Feeds

LulzSec SMACKDOWN: Leader Sabu turned by feds last summer

Suspects cuffed in Blighty, Ireland, US

Protecting against web application threats using SSL

Suspects purported to be members of LulzSec have been rounded up on two continents. The international law enforcement operation was apparently aided by the infamous hacktivist group's alleged erstwhile leader, "Sabu", who secretly pled guilty to a battery of charges last August.

Police arrested three men and charged a further two with conspiracy largely based on a case filed in New York federal court against Hector Xavier Monsegur, the man alleged to be LulzSec's former leader, who operated under the hacker handle Sabu. The US Attorney's Office named the following additional suspects in a statement supplied to the Register:

RYAN ACKROYD, a/k/a “kayla,” a/k/a “lol,” a/k/a “lolspoon,” [23, of Doncaster, United Kingdom] JAKE DAVIS, a/k/a “topiary,” a/k/a “atopiary,” [29, of Lerwick, Shetland Islands] DARREN MARTYN, a/k/a “pwnsauce,” a/k/a “raepsauce,” a/k/a “networkkitten,” [25, of Galway, Ireland] and DONNCHA O’CEARRBHAIL, a/k/a “palladium,” [19, of Birr, Ireland] who identified themselves as members of Anonymous, Internet Feds, and/or LulzSec, were charged in an Indictment unsealed today in Manhattan federal court with computer hacking conspiracy involving the hacks of Fox Broadcasting Company, Sony Pictures Entertainment, and the Public Broadcasting Service (“PBS”). O’CEARRBHAIL is also charged in a separate criminal Complaint with intentionally disclosing an unlawfully intercepted wire communication.

"This is devastating to the organisation," an unnamed FBI official involved with the investigation told FoxNews. "We’re chopping off the head of LulzSec."

Monsegur, 28, resident in New York City, was arrested by the FBI in June and has apparently acted as an informant against his crew since.

A copy of the indictment against Monsegur is available here (PDF). He's charged with computer hacking, fraud and conspiracy charges stemming from attacks run by both Anonymous and LulzSec against numerous targets. According to the indictment, Monsegur's role in the alleged hacks was to look for vulnerabilities in websites that were then allegedly exploited either by him or other hackers.

Monsegur pled guilty on August 15, 2011 to three counts of computer hacking conspiracy, five counts of computer hacking, one count of computer hacking in furtherance of fraud, one count of conspiracy to commit access device fraud, one count of conspiracy to commit bank fraud, and one count of aggravated identity theft. He faces a maximum sentence of 124 years and six months in prison, according to the US Attorney.

A fifth suspect, Jeremy Hammond (alleged to be Anarchaos), of Chicago has been arrested under a separate indictment.

Hammond, who has been arrested on access device fraud and hacking charges, is suspected of involvement in the December Anonymous hack on security intelligence outfit Stratfor.

Davis from Shetland, Scotland was arrested by British police last July and already faces computer hacking offences. The arrest followed weeks after the arrest of Ryan Cleary, a 19-year-old from Essex, who allegedly ran an IRC channel used by LulzSec. UK police also arrested a 16-year-old alleged hacker last July, who can't be named for legal reasons.

Garda Síochána (Irish police) told the Register they had arrested one adult man in his late teens on Tuesday morning and he's been taken taken to a Dublin police station for questioning. The suspect was arrested under Section 4 of the Criminal Justice Act, a section of the Irish penal code that covers serious offences such as fraud.

According to the US Attorney:

O’CEARRBHAIL hacked into the personal email account of an officer with Ireland’s national police service, the An Garda Siochana (the “Garda”). Because the Garda officer had forwarded work emails to a personal account, O’CEARRBHAIL learned information about how to access a conference call that the Garda, the FBI, and other law enforcement agencies were planning to hold on January 17, 2012, regarding international investigations of Anonymous and other hacking groups. O’CEARRBHAIL then accessed and secretly recorded the January 17 international law enforcement conference call, and then disseminated the illegally-obtained recording to others.

LulzSec began as a splinter group of Anonymous prior to mounting scores of high-profile hacks over as a seven-week period before disbanding in late June last year. Its targets included HB Gary Federal; defence contractors; police departments; FBI-affiliated security firms; the CIA, the US Senate; online gaming operations, including EVE Online; and corporations including Fox, News Corporation, Sony and many others. Tactics included website defacement and hacking followed by the public release of information housed on insecure systems – including email spools in the case of HB Gary Federal – and occasionally denial of service attacks.

After disbanding, the group returned to the Anonymous fold, most notably taking part in OpAntiSec exercises designed to expose the shortcomings of white-hat security firms as well as operations in support of the Occupy movement, in support of the Arab Spring protests in the Middle East, and in support of WikiLeaks.

The US Attorney's statement can now be read in pdf here. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.