Getting serious
The Metropolitan Police have announced the arrest of a 19 year old man in Essex in connection with network intrusions and DDoS attacks "against a number of international business and intelligence agencies by what is believed to be the same hacking group."
The group has been widely reported at being LulzSec, which is also thought to be responsible for many other hacks this year, including the massive Sony breach, the CIA, and most recently the serious organised crime agency (SOCA) in the UK.
LulzSec itself, however, insisted on its twitter account that the Met have got the wrong person. "Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here! Which poor bastard did they take down?" said the tweet.
Yesterday the same account tweeted "Tango down - soca.gov.uk - in the name of #AntiSec", with AntiSec being a collaboration with fellow hackers Anonymous to target government security operations.
Data protection company Imperva has been quick to blog on the matter, and has provided a fair bit of background info. This is the AntiSec statement of intent: "Top priority is to steal and leak any classified government information, including email spools and documentation. Prime targets are banks and other high-ranking establishments. If they try to censor our progress, we will obliterate the censor with cannonfire anointed with lizard blood."
Here's their LulzSec summary:
- To put this all into perspective, who are Lulzsec? Tal Be'ery, lead web researcher at Imperva put together a full profile of Lulzsec based their own work plus some information that is publiclyavailable:
- Lulzsec seems to be a spinoff of a group of hackersfrom the "Anonymous"organisation.
- They hacked HBgary and gawker - under the Anonymous group umbrella but then decided to create their own 'gig'. Why? Probably to be independent.
- The supporting evidence for is that the same nicks are used on both anonymous hacking related discussions (early 2011) and Lulzsec (mid 2011).
- They communicate mainly via private IRC channels - and publish via Twitter and pastebin.
- They mostly use Web application vulnerabilities as they used SQLi for PBS and (one of) the Sonyhacks.
- They also use automated tools to harvest databass called Havij, as we can see from the leaked PBS hack screenshots.
- Main Members:
- Sabu - HBgary hacker. Seems to be the leader.
- Nakomis - Coder, rumored to be one of PHPBB coders.
- Topiary - Finance - handles donations and payment for services (e.g., botnets)
- Tflow - Hacker. Rumored.
- Kayla - Hacker. Owns a big botnet.
- Joepie91 - Website admin.
- BarrettBrown - Spokesperson (NOTE: Mr. Brown has said he isn't a member).
- Avunit
- From hacker discussion forums, it seems they might get arrested soon as many "real world" details on their identities get revealed.
- To find out more, Tal recommends these links: