"Officers from the Metropolitan Police Central e-Crime Unit (PCeU) have arrested a 19-year-old man in a pre-planned intelligence-led operation," according to a statement released by Britain's Metropolitan Police Service, aka Scotland Yard. "The arrest follows an investigation into network intrusions and Distributed Denial of Service (DDoS) attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group."
The suspect, arrested in Essex--to the north of London--on chargers of computer misuse and fraud offenses, was on Tuesday being questioned at a central London police station. According to the Metropolitan Police, "searches at a residential address in Wickford, Essex, following the arrest at the premises last night, have led to the examination of a significant amount of material. These forensic examinations continue."
The pressure on British authorities to stop LulzSec had increased dramatically on Monday, after LulzSec released a statement via Pastebin saying that it was preparing to release the full results of the country's 2011 census via torrent feed on Pirate Bay. If true, that could contain information relating to more than 62 million people.
"We have blissfully obtained records of every single citizen who gave their records to the security-illiterate UK government for the 2011 census," said the LulzSec statement. "We're keeping them under lock and key though ... so don't worry about your privacy (... until we finish re-formatting them for release)."
Could this arrest, however, now spell the end of LulzSec? Earlier this month, a report that a member of the group had been arrested appeared to be false. Furthermore, the group has so far appeared expert at not only hacking websites, but getting away with it. Experts have said that the group was likely formed by underground hacking experts, given the skill with which they seemed to remain hidden.
Furthermore, given that LulzSec appears to communicate via encrypted IRC channels, the members may not even know each other's real identities. As a result, one arrested member might not spell the end of the group's activities, which have recently expanded to include a partnership with the Anonymous hacking collective. Furthermore, according to LulzSec exposed, a new blog that's been analyzing LulzSec public IRC chats and posts, five of the main participants in LulzSec go by the handles Kayla, BarretBrown, Joepie, Nakomis, and Topiary. Three are reportedly from the United States or Canada, one from Sweden and the other from the Netherlands.
In terms of LulzSec's longevity, provoking authorities, including the U.S. Senate, the FBI, and the CIA, with hacks and taunts, can't have helped the group avoid a serious effort by law enforcement agencies to shutter the hacking group.
"The controversial LulzSec group has been playing a dangerous game--their Twitter account, which has more than 220,000 followers, has become increasingly vocal--embarrassing computer crime authorities and large organizations around the world with their attacks," blogged Graham Cluley, senior technology consultant at Sophos.
"There has been much speculation recently regarding who might be behind LulzSec--if the group has now been cracked then it will send a strong message to others thinking about engaging in their own hacks or denial-of-service attacks. What everyone will now be looking for is whether LulzSec's Twitter account is updated, and if so--what does it say about the arrest?" said Cluley.
As of press time on Tuesday, the LulzSec Twitter feed hadn't yet been updated for the day.
In the new, all-digital Dark Reading supplement: What industry can teach government about IT innovation and efficiency. Also in this issue: Federal agencies have to shift from annual IT security assessments to continuous monitoring of their risks. Download it now. (Free registration required.)