As Anonymous and LulzSec participant Hector Monsegur, better known in hacking circles as Sabu, spent the better of the past year serving as an FBI informant, he often took to Twitter to rally his devoted followers to commit crimes.
As recently as last week, Monsegur urged his nearly 50,000 followers to "infiltrate" Interpol after the police agency helped coordinate the arrests of 25 suspected Anonymous members.
Meanwhile, chat logs also show that the 28-year-old, who lived in a housing project on New York's Lower East Side, instigated others via more direct communication. On Tuesday night, a hacker using the alias Havittaja, linked to a Pastebin document that he claims documents a Jan. 24 chat exchange with Monsegur in which the informant offers to provide him with stolen credentials to access a Brazilian government website.
"Sabu : THE QUESTION IS why he was giving me passwords if he was with the FBI?" Havittaja tweeted.
These revelations have prompted some to suggest that Monsegur may have induced people to perpetrate attacks that they may otherwise have been unable or unlikely to commit, a legal defense term known as entrapment.
"I think we're going to be hearing the word 'entrapment' a lot coming up," Gregg Housh, an internet activist and Anonymous observer who still participates in internet relay chat (IRC) discussions with members, told SCMagazine.com on Wednesday. "A lot of the hacks happened under his supervision or at his behest...A lot of things might not have happened if he wasn't so vocal."
But proving entrapment presents a complex legal challenge, Pamela Johnston, a partner with Foley & Lardner and a former federal prosecutor in Los Angeles, told SCMagazine.com on Wednesday.
She said one must first show the government "had you do something," which may be true in the case of Monsegur. The second burden of proof is more difficult, however. A defendant must show that they had never before engaged in this type of conduct, even before they interacted with an informant.
"Entrapment is a defense often discussed, but which rarely prevails," Johnston said, adding that accused individuals often have better luck arguing this defense before an appeals judge rather than a jury.
Still, juries don't typically appreciate cases in which informants go "rogue" and take their role too far.
"Deception is permitted," she said. "A person in that circumstance is allowed to be dishonest and not truthful...[But] law enforcement is not really supposed to be turning people into criminals."
A spokeswoman for the U.S. attorney's office in the Southern District of New York, where the criminal complaints were unsealed on Tuesday morning, declined comment when contacted by SCMagazine.com.
Then, there is the issue of the victims. Did Monsegur's FBI handlers permit attacks to proceed just so they could glean evidence that could be used to charge others?
Housh said the devastating breach last last year of global affairs firm Stratfor could be a clear example.
According to the chat logs between Monsegur and Chicago resident Jeremy Hammond, who was charged with having a role in the Stratfor hack, Monsegur not only knew that Hammond was allegedly considering invading the company's network, but he also volunteered a server to store the stolen booty. The communication between the pair is detailed in this Ars Technica story.
Later, some five million stolen emails were delivered to WikiLeaks, which the whistleblower website began publishing last week.
"The FBI pretty much left Stratfor out to dry," Housh said. "They screwed over Stratfor knowingly. That pretty much blows my mind." He added that the FBI may have done this in order to build a stronger case against WikiLeaks founder Julian Assange.
The FBI declined to comment to SCMagazine.com. A Stratfor spokesman could not immediately be reached for comment.
Johnston said protocols exist within the FBI so that incidents only are permitted to progress to a certain point. In some cases, she admitted, there is victim blowback.
"That's when things get tense," Johnston said. "You're letting entities be victimized. It's not really desirable, although sometimes it happens."
