The Quest to Unmask the Ringleader of Anonymous

The latest hypothesis might be the best, but it's still not good enough

This article is from the archive of our partner .

A Wednesday blog post from a hacker known as The Jester claimed to unmask the ringleader of Anonymous. The thing is, it's pretty unclear if this claim is anything close to legit. First, let's go through The Jester's story.

Known online only as Sabu, the hacker leader The Jester claims to expose made a name for himself with an Anonymous attack on the internet security firm HBGary earlier this year. A series of internet relay chat (IRC) logs from that time period shows Sabu's leadership tendencies within Anonymous. Instructing other hackers and taking taking credit for bringing down HBGary, Sabu appears in those #HQ chat logs to be the group's mastermind. And at one point, while discussing how to set up mirror sites for the HBGary data, Sabu claims ownership of a private web domain. "I can setup let me know," said Sabu in IRC. "It's one of my private domains."

On another occasion, Sabu accidentally pasted this domain ( into the chat, and The Jester says that by using this URL and the identifying data behind it, we can trace Sabu's identity to Hugo Carvalho an IT professional from Portugal. Using the domain registry information, The Jester links to an email address owned by Carvalho's company Host Squadron, as well as the hacker handle, Visigod, which he says Sabu used when he started his Anonymous work. As further proof, The Jester reminds us that Sabu regularly tweets in Portuguese and references Brazil, the address on the domain registry. He links to Carvalho's website, Facebook, MySpace and LinkedIn profiles to show further how he fits the Sabu profile.

The Jester's claim is suspect for a couple of reasons. First of all, Hugo Carvalho flatly denies that he's a hacker called Sabu. "I'm Hugo Carvalho, and the story behind me and this nick guy Sabu is a complete lie. Someone stole my photo from one of my Web sites and started to spread the rumor that I was affiliated with this hacking group," he said in an e-mail to CNET's Elinor Mills. "Feel free to post this e-mail in your Web site and state that there is no relation between me and anyone related to that hacking stuff."

Second, domain registry information is not that hard to change or forge. According to Domain Tools, the owner information on has been changed 59 times since November 2007. In fact, the domain was made private from 2009 to June 23, 2011, leaving no history during Anonymous's most active time period. Without access to all those records, we might assume that The Jester is just filling in the blanks with his own theories. The Jester is the first to admit that Sabu could be using the as a disinformation tool to mislead authorities and points to a tweet that reads, "@anonymousabu: If its not already obvious already: my!=hector/xavier/rafael lima/monsegur/de leon/kaotico/negron.Disinfos my game – enjoy the ridemates." The list is of some of the many names attached to Sabu, and "!=" is "not equal to," indicating that Sabu is saying none of them are correct.

Sabu actually preempted The Jester's latest claims on Twitter. "OK You found me. I am Hugo. I am in Portugal. Next question is: Can you stop me? ;)" he tweeted on Monday. After The Jester's post Wednesday he went into rapid fire mode, tweeting and retweeting dozens of times an hour about the claims. "Extradite me, then I impress," he tweeted at The Jester just after the blog post went live. "The government of Portugal will not extradite me," he tweeted a few minutes later. "Lets see how far they will go. If you can extradition rights within Portugal I will impress. Next question is: where in europa?" he tweeted to a question from @revmagdalen about the claims. "So make it happen. I am personally challenging you to force your gobernment to force my gobernment to give me up. Your new task," he said in a follow up tweet.

The Jester's claim has renewed interest in unmasking Sabu, but it's a Sisyphean task. As has happened when trying to factcheck older claims to Sabu's identity--some of which have attempted to use as a lead--the case is always pretty thin. Though rivals deny that Anonymous hackers are that talented, leaders like Sabu, kayla and Topiary have been successful at dodging or convoluting attempts to reveal their real identities. It's worth remembering that Anonymous has always described itself as a leaderless organization. "We are Legion," reads their motto.

But this peek into the finger-pointing world of hackers does reveal is a culture of superlatives and sabotage. "[Those who try to unmask us] are lonely people that are programmed to feel that they need an enemy at all times," Topiary told Gawker last month. "If we're out of their lives, they don't have much going for them." Topiary goes on to say he's not worrying about getting caught, despite the recent arrest of Anonymous-affiliated hacker Ryan Cleary in the U.K. He may be lying, but we'll never know.

Neither The Jester nor Sabu responded to requests for comment.

UPDATE: Sabu did respond. "Use your imagination," he tweeted when asked if he's seen any consequences from The Jester's accusation.

This article is from the archive of our partner The Wire.