CNET News Video
Hector Monsegur interview part 2: Operation Tunisia and serious hacksBefore the hacker known as Sabu became an FBI informant, he participated in some of the world's most notorious hacks. He tells us how Operation Tunisia went down from the inside.
[MUSIC] Let's talk about some of the more, more intense hacks that you participated in. Tell me about Operation Tunisia. Operation Tunisia was cool. It started off as a anonymous operation. Obviously the people of Tunisia were like, doing their thing. You know, out on the streets, [UNKNOWN] testing which was awesome. Mm. But the government started doing some weird things with the internet and communications. They started, intercepting communications by redirecting traffic. For example, if you were inside Tunisia and tried to access Yahoo! or Facebook, and tried to access it by HTTPS what their low level routing would do is forward you either to one of their fishing servers basically or a middle man server. Or finally they would just re-direct you to yahoo.com but without the https. Stripping that encryption mechanism. What that, what that did was it compromised, you know, probably thousands to millions of Tunisians who were trying to access the Internet and communicate online. And there were even, like, you know, stories or rumors, I mean, I don't know if it was confirmed, but there were Tunisians that were bloggers and all that, getting raided randomly, like, just randomly getting raided. And I, I would assume it's because it is. They were hijacking traffic, monitoring journalists and bloggers, and figuring out who's, like, who's inciting riots or who's inciting the, the revolution. And you guys, obviously, didn't like that? Well, Anonymous did something like that, but, you know, we added a subgroup called Internet Feds. Right, it was like a little group before LulzSec. And it was much broader. It was like 30 people in there, a lot of random people that shouldn't even be in there in the first place. Mm-hm. But like, you know one of my mates from [UNKNOWN] actually created like a grease monkey script or something to redirect the redirect. Mm. So, once you know, it would, it would redirect you all to the insecure server or to like the man in the middle server. It would be directed actually back to the original reel. Https/yahooserver or facebook server. That's what really caught my interest. I'm like wow, you know, this government is like, I understand they don't want this revolution, you know, I understand that. But now you're messing with the privacy of your users. And now, now, now you're playing like, now you're a super dictator. Like now, you're not even cool in my books. It's time for war basically. So then we moved on to hacking the prime minister's website. Apparently that was a big crush to the government. Apparently because. I say apparently because the response was so extreme. As soon as we defaced the Prime Minister's website with a message like, this is Anonymous, we are legion, we will, you know, forget, don't forgive, expect us they basically firewalled the entire Tunisian internet. So, if you were in the United States or anywhere outside of Tunisia, you would not be able to access any sites within Tunisia. But when we spoke to Tunisians in Tunisia, they said no, it's, it's fine, I, I can go to the prime minister's website right now and see his picture. And at this point there was a Tunisian activist who was really into Anonymous and he said... What can I do? I'm inside Tunisia. So we had the bright idea of, Well, what would happen if? And this goes back to that first point I made earlier. How do you bypass a firewall? Well, you make it call you. So we had this guy connect through, like, a TeamViewer, a remote desktop. Connected to his machine. From his machine, we re-hacked the Prime Minister's website, cuz it, the original vulnerability was still open. And so imagine this, all right? The guy is sitting at his computer, watching a bunch of hackers, in this case it's Sabu and some other guy, and he sees his mouse moving around the screen, typing into his web browser, exploiting a vulnerability, hacking the site, grabbing like the defacement message, which was ,. Like a letter to Tunisia. Mm. And he got to witness all of that in real time. That was really cool. I can't imagine how it felt for him. But we, we hacked the Tunisian Prime Minister's website internally from inside Tunisia. And at that point that's when the Tunisian government began completely shutting down internet. Very similar to what Egy, Egypt did. Mm-hm. During the Egyptian revolution. And the rest is history. Yeah, well and then after that, I mean the final nail in the coffin, Operation Tunisia, I asked them, we were all fired out of Tunisia, what else can we really do besides, you know, just reading the store and getting it out, so everybody is doing that, they are doing their whole publicity thing and pushing the issue, so I am over here like, okay, well. I'm a security researcher. Mm hm You know I've ordered machines and networks for many years. My time with Anonymous is not conclusive to my skills that I've been doing this for a mass amount of time. So one thing I did was I did a network wide security audit of Tunisia's infrastructure. And what I realized, what I found, was that to read this entire government communications. Their entire network for emails to blackberries, the cellphone company's that their using, the embassy internet systems. It all relied on two DNS servers. For the entire infrastructure of the Canadian government. So I had to bring them down. And by bringing those two [UNKNOWN] down hitting at like 50 gigabits per second or something. I literally like destroyed the entire infrastructure. Giving the two [UNKNOWN] to probably do more. Because at that point, the government had no way of communicating with each other unless they had, you know, analog phone systems. Mm-hm. Which I'm pretty sure they did. But it really caused them a lot of problems, I'm sure.