In case you haven’t heard, the FBI on Tuesday announced the arrest of 5 LulzSec members, including Sabu – real name: Hector Monsegur – on multiple charges of computer hacking conspiracy.
Here’s a fascinating look into how the FBI was able to capture one of the defendants, one Jeremy “anarchaos” Hammond.
To identify sup_g, the Bureau first turned to the voluminous chat logs stored on Sabu’s computer. They went through every comment that could be plausibly linked to sup_g or one of his aliases. The goal was to see if the hacker had slipped up at any point and revealed some personal information.
He had. On August 29, 2011 at 8:37 AM, “burn” said in an IRC channel that “some comrades of mine were arrested in St. Louis a few weeks ago… for midwestrising tar sands work.” If accurate, this might place “burn” in the Midwest. FBI Chicago agents were able to confirm that an event called Midwest Rising was attended by Hammond’s twin brother.
“Anarchaos” once let slip that he had been arrested in 2004 for protesting at the Republican National Convention in New York City. Much later, “yohoho” noted that he hadn’t been to New York “since the RNC,” nicely tying both online handles to the same person. The FBI went to New York City police and obtained a list of every individual detained at the 2004 convention; they learned that Jeremy Hammond had in fact been detained, though he had not been arrested. The pieces were starting to fit.
Check out the full story at Ars Technica.