Vigilantes Out Wrong Guy as Hacker Mastermind
One of the favorite pastimes of hackers is attempting to expose other hackers. These attempts at "doxing," as it's called, almost always identify the wrong people. The latest victim is a Portuguese guy who's been fingered as a ringleader of the hacking groups Anonymous and Lulz Security.
In the legions of Anonymous, a hacker named Sabu has emerged as one of the most prolific and skilled members. He led the hacking attack against the security firm HBGary by Anonymous, and was one of the ringleaders of the Anonymous spin-off LulzSec, which attacked the CIA, FBI affiliates and Sony in a month-long reign of terror. As his profile has risen, the efforts by rival hackers to expose him have grown to fevered pitch.
At the end of June, a group of idiots named the "Web Ninjas" posted what they claimed was a picture of Sabu—a solidly-built 34-year-old man living in Portugal. "Game Over for you Guys !!!" the Web Ninjas wrote.
The man in the picture is indeed a 34-year-old Portuguese network technician named Hugo Carvalho. According to his Facebook profile, Carvalho's a huge Pantera fan, which some might consider a crime in itself. But he's not involved in LulzSec.
"I thought it was a bad joke," Carvalho said of the Web Ninja's post in a Skype chat today. "I sent an email to these guys… stating that I was not a member of this hacking group, I was not Sabu and I had nothing to do with it." They didn't reply, and Carvalho forgot about it.
But the internet has a long memory. Yesterday at 1am Portuguese time, Carvalho got a mysterious phone call from a U.S. number. "The person that called me wished me luck, and hoped I would not get sent to the United States to answer for these issues." What issues? After some Googling, Carvalho saw that the accusations that he was the leader of LulzSec had been revived—this time, the accuser, an Anonymous-hating hacker named "The Jester" had posted his full name and links to his YouTube and Facebook accounts.
The story was picked up by news blogs, and stoked by the real Sabu on Twitter, who tweeted: "OK You found me. I am Hugo. I am in Portugal. Next question is: Can you stop me? ;)"
The key evidence for all this is a long, twisted trail of web domain registrations for Prvt.org, a site that at one time belonged to the real Sabu. Carvalho, who trades in domain names for profit, says he sold the domain in a GoDaddy auction in 2009 to someone who went by the name Xavier—someone who might be the real Sabu. This left Carvalho's fingerprints on the domain, and overeager amateur detectives leapt to the conclusion that he must be the Anonymous mastermind.
But Carvalho insists he has nothing to do with Anonymous or LulzSec, and never heard again from Xavier after the sale of Prvt.org. In fact he went down to the local police after reading the Jester's post and "presented myself and told them what was happening," he said. "They have all the information and they are now looking into it."
Carvalho has some good advice for the Web Ninjas and any internet detectives who want to join the hunt for Sabu.
Stupidly, they don't even talk to me before releasing any information. I would explain that I had nothing to do with it. Since they were so into security thing they would have easily seen that a known hacker w/ the skills that this sabu had would not put his name on a domain contact.
Bottom line: Never trust someone who would think it's a good idea to call themselves the "Web Ninjas."