They may seem like old friends on stage, but former FBI special agent Chris Tarbell and ex-cybercriminal mastermind Hector Monsegur were once on opposite sides of a high-stakes game of cat and mouse.
Tarbell is one of the most successful cybersecurity law enforcement officials in history. With 17 years of experience, including time in the FBI’s elite Cyber Crime Squad, he was pivotal in infiltrating the notorious hacker group Anonymous and dismantling Silk Road, once the most sophisticated dark web drug marketplace.
His investigation led to the arrest of its creator, Ross Ulbricht, who was sentenced to double life plus 40 years—though his fate took a twist when President Donald Trump pardoned him in January.
Among Tarbell’s high-profile arrests was Monsegur, better known in hacking circles as ‘Sabu.’ Yet today, the man he once pursued is now one of his most trusted colleagues.
On stage at ThreatLocker’s Zero Trust World conference in Florida last week, the unlikely duo shared their journey from adversaries to allies. They discussed how cybercrime has evolved and revealed critical strategies that organisations can adopt to protect their digital assets.
A hacker’s state of mind
Raised by his grandmother in New York City’s projects after his father’s arrest, Monsegur showed an early talent for computers but was expelled from school for challenging authority. At 14, he began hacking as a form of protest against the US military’s actions in Puerto Rico. As he grew older and struggled to support his orphaned cousins, he turned to credit card fraud before becoming immersed in the hacktivist culture of the early 2000s.
Monsegur rose through the ranks to become one of Anonymous’s most influential members and co-founded LulzSec, a group responsible for high-profile attacks on organisations including News Corp, Stratfor, UK and US security agencies, and Ireland’s Fine Gael party. His influence earned him a reputation as one of the world’s most feared hackers. After his arrest in 2011 he became an FBI informant.
World’s most successful cyber agent?
Now leading the cyber investigations firm NAXO, Chris Tarbell once referred to Monsegur as “the Keyser Söze of hacking.” When Tarbell’s team confronted Monsegur in 2011, the hacker faced a potential 125-year prison sentence. “Chris sat me down and asked: ‘Do you really want to spend the rest of your life in a cell for hacking a government server?’ That’s when it hit me—this isn’t just a game,” Monsegur recounted at the Zero Trust conference.
The encounter also shifted Tarbell’s outlook: “Hector made me see criminals as humans. I used to see crime in black and white—catch the bad guy, case closed. But working with Hector showed me that people don’t always start off as criminals. Sometimes, they’re pushed into it.”
Hector Monsegur (centre) and Chris Tarbell (R) on stage at this year’s Zero Trust World event in Orlando, Florida
Today, the former adversaries work together to educate businesses, law enforcement agencies, and everyday users about real-world cybersecurity threats, turning their shared history into a powerful force for good.
Here are some of the key insights they shared at the Florida conference.
-
Crypto has changed the nature of cybercrime
Cryptocurrency has transformed hacking by enabling anonymous payments, making it easier for cybercriminals to demand and receive ransoms without being traced. Former FBI agent Tarbell explains: “One of the biggest problems is the ethics of today’s hacker. When Hector [Monsegur] and the Anonymous gang were around, there was a code of ethics. You would never have popped a hospital, for instance. There was a line even the hackers didn’t cross back then. Now we’re seeing ransomware attacks on hospitals all the time.”
Monsegur adds: “We would trade vulnerabilities for free when I started out. Then in the 2000s, it became monetised. With the advent of cryptocurrency, bad actors now have so much money that they can offer sums even legitimate developers can’t refuse.”
-
Paying ransoms impacts everyone
“People don’t realise how rich ransomware groups have become. They’re offering six-figure bonuses and targeting more businesses because we keep paying them,” says Tarbell.
He suggests state or national intervention, possibly making ransom payments illegal, as the only way to curb this cycle. In the US, states like North Carolina and Florida have already made ransom payments illegal for public entities.
From December 2023, the SEC requires public companies to report material ransomware attacks within four business days and include cybersecurity risk management details in annual reports. Tarbell believes stricter regulations may be needed to deter payments.
-
The insider threat is real
With ransomware and stolen data being big business, insider jobs are more common than most realise. Tarbell notes, “The biggest threat is from people already inside your networks—either malicious users or compromised staff.”
He recalls arresting a reporter who sold access to their employer’s networks to a ransomware gang in exchange for breaking the story first! Additionally, leaked passwords and personal data are easily accessible on the dark web for as little as $40 to $80 for multifactor authentication bypasses.
-
Complacency is your number one adversary
Tarbell and Monsegur agree that complacency and ignorance are making organisations vulnerable. “Complacency is the number one issue we see when helping businesses,” says Tarbell. He cites the MGM Resorts attack, which led to a $100 million loss in Q3 2023, as an example of how social engineering exploits human error.
Monsegur argues that accountability is crucial. “Maybe people need to start getting fired if they’re responsible. Accountability is big,” he says. He also notes that despondency from inadequate budgets contributes to security complacency, with some security leaders feeling defeated before even trying to secure their systems.
-
An over-reliance on cyber-tech is also dangerous
According to Monsegur, even well-resourced businesses become complacent by relying too heavily on technology. “They buy every security product, set it, and forget it without fine-tuning or configuring them properly.” He also criticises organisations that pay for ethical hacking reports but then lack the resources to implement the recommendations.
-
Use of AI in cybercrime is growing
AI is becoming a growing concern in cybercrime. Tarbell explains: “Predictive AI can crack passwords faster, and generative AI is being used for deep fake voice scams.”
He warns of fully AI-generated phishing campaigns, including emails, phone calls, and video messages, designed to manipulate people into giving up access.
-
Be methodical
Monsegur emphasises the importance of being process-driven in cybersecurity – he reasons that this is what made him such as successful cybercriminal!
“You need to understand your risk appetites and attack surface. Identify potential gaps by asking the right questions and then work on closing those gaps,” he says.
-
Security posture on a budget
Monsegur suggests using free tools like PingCastle for Active Directory audits and building strong vendor relationships. He also advocates for “old school” backup solutions like tape drives, which are immune to network-based ransomware attacks.
-
Zero Trust framework and resilience
Monsegur recommends a Zero Trust approach—denying everything by default and allowing only explicitly approved applications. He stresses that cybersecurity policies should focus on resilience, assuming that breaches are inevitable rather than relying solely on detection software.
“This also needs to be a top-down initiative, requiring time, investment, and cultural alignment,” he adds.
-
Sharing information with competitors
Monsegur suggests sharing information about cyber threats with competitors, especially within the same industry. “If an adversary compromises your competitor and you use the same software or methodologies, you’re likely next. It’s worth having that conversation to stay ahead of threats,” he explains.
*Based on a keynote at Zero Trust World, an annual ThreatLocker event that took place in Orlando, Florida 18-21 February.
