Computers were an outlet for Hector Monsegur, an escape from the poverty and trauma that had defined his young life. But the technology he used as a way out became a gateway to a more nefarious side of life.
Monsegur was a hacktivist, a “black hat,” who used his skills to infiltrate international companies and governments around the world, including the U.S. government. After months in prison, Monsegur is now using his story to inspire the next generation of cybersecurity analysts to protect computer systems from people like him.
On Tuesday, Monsegur’s speaking tour stopped at Hood College for classroom visits with students and a public presentation that night. Monsegur is the chief researcher of Rhino Security Labs, where he tests the cybersecurity of his clients.
“The cybersecurity is still in its infancy,” Monsegur said. “It’s very fresh. It’s already a multibillion-dollar industry. We don’t have enough workers. We have a talent and skill shortage in this country.”
Monsegur grew up in New York City. As a child, his family was imprisoned on drug charges, he said. Learning about computers was a coping mechanism. He began hacking in the 1990s because it was the best way to learn computer systems, Monsegur said.
“When I began learning how to hack, it was more of a way of kind of escaping from my reality,” he said. “I needed to get away from the situation at home. I had no family members. I was living with extended family members at the time.”
His experience as a hacker compromising systems around the world allowed him to get a job as a systems administrator. He was making a six-figure salary, starting a family with two daughters, he said. But the stress of being a young father pushed him back to his comfort: hacking.
Monsegur scaled up his operations, forming the group LulzSec and hacking major companies. His return to hacking came as the Arab Spring was beginning in December 2010. Monsegur wanted to help the revolution occurring on Middle Eastern streets and the internet. He hacked the Tunisian government, affecting the nation’s infrastructure. He attacked Egypt and Iran, he said.
Then, Monsegur focused his attention on the U.S. government. He hacked into federal contracts and the FBI Academy. That is when the government men showed up at his door.
Monsegur was given a 124-year prison sentence. The time in prison gave Monsegur time to reflect. He felt silly being in a maximum-security building as a hacker alongside murderers and drug traffickers, he said. He became an FBI informant to protect government systems from hackers. The change allowed him to leave prison after seven months. He also began working as a “white hat” to improve cyber defense systems.
Moving away from the “black hat” hacker community came at a cost. His former colleagues still harass him online. They have called in bomb threats to his speaking events or made death threats online, he said.
His work now focuses on a different kind of threat. Organizations are not taking their cybersecurity system seriously, he said, including the U.S. government.
“Are we ready for a full-scale attack against our infrastructure? And the answer is no,” he said.
The ongoing series of large-scale hacks making headlines will continue to be a problem for any technologically developed nation, Monsegur said. Determining who is behind an attack is difficult, and misattribution can be devastating as nations often seek retributive justice. For example, a North Korean hacker could use a Chinese piece of technology using a Russian strategy, Monsegur said.
“It’s going to be difficult to identify if a hacker is a loser scammer or a nation-state actor,” Monsegur said.
The need for protection in the public and private sector will expand the cybersecurity industry to one day mirror the weapons industry, he said. The FBI and other agencies are understaffed. There are ample career opportunities, Monsegur said.