oh yeah, so what about your mother’s family? And they might drop their mother’s maiden name, for example. Boom, that’s access to most people’s email because.

The recovery question for 90 percent of emails is, what is your mother’s maiden name? So social engineering is almost like physical hacking. You’re just speaking to people, trying to get their details without actually being at a computer, so it’s a level of charisma that’s required there, I think.

Jim Brangenberg: Well, and I’ve seen a lot of stuff on Facebook where people are asking, Hey, answer these questions and they’re always questions that would be like answers to your passwords or to your, the, the, the questions. I mean, are they doing that stuff on purpose?

Patrick McMurphy: Yeah, that’s Facebook is a breeding ground for social engineering at the moment.

Back in, back in the early 2000s, the big one was, it’s actually hilarious to think about was that going around chat rooms that if you, that you were told if you got your parents credit card numbers and typed in XXX then followed by your parents credit card number the numbers would be obscured because of the X’s.

And so, you know, hundreds of people would post these numbers, which would just appear by the actual number trailed by X’s at the front. So, you know, it’s, it’s very easy to catch out people, but Facebook is huge for it. It’s a social, like, that’s a social engineer’s dream come true.

Jim Brangenberg: All right. So Sabu is, he’s exploiting vulnerabilities on websites. He’s doing phishing attacks and phishing is not with a pole and a, and a hook. He’s doing cross site scripting, which maybe I ought to describe that too as well. What do you mean by that?

Patrick McMurphy: So we’ll say you have a website. We’ll say you have a contact form on a website, and normally, as you would expect, that contact form would take English, but it also takes a programming language called SQL. Which really isn’t used as an end user, but you can, on certain unsecured forms, you can put in malicious SQL and hijack the form, and by hijacking the form, hijack the website effectively, and gain control of that website.

Jim Brangenberg: So really what they’re doing is trying to get the information that people are entering into the form. That’s what you’re saying?

Patrick McMurphy: Yeah, yeah. Exactly, exactly. And so while all this is happening I mean, Sabu’s still in high school at this point. But he’s in high school and he’s actually trying to fix his high school computers, and he’s walking around with a screwdriver, and it’s seen as a perceived threat. And he gets expelled for walking around school with a screwdriver, as you know you would expect.

Jim Brangenberg: Did he ever say why he was walking around school with a screwdriver?

Patrick McMurphy: He said he was fixing the school’s computers, which he actually was, but you know, I mean keep the screwdriver in a bag or something, man, you know, don’t walk around, you know, gripping a screwdriver down the hallways, you know, I mean.

Brad Hawkins: They take that zero tolerance seriously, yes.

Patrick McMurphy: It’s understandable, you know, come on.

Jim Brangenberg: No, no it’s not! No it’s not.

Patrick McMurphy: But sadly in 2010 Sabu’s grandmother died and he actually became a foster parent and he at this point had to turn to hacking full time for income.

Jim Brangenberg: Wow Speaking of hacking so many apps out there for just grabbing your information. Would you like an app to help control your Internet time, controlling your phone internet time? I know I’d like to some days just turn Martha’s internet off about 8 o’clock at night so we can have more conversations, but how do you control time on your computer and your tablet? Well SaferNet has a solution there. Your shield against online threats simplified cyber security for businesses and families. It’s it’s all of that and more! Explore having a VPN to protect when you’re online, to protect you to have internet controls like controlling how much time you have on the internet.

It’s great for your family. It’s also probably great to have at work as well – virus protection, 84 website filters. Just making everywhere you go a secure online place to be. Get secured now at SaferNet. com. SaferNet. com.

You know, I just want to know for those things, Patrick, you’re talking about – would SaferNet help us protect against? Or maybe, Brad, you answer this question. Would SaferNet help us protect against that stuff where a website’s been hacked and it’s going somewhere it’s not supposed to go?

Brad Hawkins: Well, it’ll, it’ll certainly protect you from anybody that’s trying to get your information, and that’s what’s key is that you know, he’s using phishing attacks to be able to get in there and snag your information. If you go in there and click on something that, that is the bait that they’re using trying to gather that information.

It is so fun to be able to realize, Oh my gosh, I just clicked on something that is not, SaferNet won’t let me go any further. It just saved me from a nightmare. And I gotta tell ya, it did me. I was doing a little bit of international travel here last week, and I wasn’t paying attention, and I just clicked on an email, and SaferNet popped up and said, you don’t want to do that. And so

Jim Brangenberg: I do too. I do too want to do it!

Brad Hawkins: I am always grateful that I have SaferNet on all my devices. And that was, that was my iPad. That was just I was just traveling in a car, hitting a button and sure enough, it said no. So yeah, I am eternally grateful for what it is that we’re able to stop.

So Patrick, I want to ask you a question. How did this young kid… obviously he’s young. He’s in foster families at this point. How did he figure out how to make money on doing phishing attacks or gathering data off of somebody’s contact list, off somebody’s website? What was he doing to make money? How did he do that?

Patrick McMurphy: Well, really with any kind of phishing attack, especially this thing, Sabu. I mean, Sabu wasn’t working for a major hacking corporation. He was working for himself. You’re really looking at kind of small time credit cards small time credit cards from phishing and things like that.

But, you know, Sabu, kind of, as we said at the start, he had some sense of justice. And so, while Sabu was hacking for profit, this actually eventually turned into hacktivism. Hacktivism, very controversial subject, but it effectively means that you’re kind of hacking for justice, where that might be, you know, there could be environmentalist hackers trying to hack some oil website or something like that, you know, or hacking a government website if you disagree with x, y, and z.

But it, you walk on very blurred lines with hacktivism and the main hacktivist group since probably 2006 are called anonymous. And he joined anonymous and became a very prominent member. Now anonymous doesn’t have a leader. That’s its point but it’s it’s kind of its direction is dictated by a collective of individuals, very small number, who have both high technical skill and they’re very domineering personalities. And Sabu actually had both of these. So Sabu establishes himself as one of the main members of Anonymous, within Anonymous, because from the outside, no one knows who’s a member.

And they actually operate within a cell structure as well. So they’re very much clouded in mystery. but from within Anonymous Sabu led something called LOLZSEC which did hacks for the LOLs . And now that sentence may, may not make. Much sense right now, but what the lulz are, the lulz was kind of this concept devised in the mid 2000s.

Jim Brangenberg: I was going to say, for people that, you know, maybe having a struggle with Patrick’s Irish accent, lulz, l u l z, s e c, lulz, lulzsec. There you go.

Patrick McMurphy: Yeah, and so the word lulz itself is a corruption of LOL , which is laugh out loud, and so you could probably gather if you did something for the lolz , it means you did it because It was purely out of mischief or you and your friends found it funny.

So it’s kind of a chaotic way of hacking. It’s not really for the money. It’s just for saying, hey, I did that. This is funny. We we made these guys look like fools. It was for the lolz basically as well.

Brad Hawkins: Is what that means. Is that something that Anonymous works on together or is it how does Anonymous play into that situation? Do they just motivate each other? Do they educate each other?

Patrick McMurphy: Yeah, they would orchestrate a lot of the, a lot of attacks like these and carry them out. But I mean, Anonymous was so chaotic that there was people who would say that they’re members and they’ve not talked to anyone else on it. I mean, it was a really chaotic movement. It’s still around but it’s not like it used to be anymore.

But LulzSec was one of the known movements within it and they were really high profile guys. They ended up targeting news corporations. They even got into the CIA’s official website. All they were doing were just defacing websites. They weren’t actually stealing much stuff. They were just saying, Oh, by the way, this group of teenagers are better at cybersecurity than, you know, your secret agents.

Jim Brangenberg: So reassuring.

Patrick McMurphy: Oh, very reassuring. Yeah. Just some kid with a laptop is, you know, better than the CIA. Now there was at the time, if you guys can remember Occupy Wall Street, Anonymous were very active during this time and Sabu was actually at it in person.

He was met by an anthropologist called Gabrielle Coleman, who wrote about it extensively. And when she was describing Sabu, she said that he was both respected and feared. So it kind of says a lot about the kind of guy he was. He wasn’t just some, you know, skinny kids with a laptop. He was, you know, he must have kind of, he was quite a presence in real life as well.

And so, I mean, like with any group, there’s going to be splinters and there was one splinter from anonymous called backtrace security. And really backtrace had grown critical of vigilante activism. Once when they were asked to explain

their motives, they stated that one cannot fight for justice and democracy by using unjust, anti democratic tactics.

So they were actually all about ousting members of Anonymous who they felt weren’t pursuing justice in the correct way. And eventually they found Sabu, they found his exact details and they ousted him to the FBI. And so on the 7th of June, 2011 Sabu was arrested by the FBI and the next day he became an FBI informant.

Yeah, so, he, he was, this is where his story really takes off There’s been a lot said about his cooperation since his arrest. For example, one U. S. attorney noted that the defendant was cooperating like from the get go effectively. He would stay up all night in conversations with whole conspirators, affect the o other anonymous members to try help the government to build cases against them. Now, as for what the FBI had on Sabu, they had him on 12 charges, including hacking and fraud. But he had a potential prison sentence of a hundred twenty five, twenty four years, so several lifetimes.

So during his time he enabled the arrest of a lot of people. A lot of people from Anonymous, LulzSec, Antisec, which is very similar to LulzSec. Notably there was two UK hackers who we’ll cover in a much future episode called James Jeffery and Ryan Cleary. They were both arrested because of his information.

He did attempt to entrap author of ransomware called CryptoCat. However that failed, but he was, he was actively doing this for until March 6, 2012. Basically appearing to oppose the government online, but actually collecting all this information on people he was working with.

Jim Brangenberg: Well, I’m waiting for you to say, Hey, and then the Russians came in and they hired him. And so he left the country. Oh, maybe that’s coming up. I don’t know. That’s coming of the future, but I don’t want to spoil the rest of the story, but you know, if you’re an entrepreneur out there, you need to understand that you need, we got to use the internet to do work. We have to use the internet to do work, but you’ve got to do it in a safe way.

You need SaferNet by your side everywhere you go on the internet, whether it’s on your phone, on your tablet, on your laptop, on your desktop. You need SaferNet to protect you. So when you’re out there, people aren’t getting into where you are and SaferNets protecting your, not only your eyes from going places you shouldn’t go, but it’s protecting your keystrokes from going where you shouldn’t go as well.

Protect your business environment from cyber threats. Go to SaferNet. com that’s SaferNet. com. You’ll find that this is extraordinarily reasonably priced and very, very powerful. It’s got an incredible console for managing your entire organization. Go to SaferNet. com.

All right, Patrick, finish this up. What happened as you, you laid it up pretty good for us as of March the six. What was that?

Patrick McMurphy: Sorry. I think I just lost you there for a second, Jim.

Jim Brangenberg: No, no problem. But so, but you got to march 6th. You said he, up to then, he appeared to be working for the government.

Patrick McMurphy: Yeah, and so by March 6th, the FBI had arrested kind of the five main hackers within Anonymous. And Anonymous at this point realized it was Sabu that was, you know, snitching on them.

Brad Hawkins: Now were these, these the same guys that ended up turning him into the FBI?

Patrick McMurphy: It was, it was Backtrace that turned them into the FBI. Backtrace were a splinter group from Anonymous.

Brad Hawkins: So, so, it was, it was a little bit of revenge as well as keeping himself out of jail.

Patrick McMurphy: Oh yeah, yeah, yeah, completely, yeah. But I mean, so when Anonymous found out that it was Sabu who was betraying them, I mean, their official Twitter account tweeted that, Anonymous is a Hydra. Cut off one head and we grow two back. Now, that’s not strictly true as it turned out because since Sabu’s work with the FBI, Anonymous haven’t been half the machine they used to be.

But as it turned out, when they looked over all of Sabu’s work, he’d actually prevented 300 cyber attacks including planned attacks on NASA, the U. S. military, and a number of media companies. He only did seven months in prison the rest was time served, and of course, his work with the FBI. And so these days, he’s a white hat hacker. He’s actually a director for a penetration testing company.

So if you’re unsure about your cyber security, you give Sabu’s company a call and he hacks you and tells you how good your security is. And really these days he’s involved in a lot of advocated for safe security awareness and education.

Also heavily emphasized the importance of ethical behavior in the digital domain and within hacking. Still works with the

Jim Brangenberg: Okay, I don’t know. It, that seems hard to believe. I don’t know. Brad, are you believing that?

Brad Hawkins: Well, you know, the stories that we’ve heard there’s several guys that ended up doing that. And then on the, on the dark side, behind the curtain, in the background, they’re, they’re you know, up to their old tricks.

You know, I’m an eternal optimist. I, I would love to hear a great story about somebody that said You know what? I turned myself around and I started making some better changes and now I’m operating 100 percent as a white hat hacker. I would love to hear that. And actually, truthfully, I know a couple of them you know, I don’t know what they do in the evenings, but I know a couple of them that are white hat hackers from the dark side.

So I certainly hope so, but there’s, there’s always that element of you know, pay close attention.

Patrick McMurphy: Yeah, yeah. I mean, a lot of these guys we come across, they’re double agents, they’re triple agents, quadruple agents, you know, it’s kind of, it’s hard to tell a lot of the time. As you said, Brad, what do they do at night when they go home?

You know?

Brad Hawkins: Yeah, you know, honestly, I would absolutely love to hear a story about something like that that says, you know what, now they’re 100% on the clean side and all they do is show people what they need to do to keep themselves safe.

Patrick McMurphy: I mean, I fully believe that Sabu, I mean, so that’s really all he’s doing these days. He’s doing, he does a lot of conferences also. So his latest was called Exposure 2023. That was just two months ago. I watched that. It’s definitely worth the watch. He’s the kind of guest of honor on it. But one of the things he talks about at length this year was that how modern financial cybercrime is so easy. The dumbest person you know could carry out a financial cybercrime. He says because due to the advent of how prevalent cryptocurrency is, he said it’s so easy.

And he kind of lamented the fact, you know, that if he was back in his day, you know, if it was that easy, he probably would be a millionaire.

Brad Hawkins: Patrick, you know, I, I believe that totally. I mean, I talk to people all the time about the fact that, oh yeah. Cybercrimes are for the big companies, you know, people are, they’re never going to hack a little, a little person like me that’s kind of meaningless or, or whatever the case is. They don’t care about anything small, like my small company or my, you know, my life.

All they care about is the big company and they do the dumbest things. I listened to some of their stories and I’m like, you’ve got to be kidding me. You, you don’t run your cybersecurity all the time. You don’t have it on all the time. I mean, there’s those kinds of things that I look at saying: you know, some people just deserve to be hacked because they are foolish in their thinking.

Jim Brangenberg: That was a little harsh, but you heard it here. The internet and everything digital can have a dark side and many dark players. It’s why you need SaferNet by your side, VPN, antivirus, 84 web filters, and so much more. Thanks to SaferNet for supporting our efforts to bring you these stories and giving them the exposure that they need, even if we remain a little skeptical.

Please, for your own security and safety of those you love and those you work with, check out SaferNet.com and get secured today. Till the next time, click only on the attachments you trust. From those you trust. And delete the rest, or you may become the next victim of a digital desperado.

Transcript ends.

And that’s a wrap on today’s digital odyssey! We’ve ridden the rollercoaster of cyber exploits, witnessed the highs and lows of hacktivism, and seen the redemption arc of a notorious hacker turned cybersecurity champion. If this doesn’t scream the need for iron-clad digital protection, I don’t know what does!

In the vast wilderness of the web, it’s not just about staying safe; it’s about thriving without fear. Whether you’re a start-up maverick, a remote work warrior, or a family safeguarding your home network, there’s one cybersecurity solution that stands out: SaferNet’s VPN service.

Think of SaferNet as your personal cybersecurity squad, armed with the tools you need to keep those sneaky cyber threats at bay. It’s the best VPN service to have by your side, whether you’re battling malicious malware or dodging digital desperados.

So don’t leave your digital doors unlocked. Fortify your internet experience with SaferNet, and become the hero in your own cyber safety story. Remember, a secure online world is not just a possibility; with SaferNet, it’s a promise.

Until next time, keep your data locked down and your spirits up. Stay savvy, stay secure, and let’s keep the conversation going. Don’t forget to protect your digital life with the best VPN service out there—visit SaferNet.com and take control of your online safety today!