IE 11 is not supported. For an optimal experience visit our site on another browser.

Hacker Arrests May Have Netted LulzSec Leader

/ Source: SecurityNewsDaily

The international dragnet by authorities yesterday that swept up 21 people suspected of taking part in "hacktivist" cyberattacks may also have netted a top-level LulzSec member.

London's Metropolitan Police e-Crime Unit arrested a 16-year-old male yesterday (July 19). Fox News cited unnamed sources who said the teenager was believed to be "Tflow," a heavy hitter in the tight-knit Lulz Security (LulzSec) group that spun off from the larger Anonymous movement months ago.

The Financial Times later independently quoted unnamed London police officials as saying the teenager was suspected of being Tflow.

The boy was being held at a London police station on suspicion of breaching the Computer Misuse Act.

Sixteen people were arrested by the FBI in the US yesterday, while Dutch police netted another four. The London teen was the sole British arrest.

[FBI Arrests 16 Suspected Hackers in Coast-to-Coast Dragnet]

Despite the assertions, however, it's uncertain whether the 16-year-old arrested is the real Tflow.

Who is Tflow?

The Anonymous dissident group Backtrace Security profiled LulzSec's core members based on leaked chat logs that emerged last month. Backtrace identified Tflow as a Web developer at the UK-based company Wikijob, and other posts by LulzSec's enemies have repeated the claim.

The man, whom we won't name here, identifies himself on his social networking profiles as a hacker, a Londoner — and as someone who held a full-time job before going to university from 2007 to 2010. (British undergraduates normally go to college for three years.)

His LinkedIn profile and personal sites show a Middle Eastern or South Asian man in his 20s or 30s — not a 16-year-old boy.

Were any LulzSec hackers apprehended?

According to a report in The Atlantic Online, the suspected LulzSec and Anonymous member known as Topiary said in a public chatroom that no major Anonymous hackers were arrested in yesterday's dragnet.

"To be honest, I don't see a single major Anon hacker (or at least any hacker that's wrecked things for the entire year) come close to arrest," Topiary said.

Topiary pointed out that the FBI roundup targeted small fry — volunteers and supporters of Anonymous and LulzSec "who accidentally (or just foolishly) used LOIC from their home IPs."

The LOIC, or Low Orbit Ion Cannon, is a server-load-testing tool frequently misused in distributed denial-of-service (DDoS) attacks. But because LOIC was never designed to be used by hackers, it's actually pretty insecure: It gives its target servers the IP addresses of the computers attacking them.

That means that anyone using the LOIC without a proxy server to mask his IP address would be relatively easy for authorities to catch. It'd be like shooting a gun into a crowd in broad daylight without wearing a mask, on camera.  By contrast, skilled hackers do their dirty work in the equivalent of dark rooms, wearing masks.

Reach out and steal something

Also included in yesterday's arrests was Lance Moore, a 21-year-old resident of Las Cruces, N.M., an AT&T employee accused of stealing confidential information from AT&T's servers.

Moore's arrest may have been precipitated by the arrest of Ryan Cleary, a 19-year-old member of both Anonymous and LulzSec who was detained June 20 at his home east of London.

Before Cleary's arrest, the Tech Herald spoke with Cleary. He admitted that an AT&T insider had leaked more than 60,000 phone numbers, as well as usernames and passwords of AT&T employees and technical documents and internal presentations.

If convicted, Moore faces 10 years in prison and a $250,000 fine.

Meanwhile, the real ringleaders of Anonymous and LulzSec remain untouched.

Famed former hacker Kevin Mitnick, who spent five year in prison for hacking into half a dozen major companies' servers during the 1990s, perhaps summed it up best.

"After reading the FBI's indictment," Mitnick wrote on his Twitter feed, "it looks like they only got an ATT insider and some script kiddies that just know how to use DDoS tools."