Attacks/Breaches
7/28/2011
09:10 AM
50%
50%

Alleged LulzSec Spokesman Arrested In Scotland

British police arrest 18-year-old on hacking charges as part of ongoing investigation into Anonymous and LulzSec.

Police in Britain have arrested an 18-year old man on hacking charges, alleging that he's Topiary, the Twitter-savvy spokesman for the LulzSec hacking group.

According to a statement released on Wednesday by Britain's Metropolitan Police Service, the arrested man "is believed to be linked to a continuing international investigation into the criminal activity of the so-called 'hacktivist' groups Anonymous and LulzSec, and allegedly uses the online nickname 'Topiary' which is presented as the spokesperson for the groups."

The man, who hasn't been named by authorities, was arrested at a residence in the Shetland Islands in a joint operation involving the United Kingdom's Police Central e-Crime Unit, the Scottish Crime and Drug Enforcement Agency, and the Lincolnshire Constabulary. The Shetlands, located off of the northeast coast of Scotland and comprising about 100 islands--only 16 of which are inhabited--are better known for their wildlife, rather than wild lulz.

Interestingly, all of the posts to Topiary's Twitter feed have been deleted, save one, stating: "You cannot arrest an idea." That post was made on July 22, in response to the FBI's arrest of 14 people, on July 21, on charges that they participated in Anonymous attacks.

On Wednesday, the alleged Topiary was being transported to a police station in London for questioning, and police were searching his residence. Also on Wednesday, as part of the investigation, an unnamed 17-year-old boy was being questioned--he wasn't arrested--and his residence searched by police in Lincolnshire, in eastern England.

Previous, albeit anonymous allegations, suggested Topiary might be a man based in Sweden. Given the arrest in Scotland, chat boards predictably lit up with discussions about whether British police had been duped by LulzSec into arresting the wrong person.

As part of their investigation into distributed denial of service (DDoS) attacks launched under the Anonymous and LulzSec banners, British police had previously arrested two other people. The first was Ryan Cleary, 19, who allegedly ran servers hosting LulzSec chat rooms and launched DDoS attacks against the British Phonographic Industry's website.

Cleary has been remanded in custody, and is due to appear in court late next month. Meanwhile, a 16-year-old boy, unnamed, was earlier arrested and is currently on bail, "to return in late August pending further inquiries," according to police.

LulzSec became famous for its 50-day hacking spree, in which it compromised numerous websites, including those belonging to Sony and the U.S. Senate. Then the group called it quits, urging its admirers to focus their efforts on AntiSec, a joint operation it launched with Anonymous (from which LulzSec had sprung).

Still, LulzSec has remained current. Last week, Sabu, the supposed leader of LulzSec, said via Twitter that his group had obtained a gigabyte of data from NATO, most of which it wouldn't release, as well as numerous emails relating to News International, which it was set to release. In addition, the group planted a false story on the homepage of the Sun and The Times of London newspapers--both owned by Rupert Murdoch, head of News International--saying that Murdoch had died, before redirecting website viewers to the LulzSec Twitter feed.

News International has faced heavy criticism after it emerged that Murdoch's News of the World newspaper paid private investigators to hack into the voice mail of at least several thousand people, and also paid police officials to obtain information. Those revelations have caused a scandal in Britain, and triggered a police investigation that has led to at least 10 arrests.

The scandal has seen News International executives, including Murdoch, face sharp questioning by members of the U.K. parliament, and recently led to the resignation of the head of the Metropolitan Police Service, Paul Stephenson.

Read our report on how to guard your systems from a SQL attack. Download the report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2010-5075
Published: 2014-12-27
Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service (memory corruption and panic) via a crafted IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl request to \\.\aswFW.

CVE-2011-4720
Published: 2014-12-27
Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a denial of service (daemon crash) via a long filename in a (1) RRQ or (2) WRQ operation.

CVE-2011-4722
Published: 2014-12-27
Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.

CVE-2012-1203
Published: 2014-12-27
Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts via a save_user action.

CVE-2012-1302
Published: 2014-12-27
Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or (3) the data_file parameter to amtimeline.swf.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.