Feeds

LulzSec SMACKDOWN: Leader Sabu turned by feds last summer

Suspects cuffed in Blighty, Ireland, US

SANS - Survey on application security programs

Suspects purported to be members of LulzSec have been rounded up on two continents. The international law enforcement operation was apparently aided by the infamous hacktivist group's alleged erstwhile leader, "Sabu", who secretly pled guilty to a battery of charges last August.

Police arrested three men and charged a further two with conspiracy largely based on a case filed in New York federal court against Hector Xavier Monsegur, the man alleged to be LulzSec's former leader, who operated under the hacker handle Sabu. The US Attorney's Office named the following additional suspects in a statement supplied to the Register:

RYAN ACKROYD, a/k/a “kayla,” a/k/a “lol,” a/k/a “lolspoon,” [23, of Doncaster, United Kingdom] JAKE DAVIS, a/k/a “topiary,” a/k/a “atopiary,” [29, of Lerwick, Shetland Islands] DARREN MARTYN, a/k/a “pwnsauce,” a/k/a “raepsauce,” a/k/a “networkkitten,” [25, of Galway, Ireland] and DONNCHA O’CEARRBHAIL, a/k/a “palladium,” [19, of Birr, Ireland] who identified themselves as members of Anonymous, Internet Feds, and/or LulzSec, were charged in an Indictment unsealed today in Manhattan federal court with computer hacking conspiracy involving the hacks of Fox Broadcasting Company, Sony Pictures Entertainment, and the Public Broadcasting Service (“PBS”). O’CEARRBHAIL is also charged in a separate criminal Complaint with intentionally disclosing an unlawfully intercepted wire communication.

"This is devastating to the organisation," an unnamed FBI official involved with the investigation told FoxNews. "We’re chopping off the head of LulzSec."

Monsegur, 28, resident in New York City, was arrested by the FBI in June and has apparently acted as an informant against his crew since.

A copy of the indictment against Monsegur is available here (PDF). He's charged with computer hacking, fraud and conspiracy charges stemming from attacks run by both Anonymous and LulzSec against numerous targets. According to the indictment, Monsegur's role in the alleged hacks was to look for vulnerabilities in websites that were then allegedly exploited either by him or other hackers.

Monsegur pled guilty on August 15, 2011 to three counts of computer hacking conspiracy, five counts of computer hacking, one count of computer hacking in furtherance of fraud, one count of conspiracy to commit access device fraud, one count of conspiracy to commit bank fraud, and one count of aggravated identity theft. He faces a maximum sentence of 124 years and six months in prison, according to the US Attorney.

A fifth suspect, Jeremy Hammond (alleged to be Anarchaos), of Chicago has been arrested under a separate indictment.

Hammond, who has been arrested on access device fraud and hacking charges, is suspected of involvement in the December Anonymous hack on security intelligence outfit Stratfor.

Davis from Shetland, Scotland was arrested by British police last July and already faces computer hacking offences. The arrest followed weeks after the arrest of Ryan Cleary, a 19-year-old from Essex, who allegedly ran an IRC channel used by LulzSec. UK police also arrested a 16-year-old alleged hacker last July, who can't be named for legal reasons.

Garda Síochána (Irish police) told the Register they had arrested one adult man in his late teens on Tuesday morning and he's been taken taken to a Dublin police station for questioning. The suspect was arrested under Section 4 of the Criminal Justice Act, a section of the Irish penal code that covers serious offences such as fraud.

According to the US Attorney:

O’CEARRBHAIL hacked into the personal email account of an officer with Ireland’s national police service, the An Garda Siochana (the “Garda”). Because the Garda officer had forwarded work emails to a personal account, O’CEARRBHAIL learned information about how to access a conference call that the Garda, the FBI, and other law enforcement agencies were planning to hold on January 17, 2012, regarding international investigations of Anonymous and other hacking groups. O’CEARRBHAIL then accessed and secretly recorded the January 17 international law enforcement conference call, and then disseminated the illegally-obtained recording to others.

LulzSec began as a splinter group of Anonymous prior to mounting scores of high-profile hacks over as a seven-week period before disbanding in late June last year. Its targets included HB Gary Federal; defence contractors; police departments; FBI-affiliated security firms; the CIA, the US Senate; online gaming operations, including EVE Online; and corporations including Fox, News Corporation, Sony and many others. Tactics included website defacement and hacking followed by the public release of information housed on insecure systems – including email spools in the case of HB Gary Federal – and occasionally denial of service attacks.

After disbanding, the group returned to the Anonymous fold, most notably taking part in OpAntiSec exercises designed to expose the shortcomings of white-hat security firms as well as operations in support of the Occupy movement, in support of the Arab Spring protests in the Middle East, and in support of WikiLeaks.

The US Attorney's statement can now be read in pdf here. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.