Attacks/Breaches
7/28/2011
09:10 AM
50%
50%

Alleged LulzSec Spokesman Arrested In Scotland

British police arrest 18-year-old on hacking charges as part of ongoing investigation into Anonymous and LulzSec.

Police in Britain have arrested an 18-year old man on hacking charges, alleging that he's Topiary, the Twitter-savvy spokesman for the LulzSec hacking group.

According to a statement released on Wednesday by Britain's Metropolitan Police Service, the arrested man "is believed to be linked to a continuing international investigation into the criminal activity of the so-called 'hacktivist' groups Anonymous and LulzSec, and allegedly uses the online nickname 'Topiary' which is presented as the spokesperson for the groups."

The man, who hasn't been named by authorities, was arrested at a residence in the Shetland Islands in a joint operation involving the United Kingdom's Police Central e-Crime Unit, the Scottish Crime and Drug Enforcement Agency, and the Lincolnshire Constabulary. The Shetlands, located off of the northeast coast of Scotland and comprising about 100 islands--only 16 of which are inhabited--are better known for their wildlife, rather than wild lulz.

Interestingly, all of the posts to Topiary's Twitter feed have been deleted, save one, stating: "You cannot arrest an idea." That post was made on July 22, in response to the FBI's arrest of 14 people, on July 21, on charges that they participated in Anonymous attacks.

On Wednesday, the alleged Topiary was being transported to a police station in London for questioning, and police were searching his residence. Also on Wednesday, as part of the investigation, an unnamed 17-year-old boy was being questioned--he wasn't arrested--and his residence searched by police in Lincolnshire, in eastern England.

Previous, albeit anonymous allegations, suggested Topiary might be a man based in Sweden. Given the arrest in Scotland, chat boards predictably lit up with discussions about whether British police had been duped by LulzSec into arresting the wrong person.

As part of their investigation into distributed denial of service (DDoS) attacks launched under the Anonymous and LulzSec banners, British police had previously arrested two other people. The first was Ryan Cleary, 19, who allegedly ran servers hosting LulzSec chat rooms and launched DDoS attacks against the British Phonographic Industry's website.

Cleary has been remanded in custody, and is due to appear in court late next month. Meanwhile, a 16-year-old boy, unnamed, was earlier arrested and is currently on bail, "to return in late August pending further inquiries," according to police.

LulzSec became famous for its 50-day hacking spree, in which it compromised numerous websites, including those belonging to Sony and the U.S. Senate. Then the group called it quits, urging its admirers to focus their efforts on AntiSec, a joint operation it launched with Anonymous (from which LulzSec had sprung).

Still, LulzSec has remained current. Last week, Sabu, the supposed leader of LulzSec, said via Twitter that his group had obtained a gigabyte of data from NATO, most of which it wouldn't release, as well as numerous emails relating to News International, which it was set to release. In addition, the group planted a false story on the homepage of the Sun and The Times of London newspapers--both owned by Rupert Murdoch, head of News International--saying that Murdoch had died, before redirecting website viewers to the LulzSec Twitter feed.

News International has faced heavy criticism after it emerged that Murdoch's News of the World newspaper paid private investigators to hack into the voice mail of at least several thousand people, and also paid police officials to obtain information. Those revelations have caused a scandal in Britain, and triggered a police investigation that has led to at least 10 arrests.

The scandal has seen News International executives, including Murdoch, face sharp questioning by members of the U.K. parliament, and recently led to the resignation of the head of the Metropolitan Police Service, Paul Stephenson.

Read our report on how to guard your systems from a SQL attack. Download the report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.