In a motion submitted on Friday to the United States District Court in the Southern District of New York, the government recommended that Hector Xavier Monsegur, a.k.a. the hacker “Sabu,” have his sentence greatly reduced as a result of his cooperation with authorities.
While Monsegur could technically be put behind bars for between 21 to 26 years for his crimes, prosecutors said Monsegur was an “extremely valuable and productive cooperator” and are seeking leniency for the former hacker group leader.
According to Court documents (PDF), Monsegur directly participated in cyberattacks against HB Gary, Fox Television, the Tribune Company, PBS, Sony Pictures, Sony BMG websites in Russia, Belgium and the Netherlands, Nintendo and the United States Senate.
Just last month, the New York Times reported that Monsegur had directed hundreds of cyber attacks against the websites of foreign governments, including Brazil, Iran, Pakistan, Syria and Turkey.
After being arrested on June 7, 2011, Monsegur admitted being a hacker and “immediately” agreed to start working with authorities as an informant. Monsegur showed agents files stored on his computer and provided them with actionable information, the court documents said.
He was charged with identity theft and credit card fraud the next day but was then released on bail and continued to assist the government with cybercrime-related investigations.
In August 2011, Monsegur pleaded guilty to nine counts related to computer hacking, one count of aggravated identity theft, one count of conspiracy to commit bank fraud, and one count related to payment card fraud. He was supposed to be sentenced in August 2012, but the decision has been postponed seven times because of his ongoing collaboration with the government.
What the public didn’t know up until now was that on May 24, 2012, the hacker’s bail was revoked for unauthorized online postings. He was locked up for around seven months, until December 18, 2012.
“Probation recommends a sentence of time served. As set forth in more detail below, Monsegur was an extremely valuable and productive cooperator,” reads the motion submitted by the government to Judge Loretta A. Preska.
Prosecutors want Sabu to be sentenced to time served for several reasons, including the fact that he admitted his guilt even before he was charged with anything.
“Monsegur admitted both to prior criminal conduct about which the Government had not developed evidence, as well as his role in both Internet Feds and LulzSec. Monsegur subsequently and timely provided crucial, detailed information regarding computer intrusions committed by these groups, including how the attacks occurred,” reveals the court document, parts of which have been sealed to protect the identities of certain victims.
Monsegur has helped authorities identify, prosecute and convict Ryan Ackroyd (Kayla), Jake Davis (Topiary), Mustafa Al-Bassam (T-Flow), Darren Martyn (pwnsauce), Jeremy Hammond (Anarchaos), Ryan Cleary, Donncha O’Cearrbhail (palladium), and even former Reuters journalist Matthew Keys.
It’s worth noting that Hammond, who was sentenced to 10 years in prison for his role in the Stratfor hack, was named the FBI’s most wanted cybercriminal in the world at the time of his arrest.
Sabu was reportedly prepared to testify against each of these people, but it wasn’t necessary because with the exception of Keys, who is awaiting trial, they all pleaded guilty to the charges brought against them.
In addition to helping investigators track down members of the LulzSec hacker group, Monsegur helped law enforcement in preventing cyberattacks.
According to FBI estimates, Monsegur helped the agency disrupt or prevent at least 300 separate cyber attacks.
The FBI relocated Monsegur and some members of his family due to the threats he received.
“Monsegur repeatedly was approached on the street and threatened or menaced about his cooperation once it became publicly known. Monsegur was also harassed by individuals who incorrectly concluded that he participated in the Government’s prosecution of the operators of the Silk Road website,” prosecutors noted.
Monsegur is scheduled to be sentenced on May 27, 2014.

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- Apple Denies Helping US Government Hack Russian iPhones
- Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
Latest News
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
