Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Scotland Yard Busts Alleged LulzSec Mastermind

British police, in a joint investigation with the FBI, arrest a teenager on charges of computer misuse and fraud.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
British authorities, working in cooperation with the FBI, announced on Tuesday that they'd arrested an alleged mastermind of the LulzSec hacking group.

"Officers from the Metropolitan Police Central e-Crime Unit (PCeU) have arrested a 19-year-old man in a pre-planned intelligence-led operation," according to a statement released by Britain's Metropolitan Police Service, aka Scotland Yard. "The arrest follows an investigation into network intrusions and Distributed Denial of Service (DDoS) attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group."

The suspect, arrested in Essex--to the north of London--on chargers of computer misuse and fraud offenses, was on Tuesday being questioned at a central London police station. According to the Metropolitan Police, "searches at a residential address in Wickford, Essex, following the arrest at the premises last night, have led to the examination of a significant amount of material. These forensic examinations continue."

The pressure on British authorities to stop LulzSec had increased dramatically on Monday, after LulzSec released a statement via Pastebin saying that it was preparing to release the full results of the country's 2011 census via torrent feed on Pirate Bay. If true, that could contain information relating to more than 62 million people.

"We have blissfully obtained records of every single citizen who gave their records to the security-illiterate UK government for the 2011 census," said the LulzSec statement. "We're keeping them under lock and key though ... so don't worry about your privacy (... until we finish re-formatting them for release)."

Could this arrest, however, now spell the end of LulzSec? Earlier this month, a report that a member of the group had been arrested appeared to be false. Furthermore, the group has so far appeared expert at not only hacking websites, but getting away with it. Experts have said that the group was likely formed by underground hacking experts, given the skill with which they seemed to remain hidden.

Furthermore, given that LulzSec appears to communicate via encrypted IRC channels, the members may not even know each other's real identities. As a result, one arrested member might not spell the end of the group's activities, which have recently expanded to include a partnership with the Anonymous hacking collective. Furthermore, according to LulzSec exposed, a new blog that's been analyzing LulzSec public IRC chats and posts, five of the main participants in LulzSec go by the handles Kayla, BarretBrown, Joepie, Nakomis, and Topiary. Three are reportedly from the United States or Canada, one from Sweden and the other from the Netherlands.

In terms of LulzSec's longevity, provoking authorities, including the U.S. Senate, the FBI, and the CIA, with hacks and taunts, can't have helped the group avoid a serious effort by law enforcement agencies to shutter the hacking group.

"The controversial LulzSec group has been playing a dangerous game--their Twitter account, which has more than 220,000 followers, has become increasingly vocal--embarrassing computer crime authorities and large organizations around the world with their attacks," blogged Graham Cluley, senior technology consultant at Sophos.

"There has been much speculation recently regarding who might be behind LulzSec--if the group has now been cracked then it will send a strong message to others thinking about engaging in their own hacks or denial-of-service attacks. What everyone will now be looking for is whether LulzSec's Twitter account is updated, and if so--what does it say about the arrest?" said Cluley.

As of press time on Tuesday, the LulzSec Twitter feed hadn't yet been updated for the day.

In the new, all-digital Dark Reading supplement: What industry can teach government about IT innovation and efficiency. Also in this issue: Federal agencies have to shift from annual IT security assessments to continuous monitoring of their risks. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
Jai Vijayan, Contributing Writer,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19719
PUBLISHED: 2019-12-11
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.
CVE-2019-19720
PUBLISHED: 2019-12-11
Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file.
CVE-2019-19707
PUBLISHED: 2019-12-11
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.
CVE-2019-19708
PUBLISHED: 2019-12-11
The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.
CVE-2019-19709
PUBLISHED: 2019-12-11
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.