Attacks/Breaches
4/26/2013
11:23 AM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Australia Disavows Self-Proclaimed LulzSec Leader

Australian police trumpet hacktivist mastermind takedown, but Anonymous dismisses him as a wannabe.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Australian police this week arrested IT professional Matt Flannery, 24, on charges of defacing a government website.

According to the police charges, Flannery (aka "Aush0k") "attacked and defaced a government website" and accessed one or more sites without authorization.

The Australian Federal Police (AFP) said his arrest resulted from a two-week investigation that commenced after a government website had been defaced. "This individual was operating from a position of trust who had access to sensitive information from clients including government agencies," said the AFP's manager of cybercrime operations commander, Glen McEwen, in a Wednesday press briefing. "The AFP believes this man's skill sets and access to this type of information presented a considerable risk for Australian society."

McEwan said Flannery had also boasted that he was the leader of the Anonymous hacktivist offshoot group known LulzSec. The police force earlier this week issued a press release trumpeting that Flannery was "the first member of the group to be charged by the AFP."

Australia Anonymous, however, quickly dismissed Flannery's claims of a leadership role in LulzSec: "Nope not part of the usual suspects on any of our chans of communication I suspect some DDos skid on his mums win box," read a tweet issued by the group. Other Anonymous channels, meanwhile, took to tweeting what was labeled as a link to the real leader of LulzSec, which resolved to a picture of a kitten.

[ Legislation can't stop hacktivists. Read Laws Can't Save Banks From DDoS Attacks. ]

According to police, Flannery worked for Content Security, an Australian reseller of products made by Tenable Network Security, which develops Nessus vulnerability scanning software. Content Security officials said they had no knowledge of the attacks allegedly launched by Flannery. Tenable, meanwhile, said it didn't employ Flannery. "Matt Flannery is not and has never been an employee of Tenable Network Security," according to a Wednesday tweet from Tenable.

If convicted on all charges relating to the alleged government website defacement, Flannery faces up to 12 years in prison.

In related LulzSec news, last week Cody Kretsinger (aka Recursion), 25, was sentenced to one year in prison, after pleading guilty in April 2012 to two charges relating to his participation in a SQL injection attack against the Sony Pictures Entertainment website. Kretsinger also admitted to using the LulzSec website and Twitter to post 150,000 stolen Sony usernames and passwords. Following his prison sentence, Kretsinger will be required to serve one year's home detention, perform 1,000 hours of community service and pay $605,663 in restitution.

Also this month, fellow LulzSec participant member Ryan Ackroyd (aka Kayla), 26, pleaded guilty in a London courtroom to one charge relating to disrupting numerous websites in 2011, including the Arizona State Police and 20th Century Fox sites. Also this month, Jake Davis (aka topiary), 20, and Mustafa al-Bassam (aka Tflow), 18, pleaded guilty in a London courtroom to launching website attacks against the CIA, Britain's Serious Organized Crime Agency and National Health Service, as well as News International, 20th Century Fox and Sony Pictures Entertainment. Ackroyd, Davis and al-Bassam are due to be sentenced next month.

People are your most vulnerable endpoint. Make sure your security strategy addresses that fact. Also in the new, all-digital How Hackers Fool Your Employees issue of Dark Reading: Effective security doesn't mean stopping all attackers. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4973
Published: 2014-09-23
The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call.

CVE-2014-5392
Published: 2014-09-23
XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference.

CVE-2014-6646
Published: 2014-09-23
The bellyhoodcom (aka com.tapatalk.bellyhoodcom) application 3.4.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6647
Published: 2014-09-23
The ElForro.com (aka com.tapatalk.elforrocom) application 2.4.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6648
Published: 2014-09-23
The iPhone4.TW (aka com.tapatalk.iPhone4TWforums) application 3.3.20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio