Hector Montsegle once sat on the FBI’s most wanted list.
As “Sabu”, the infamous hacker and key anonymous player behind Lulzsec, he was a digital outlaw exposing government vulnerabilities. On the other side of the law stood Chris Tarbell, an anonymous infiltrating and leading the takedown of the infamous Silk Road market.
Now, a few years later, they are sitting side by side as allies, not as enemies. Together, they share an extraordinary friendship and a common goal. Enhance cybersecurity by exposing the dangers lurking in the shadows of the Internet.
In a recent fireside chat at Florida’s Zero Trust World 2025, the two reflect on a blurred ethical line of the past, the evolution of hacking, and the era of cryptocurrency and AI.
“You arrested him,” the moderator gestures towards Montsegur. “Even so, it’s a smile to be here. How does that happen?”
Monsegur laughs. “Well, that’s nothing. I don’t like him yet,” he joked. “No, certainly, we’re good friends right now. But it took time. I mean, at the end of the day, I had to make a choice. For the rest of my life I went to prison. You put it in or do something that actually means something.”
That choice wasn’t easy. When Tarbell’s team knocked on Monsegur’s door, he was staring at his 125-year maximum sentence for cybercrime. “Chris sat down to me and said, ‘You hacked to a government server, so do you really want to spend the rest of your life in a cell?” And I realized – this is a game now Not that. ”
Tarbell tumbles through the chimes, reflecting on how the experience has changed. “Hector saw criminals as humans. Previously, I saw a black and white crime. You arrested the bad guys, put them away, and that’s the end of the story. Start as a person.
The unlikely duo works together to educate business, law enforcement and everyday users about real-world cybersecurity threats. And if there’s one thing they both agree on, it’s this: hacking is not what it was before.
“At the time, hackers had code,” explains Monsegar. “We were interested. We wanted to understand how the systems work and how they are vulnerable. But hacking hospitals for ransom never happened. I guess so.”
Tarbell nods. “I see. But now? That line is gone. And do you know what’s changed? Money.”
The introduction of cryptocurrency has completely changed the hacking landscape. In the past, cybercriminals had to be careful. Keeping money was moving through traditional banking systems and left a law enforcement trajectory. Now, with cryptography, that barrier is gone.
The story continues
“These ransomware groups are richer than ever,” says Tarbell. “And they’re more refined. They can afford to buy zero-day exploits, which only nation-states had such power. Ransomware groups currently funded. can outweigh government agencies for misuse.”
Monsegur adds: If I had a remote exploit for a Telnet service, I replaced it with another hacker and another exploit. now? These people sell to millions. You can thank Crypto. ”
Economic incentives have changed the morality of hacking. If traditional hackers may have had unwritten rules for targeting hospitals, today’s ransomware groups are deliberately chasing healthcare facilities. They know that hospitals are likely to pay desperately to recover their critical systems.
“There’s no more ethics,” lamented Tarbel. “It’s just business.”
But it’s not just elite hackers that businesses need to worry about. According to Tarbell, insider threats continue to be one of the biggest security risks.
“Look, there’s someone selling their login credentials for $40. And for $80? You can access your company’s Multifactor Authentication (MFA) credentials.”
Next, there are mistakes such as clicking on phishing links, downloading malware, and reusing weak passwords.
“We talk a lot about security culture,” says Tarbell. “But I’d like to ask you something. If James, the treasurer, clicks on a phishing link that costs the company millions… Should he lose his job?”
The audience tweets.
“I mean, where is the accountability?” Tarbell Press. “Now, if someone falls into a scam, we send them to a training session. Maybe they take extra cybersecurity classes. But they are careless and over and over again. So? Shouldn’t there be no results?”
Monsegur jumps in. They know that you need to find the weakest link within your company. And if your weakest link is “James from Accounting”… well, congratulations. It’s just been hacked. ”
If the last decade is defined by ransomware, the next decade is shaped by AI-driven cybercrime.
“We’ve already seen AI being used for fraud,” warns Tarbell. “Cheaters use deepfake voices to impersonate their families and trampl on people to send money. Give them a few years. All AI-generated phishing campaigns (email, phone calls, and even more) Video messages) will manipulate people to give up access.
Monsegur agrees. “If you went back to the 90s and wanted to design someone socially, you actually had to talk to them. Now? AI could generate thousands of phishing emails instantly, each one being targeted. It’s customized to suit it. And when you hit an autonomous AI cyberattack, is it a bot that can identify vulnerabilities and exploit them without human input? That’s when things get scared.”
So, what can companies do?
Invest in resilience.
According to Monsegur, too many organizations assume that violations do not occur. “You need to build security with the idea that an attack will occur. If ransomware locks your system tomorrow, what is your plan? CEO voice is cloned and allowed to be transferred unauthorized If so, how do you check? These are no longer virtual scenarios. This is the reality.”
The conversation ends with a reflexive note.
“We’ve seen how unchecked cybercrime can be done,” says Monseger. “I’m part of it, and I’ve seen the results.”
Tarbell nods. “And I’ve seen how law enforcement fight back. But I’ll tell you something – FBI arrests won’t stop cybercrime. Beyond the bad guys. The only way to go is for everyone to take cybersecurity seriously. That means businesses, governments, individuals.”
Once they leave the stage, the message is clear:
The ethics of hacking have changed. The rules of the game have been changed. And stakes? They were never high.
