Speaking at the Threatlocker Zero Trust World conference in Orlando, former Lulzsec member Hector Monsegur, formerly known as Sabu, and Chris Tarbell, the former FBI special agent who arrested Monsegur, talked of what they had learned from each other.

Tarbell claimed Monsegur “humanised crime” to him, saying he saw people committing crime as criminals, and “you arrest him, you put them in jail, hopefully they get better and they don't do it again when they get out.”

Tarbell said Monsegur’s behaviour had humanised his actions, saying “he went from Sabu and then day one to Hector Monsegur.” He said that he was “this hardened cop when I arrested Hector” and realised he could use him to learn about what's going on in the hacking world.

Responding, Monsegur said one of the best things that ever happened to him as a result of all this, “and I would say it was getting arrested.” This gave him the reality check he needed as having been involved in the cybersecurity space in the 1990s, and after learning Unix and helping companies, he “deviated to the wrong turn.”

Admitting that “we all make mistakes,” Monsegur said he got involved with hacktivism and thought he was doing the right thing, and admitted he became ‘radicalised’.

“When I got involved with Anonymous, it got even worse, because I thought I was doing the right thing. I thought I was a revolutionary and I needed a reality check,” he said. “So when I got the knock on the door, and by the way, it's a scary experience when you have a bunch of Agents staring at you from the other side of the door!”

Tarbell said that the maximum sentence of 124 years given to Monsegur was “ridiculous” and Monsegur said Tarbell gave him the opportunity to really assess himself. “I felt like a goofball. I was not helping people and breaking into systems, what did I do? Did I really help the revolution by shutting down their cell phone services during the height of it? Maybe, maybe not, but it's not even my business, you know.

“What he also did for me is, as the adversary, I would break into a system - for example the Tunisian government - and I would shut the systems down or destroy the systems. He helped me realise that they were victims to this, you're not just compromising the computer. I knew it was a crime, I knew that there were victims, I didn't really get it right, so there was that certain level of being naive and being young-minded that I needed to deal with and Chris gave me a reality check.”

Common Mistakes

Asked about the most common mistakes that are being made by senior professionals, Tarbell said “complacency is the number one thing we see in seasoned security professionals” as they get complacent to what's going on.

“They don't really know what threats are coming after them, they don't realise that people are buying credentials online,” he said. “They don't realise what really the threat is out there and what's happening with these ransomware guys, I mean, people don't realise how much money these ransomware guys have.”

Monsegur agreed that compliance is real, especially if the CISO cannot get the budget they need, or hire the team they need, or buy the product they need, then they just give up. He commented that some CISOs believe they have done all they can, and will wait until they get fired or replaced, but they do not.

“If you're in that position, and your company's not willing to work with you to improve upon your security program, maybe it's time to move on? That's what I'm seeing with some of my clients.”

Set and Forget

On the other side, Monsegur said some companies have so much budget that they buy all the products, and ‘set it and forget it’. “These products, you still have to configure, right? The hope is that the products will do whatever they're doing and if they get breached, they get breached, but the CISO tried and did their part.”

Also organisations that have neither the budget or the resources, and they're missing talentm and don't have to tackle the resources to remediate any of these issues, “and it is just rinse and repeat over and over.”

The two also discussed the biggest threat they see, and they agreed it is insider threats. Monsegur called it the “2024 threat of the year” and Tarbell said “it's still going on.”

Whether it’s malicious users, Tarbell said there are dark market websites out there where people are selling access to their networks. “I arrested a reporter who sold access to the newspaper’s networks to Lulzsec, just because he wanted to break the story,” he said.

“It’s still continuing ten years later, people are selling access for $40 and for $80 with MFA access.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.