The hackerverse has recently been shocked by the revelations that the high-profile and outspoken hacker, Sabu, was an FBI informant.  In case you have been living under a rock, Sabu was the original leader of the high profile LulzSec hacking group.  LulzSec were the ones that, amongst other things, hacked into The Sun website and posted a fake story that Rupert Murdoch had died after ingesting a fatal dose of palladium.

In keeping with the ridiculous prison sentences that the US bandy about, Sabu, who was actually called Hector Monsegur, faced over 124 years imprisonment after being caught by the FBI in relation to various cyber attacks.  Rather than take a spanking and save his online acquaintances, he instead broke the omerta and, not only did he tell the authorities of who else was involved, he also chose to act as an informant while remaining a part of the community.

This may be old news to some – a Pastebin post had discussed Sabu’s allegiances previously and the Anonymous phone hack of the Met and FBI conference call may have yielded more than was publicly acknowledged – but it has nevertheless sent tremors through the hacking community.

I am sure that there are many hackers – whether “true” hackers or script kiddies – who will be somewhat concerned.  If I was to give them advice, it would be this: do not get interviewed without a solicitor (you can ask for one when you are arrested) and, following the interview, make sure that you seek specialist advice from a cyber crime solicitor.

So what is the effect of Sabu’s interaction with his fellow hackers?  Rumour is that Sabu had long been agitating his online acquaintances, calling for more high profile attacks and suggesting potential targets.  The Royal Commission on Police Powers 1928 defined an agent provocateur as “a person who entices another to commit an express breach of the law which he would not otherwise have committed and then proceeds to inform against him in respect of such an offence”.  So it all depends on whether anyone was enticed by Sabu to commit an offence that they would not have done anyway.  I bet there are some, but they may not have been the people who have been arrested.

The fact that someone would not have committed the offence if it were not for the activity of an agent provocateur is not a defence as such in English law.  The mighty Lord Hoffman, explained the situation in a case about entrapment in which it was deemed to be contrary to the right to a fair trial under the European Convention on Human Rights:

“The only proper purpose of police participation is to obtain evidence of criminal acts which they suspect someone is about to commit or in which he is already engaged.  It is not to tempt people to commit crimes in order to expose their bad character and punish them”.

Obviously Sabu was not a police officer, but it is arguable that the same provisions apply, as otherwise it would be open for the police to delegate such responsibilities to third parties, in order to evade the safeguards on police officers carrying out those roles.

If it was then deemed that Sabu was an agent provocateur, what would the outcome be?  Well, it depends on the extent of the evidence that he obtained, his precise involvement and what else the prosecutor has got.  At its highest, the prosecution could be deemed to be an abuse of process and any Court case could be halted as it would be so unfair to put the defendants on trial.  The Court could decide to exclude the evidence tainted by Sabu and his involvement, but might have recovered enough damning evidence from seized computers that they could continue anyway.  There are many things that could happen.  But the involvement of a participating informant has suddenly left a massive crack in the prosecution which defence teams should be able to start prising open – who knows what else will come out.  One things for sure, Sabu is certain to be “robustly” cross examined at any subsequent trial.

I am aware that there are two linked arrests in England – Ryan Ackroyd (known as Kayla) and Jake Davis (Topiary) – and two in Ireland – Darren Martyn (Pwnsauce) and Donncha O’Cearrbhail (Palladium).  There may very well be others.

My main concern is that there seems to be a widespread sweep of hackers who have been arrested recently.  Are we about to see the US attempt to extradite all suspects to face trial together?  Rather than try to persuade foreign governments to harmonise cyber legislation, why not just get everyone to America to face justice in the land of the free?  Sounds ridiculous?  See Richard O’Dwyer for further information.