Attacks/Breaches
4/26/2013
11:23 AM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Australia Disavows Self-Proclaimed LulzSec Leader

Australian police trumpet hacktivist mastermind takedown, but Anonymous dismisses him as a wannabe.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Australian police this week arrested IT professional Matt Flannery, 24, on charges of defacing a government website.

According to the police charges, Flannery (aka "Aush0k") "attacked and defaced a government website" and accessed one or more sites without authorization.

The Australian Federal Police (AFP) said his arrest resulted from a two-week investigation that commenced after a government website had been defaced. "This individual was operating from a position of trust who had access to sensitive information from clients including government agencies," said the AFP's manager of cybercrime operations commander, Glen McEwen, in a Wednesday press briefing. "The AFP believes this man's skill sets and access to this type of information presented a considerable risk for Australian society."

McEwan said Flannery had also boasted that he was the leader of the Anonymous hacktivist offshoot group known LulzSec. The police force earlier this week issued a press release trumpeting that Flannery was "the first member of the group to be charged by the AFP."

Australia Anonymous, however, quickly dismissed Flannery's claims of a leadership role in LulzSec: "Nope not part of the usual suspects on any of our chans of communication I suspect some DDos skid on his mums win box," read a tweet issued by the group. Other Anonymous channels, meanwhile, took to tweeting what was labeled as a link to the real leader of LulzSec, which resolved to a picture of a kitten.

[ Legislation can't stop hacktivists. Read Laws Can't Save Banks From DDoS Attacks. ]

According to police, Flannery worked for Content Security, an Australian reseller of products made by Tenable Network Security, which develops Nessus vulnerability scanning software. Content Security officials said they had no knowledge of the attacks allegedly launched by Flannery. Tenable, meanwhile, said it didn't employ Flannery. "Matt Flannery is not and has never been an employee of Tenable Network Security," according to a Wednesday tweet from Tenable.

If convicted on all charges relating to the alleged government website defacement, Flannery faces up to 12 years in prison.

In related LulzSec news, last week Cody Kretsinger (aka Recursion), 25, was sentenced to one year in prison, after pleading guilty in April 2012 to two charges relating to his participation in a SQL injection attack against the Sony Pictures Entertainment website. Kretsinger also admitted to using the LulzSec website and Twitter to post 150,000 stolen Sony usernames and passwords. Following his prison sentence, Kretsinger will be required to serve one year's home detention, perform 1,000 hours of community service and pay $605,663 in restitution.

Also this month, fellow LulzSec participant member Ryan Ackroyd (aka Kayla), 26, pleaded guilty in a London courtroom to one charge relating to disrupting numerous websites in 2011, including the Arizona State Police and 20th Century Fox sites. Also this month, Jake Davis (aka topiary), 20, and Mustafa al-Bassam (aka Tflow), 18, pleaded guilty in a London courtroom to launching website attacks against the CIA, Britain's Serious Organized Crime Agency and National Health Service, as well as News International, 20th Century Fox and Sony Pictures Entertainment. Ackroyd, Davis and al-Bassam are due to be sentenced next month.

People are your most vulnerable endpoint. Make sure your security strategy addresses that fact. Also in the new, all-digital How Hackers Fool Your Employees issue of Dark Reading: Effective security doesn't mean stopping all attackers. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.