Sabu of LulzSec

  1. Here's the research and the path followed so that everyone else can start digging too:
  3. Nicknames: Sabu, leon, bottle_of_rum, Xavier
  5. We have to consider that Sabu may be borrowing any and all names he's using, including Xavier de Leon and Xavier Kaotico.
  7. Knowns:
  8. - The nickname Sabu
  9. - The channel #pure-elite on LulzSec's private IRC network.
  11. A search for sabu and pure-elite yields this:
  12. http://darkmoondesigns.livejournal.com/17146.html
  13. with a comment by Sabu's then-girlfriend as follows:
  14. "t-- email xavier (sabu@pure-elite.org) and tell him whats up, maybe he can figure it out for you. he builds his own computers and such, he's awesome with hardware."
  16. The comment dates from 2003-02-13 06:06 am UTC, which is well before LulzSec, so the information is probably correct.
  18. From:
  19. http://bytes.com/topic/python/answers/19521-gathering-variable-names-within-function
  21. We can again see that Sabu is using the name Xavier with the account sabu@pure-elite.org. He also likes Python.
  23. Looking for Xavier and Sabu, we now come across the site:
  24. http://sentinix.berlios.de/develteam.shtml
  26. Which gives the name Xavier Kaotico, the website sabu.net, and the email address xavier@sentinix.org. Also, looking at the sentinix main page, we see a mention of TigerTeam.se (this comes later).
  28. Briefly, searching on the email address tells us that the AOL Instant Messenger name "Encryption" is registered to xavier@sentinix.org.
  30. Looking at sabu.net, we see that there's confirmation of involvement in Sentinix and something called #pure-elite, which Sabu refers to as "My child; My birth; My manifestation."
  32. Now we look up Xavier de Leon of TigerTeam security and find all of the following:
  34. http://osvdb.org/browse/by_creditee_name?letter=X
  35. - See Xavier de Leon of TigerTeam security
  37. http://www.blogger.com/profile/00785855826635701771
  38. - Blogger profile of Xavier de Leon, includes a blog on the now-defunct confinement.org, if anyone wants to purchase a domain whois history report for confinement.org there is no telling what interesting information that may provide. Written with Tia Marie and B.
  40. http://xavsec.blogspot.com/
  41. - Xavier's security blog
  43. http://web.archive.org/web/20070208195048/http://tigerteam.se/profiles_en.shtml
  44. - A now defunct security team of which Xavier was a part.
  46. An Introduction to Shellcoding by TigerTeam
  47. https://docs.google.com/viewer?a=v&q=cache:4NUqKnj6u3oJ:www.rootsecure.net/content/downloads/pdf/intro_to_shellcoding.pdf+xavier%40sentinix.org&hl=en&gl=uk&pid=bl&srcid=ADGEESgyv3_eDZoPeqLT7DzLKymRsLg2BNNvoMya4lFANwvb-eRSzqPYUjgMLJGgfEjigKN1AurFXoKV8OClnSetafgapyx0M8HCWu_ccFSp-R7mdcJMiDDIU8YGaVIY86N0Cq8Ogtb8&sig=AHIEtbSOQIk71B4M9nmyRNDLIPaVihVi6Q
  49. Which includes the text "In mid 2004 tigerteam.se opened up – my own consultancy firm in
  50. cooperation with Xavier de Leon (a security expert in New York City)." This is dated information, but we can assume from it that at some point, Sabu did indeed live in NYC.
  52. Looking for social networking profiles reveals only the following, registered to xavier@pure-elite.org:
  53. http://profiles.friendster.com/582074
  55. Which says that Sabu is 30, in a relationship, and living in New York, NY. Again, with the exception of the age, all of the information is dated.  It also lists his occupation and interests:
  57. Occupation:
  58. Independent Consultant
  59. What I enjoy doing:
  60. Python programming, Network and System security, Speed Chess, Intellectual Conversations, and techie geek stuff.
  62. All of which is consistent with previously gathered information.
  64. Summary at this point:
  65. Name(s): Xavier Kaotico, Xavier de Leon
  66. Email: sabu@pure-elite.org, xavier@pure-elite.org, xavier@sentinix.org, xavier@tigerteam.se
  67. Age: 30 as of 2011-06-21
  68. Location: Possibly New York City, NY (has lived there)
  69. Websites: sabu.net, pure-elite.org, confinement.org
  70. Profession: Independent IT consultant
  71. Interests: Python programming, Linux, network security, exploit development
  73. Sabu is also purported to be ex-Hackweiser--an old website defacement group. If this is true, the defacement of chickenchoker.com includes a rant about Puerto Rico and describes Sabu as a Puerto Rican. See: http://web.archive.org/web/200102020250/http://chickenchoker.com/
  75. "Hello, i am "Sabu", no one special for now...lately i've been seeing ALOT of Brazilian and asian defacers just come out a leash their skills, i didn't see any Puerto Rican hacker's, or well: "defacer's", show up, so i guess i'll be your Puerto Rican defacer for now huh? elite... "
  77. Now for some bonus research, looking at pure-elite.org, we see that there is also a member called "aries". aries is referred to as the leader of pure-elite.
  79. http://othersidemod.hyperboards.com/index.php?action=view_topic&topic_id=10&start=1
  81. "Ok, i work at a place called pure-elite..pure-elite.org for the website. I am in their cs clan which consists of artists coders and dj's so you can email me at plagu3@pure-elite.org or bioslippery@hotmail.com and the boss of pure-elite is aries@exalted.org. Tell aries that i told you to email him an explain that you could use some help our mirc is irc.pure-elite.org and #pure-elite ok peace"
  83. http://web.archive.org/web/20011026084425/http://www.pure-elite.org/projects.html
  85. Additionally, on pure-elite.org, we see that aries is also a Python and PHP programmer, having written a CMS called Lotus. Everything indicates that aries and Sabu are not the same person, HOWEVER... Let's look up aries just to be sure.
  87. aries has a DeviantArt at http://aries.deviantart.com and his AIM name is "kill aries". The first comment is by mindwerks:
  89. "~mindwerks Jun 15, 2006
  90. well i didn't leave the name "aries" my email was out of date and i forgot the password so i have no way to access it ... don't play with the computer much anymore anyways ><"
  92. Now we visit mindwerks' DeviantArt and discover that he lives in New York. So Sabu and mindwerks/aries both live(d) in New York, were in a Counter-Strike clan together, and coded together in pure-elite.
  94. BIG REVEAL: I'm betting they knew one another in real life.
