The self-proclaimed leader of international hacking group Lulz Security has been arrested by AFP – Australian Federal Police – on the New South Wales central coast. The AFP says the 24-year-old man was arrested in the Gosford suburb of Point Clare yesterday.
He has been charged with two counts of unauthorised modification of data to cause impairment and one count of unauthorised access to a restricted computer system. The AFP says he claims to be in charge of Lulz Security, or LulzSec, which has previously claimed responsibility for high-profile hacking attacks, includinga DDS attack that took the CIA website offline, and a hack which caused some serious headaches for Sony Corp.
AFP is alleging that the 24 year old IT worker hacked an Australian Government website site last month, the man has been bailed to appear in court later this year.
In June last year the hack-group allegedly broke into Australian Government departments, universities and schools. Some of the targets included AusAid, Victorian Government departments and local councils in Victoria and New South Wales. The group bragged over the Aussie hack, saying in a Twitter post, “Releasing 62,000 possible account combinations is the loot for creative minds to scour; think of it like digging a very unique mineshaft.” At the time LulzSec claimed more than 5,000 people had downloaded the leaked files.
Passwords for email accounts within eight Australian universities were leaked, along with the log-ins for two high schools in Queensland and Melbourne. The 24-year-old man is the first alleged member of the group to be charged by the AFP UPDATED ::::
The unnamed man – known as aush0k online – is the first member of the group to be charged by the AFP. The investigation began earlier this month when AFP Cyber Crime Operations investigators found a compromise to a government website. AFP believes the hack took advantage of VOIP vulnerabilities in the sites hacked.
UPDATE! 24 April 2013: Aush0k has been named as Mathew Flannery – email@example.com – The hacking community is in serious doubt at claims that the man is the leader of the now defunct online activist group LulzSec.
Concerns have also been raised by IT security experts over the Flannery’s employment at Content Security, a business that specialises in online security.
The company denied that Flannery had access to any sensitive customer data, in a statement Content Security’s managing director Phil Wurth said ” Flannery was a low level support tech.”
To Date there doesn’t seem to be any evidence at all to suggest that Flannery was even affiliated with LulzSec, or is a leader of the group. Infact the group was disbanded in 2011 because it’s members were arrested.
Flannery seems so far to be all bluster, his Facebook page declares he works for the FBI as a “Special Agent, cybercrime intelligence unit.”
His LinkedIn page has him working for Tenable Network Security – the company denies this emphatically – he also claims to work in Network Security, Penetration Testing and Computer Forensics, though his [confirmed] employer say he works in a Call Centre as low level support.
Perhaps more telling is that the hacktivist community has almost unanimously ditched any notion that Flannery had anything to do with LulzSec.
ORIGINAL POST: The 24-year-old is an IT professional employed in the industry. Police will allege the man was in a position of trust within the company, with access to sensitive information from clients including government agencies. AFP spokesperson said they didn’t believe that the man’s employer had any clue of his crimes. They believe he worked alone, the damage caused is so-far not clear.
The AFP believes the man’s knowledge and skills presented a significant risk to the clients of the company for which he was employed had he continued his illegal online activities. Commander McEwen said the impairment or disruption of communications to or from computer networks can have serious consequences.
“Those thinking of engaging in such activities should be warned that hacking, creating or propagating malicious viruses or participating in Distributed Denial of Service attacks are not harmless fun,” Commander McEwen said. “Criminal acts such as this can result in serious long-term consequences for individuals, such as criminal convictions or imprisonment.”
“Yesterday’s arrest comes less than two weeks after the AFP first discovered the offender’s alleged hacking activity,” AFP manager of high tech crime operations Commander Glen McEwen said. “The AFP will not tolerate the attempts of hackers to damage or destroy the online property of Australian individuals, companies or national infrastructure resources.”
The hacking group’s Twitter account has not been used since it’s 2011 brag. The “planned 50-day cruise has expired”, the group said in a statement at the time.
“For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could,” the group said. “It is time to say bon voyage. We must now sail into the distance.”
LulzSec claimed responsibility for hacking into Sony Picture Entertainment servers in 2011 and accessing the personal information of more than 1 million customers. The group also allegedly hacked the US Public Broadcast Service – PBS – and published thousands of usernames and passwords of employees.
The man was bailed to appear in Woy Woy Local Court on 15 May 2013 and has been charged with the following offences:
- Two counts of unauthorised modification of data to cause impairment, contrary to section 477.2 of the Criminal Code Act 1995.
- One count of unauthorised access to, or modification of, restricted data, contrary to section 478.1 of the Criminal Code Act 1995.
The maximum penalty for these offences is ten and two years respectively.
The now defunct Lulzsec was an offshoot of hacking group Anonymous, and was engaged in exposing poor internet security and wreaking internet havoc in line with its catch phrase, ‘For the lulz’.
LulzSec Hack Timeline
LulzSec gained notoriety in 2011 for hacking government and corporate websites “for fun”.
Here is a timeline of the high-profile cyber attacks claimed by the group:
LulzSec targets Fox.com, leaking passwords, LinkedIn profiles and the names of 73,000 X Factor contestants.
Later that month they hack the American Public Broadcasting System (PBS) and post a hoax story claiming that rappers Tupac and Biggie Smalls are alive and living in New Zealand.
LulzSec hacks Sony’s servers and claims to have accessed the personal details of more than 1 million customers. LulzSec also published the names, birthdates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by the company.
LulzSec hacks a pornography website and publishes user email addresses and passwords.
June 13, 2011
LulzSec hacks US government website senate.gov and releases the emails and passwords of users.
June 15, 2011
LulzSec shuts down the CIA website with a denial of service attack.
June 16, 2011
LulzSec sets up a telephone hotline for fans of the hackers to call and suggest targets for cyber attacks.
June 17, 2011
LulzSec leaks the email and passwords for some Australian Government departments, universities and schools.
The group says its actions aim to bring some fun to the “drabness of the cyber community”.
June 22, 2011
British police arrest 19-year-old Ryan Cleary over the LulzSec attacks, although LulzSec claims Cleary is not a member of the group.
June 27, 2011
LulzSec announces it is disbanding.
July 19, 2011
LulzSec hack into British tabloid The Sun’s website and publish a false report claiming that News Corporation’s chief Rupert Murdoch is dead.
March 6, 2012
The FBI says five people involved with LulzSec have been arrested.
Among them is LulSec’s “leader” Hector Xavier Monsegur (also known as Sabu).
It has been reported that Mensegur was arrested months earlier and became and informant for the FBI, dobbing in a number of his former hacker friends.
April 24, 2013
Australian Federal Police say they have arrested and charged a self-proclaimed LulzSec leader on the New South Wales central coast.
RELATED! The past 2 years have truly been a hackers paradise…
Our favourite – by a very long leg – hack was Anonymous’ Operation Darknet, now that’s was a ++ use of wasted talent!
source: content security
image source: linkedin
timeline source: abc
image source: lulzsec
image source: twitter