Newly surfaced court documents revealed that “Sabu” wasn’t the only hacker helping the feds; in fact after the FBI flipped an autistic hacker known as “Eekdacat” for his role in the 2010 Gawker hack, he helped nail “Kayla.”
The sentencing of Hector Xavier Monsegur, aka the LulzSec hacker Sabu, was recently delayed (pdf) for the seventh time. Sabu pleaded guilty in August 2011, was turned into a snitch and helped sink the LulzBoat, but he was not the only flipped hacker helping the feds track down other hackers. Three weeks after Sabu was arrested, FBI agents arrested Thomas “Eekdacat” Madden, a 26-year-old man with autism.
Affected websites from the Gawker hack included Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin and Fleshbot; the hack yielded 1.3 million e-mail addresses and passwords. A hacking group called “Gnosis” claimed credit for the attack.
Madden, according to The Smoking Gun, was part of a hacker group called “Gnosis and other online groups, including Patriotic Nigras, a band of ‘griefers’ who caused havoc on Second Life, the online virtual world.” Besides passwords, Gnosis leaked a 487MB file that also included source code and internal conversations between company employees. Chat transcripts revealed that Madden bragged “over 1 million people got compromised because of me…” He added, “I feel a bit better today cause I got the attention of the entire western world lol.”
Other chat transcripts show Madden referring to a stolen file containing the grades of thousands of students. While he was only seeking the records of three specific pupils, he noted, “this warrants the theft of 11,000.” He also wrote that he did not deface sites he had breached. Instead, he preferred to maintain discreet access to the compromised destinations so he could “farm them for weeks.”
Madden told an “online friend about Gawker’s weak security, remarking that the blog network’s ‘encryption was over 10 years old I forget their OS was like 9 updates behind big updates’.” He also chatted about other online criminal activity.
This “friend” was someone who helped Madden with math, but later tricked Madden into doing the friend’s homework. After Madden realized he’d been duped, “he opened a Yahoo account in a fake name and sent an e-mail to one of the other student’s teachers” saying his friend was cheating. In turn, the former friend told the FBI about Madden’s role in hacking Gawker.
In one of the last tweets from @NotEekdacat, back on June 28, 2011, he denied any involvement. The FBI arrested him for the Gawker hack on June 29, 2011.
It was during FBI debriefings that Madden--who was not yet represented by an attorney--confessed to involvement in the Gawker breach, which he said was accomplished by a crew headed by a hacker known as “Kayla.” Madden said that “Kayla” provided him with “the stolen database of over one million usernames and encrypted passwords” and “tasked” him with decrypting the Gawker passwords. Madden reported that he succeeded in cracking about 180,000 passwords.
Since snitch get stitches and all that, the documents were kept under seal to protect the cooperating hacker from being harmed by other hackers such as by doxing or swatting. Madden would be referred to, and signed court papers, as “John Doe.” In return for cooperating, the Justice Department dropped all hacking charges. The FBI searched Madden’s New York home in June 2011 and the charges were eventually all dismissed in Nov. 2012, but not before Madden helped the feds track down LulzSec member Kayla.
Madden’s father said his son’s “severely autistic” diagnosis “goes back to nursery school,” yet his son was “high functioning.” He called his son’s autism “a gift and a tragedy and a blessing. If you ever saw the movie ‘Rainman,’ it’s like that.” In Dec. 2010, Madden graduated from Rensselaer Polytechnic Institute with a double major in computer science and mathematics.
A court-ordered mental competency evaluation agreed that Madden had "a form of autism" which affected his “social interaction and judgment, among other things.” FBI Agent Olvia Olson noted in an affidavit that Madden appeared to be “highly-functioning in other areas, including the ability to recall information.” He was deemed a credible snitch.
With Madden as a “witness,” the FBI secured search warrants and “pen register applications targeting e-mail and Twitter accounts used by Kayla” who was actually 24-year-old Ryan Ackroyd.
After accessing Kayla’s Hotmail and Twitter records, the FBI determined Kayla was using a randomizing proxy to constantly change IP addresses traced back to different locations across the globe. Dumped chats later showed several hackers used the VPN Hide My Ass, but the feds found one IP address that “appeared three separate times in the documents. The address, which tracked to the United Kingdom, was used to access Kayla’s e-mail account in December 2009 and March 2011. The same IP address also accessed the hacker’s Twitter account (@lolspoon) in June 2011.”
Ackroyd was busted in Sept. 2011; by May 2013, he was sentenced to 30 months in prison.
It's been nearly three years since Madden was arrested for the Gawker hack, but the formerly sealed court documents have just been discovered. If this interests you and you want to know more, then I highly recommend for you to read the court documents and all of The Smoking Gun's report.