U.K. police charge hacker linked to LulzSec
19-year-old's server logs may lead police to others in hacking gang, says security expert
Computerworld - Authorities in the U.K. today charged a 19-year-old with using a botnet he controlled to take down the website of a national police unit.
The charges filed against Ryan Cleary followed his arrest Monday by the Metropolitan Police Central e-Crime Unit.
One security expert said Cleary's arrest, and the seizure of his computers, may lead authorities to members of LulzSec, the group that claimed responsibility earlier this week for taking down the website of the U.K.'s Serious Organised Crime Agency (SOCA).
SOCA is responsible for, among other things, major computer crime investigations in the U.K.
Cleary, of Wickford, England, has been linked to both LulzSec and Anonymous, hacker crews that have used distributed denial-of-service (DDoS) attacks to knock government and business sites offline.
Today, Cleary was accused of building a botnet that has been used to launch several DDoS attacks since October, including the one on the SOCA site on Monday.
"On or before the 20th of June 2011, you did conspire with other person or persons unknown to conduct unauthorised modification of computers by constructing and distributing a computer program to form a network of computers (a Botnet) modified and configured to conduct Distributed Denial of Service attacks," read the charge list.
Police also charged Cleary with aiming DDoS attacks at the International Federation of the Phonographic Industry (IFPI) site last November and the British Phonographic Industry (BPI) website last October.
On Tuesday, LulzSec downplayed Cleary's arrest, saying that he was "at best, mildly associated with us."
"Ryan Cleary is not part of LulzSec," the group said on Twitter yesterday. "We house one of our many legitimate chat rooms on his IRC server, but that's it."
The group made other efforts to distance itself from Cleary. "Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here! Which poor bastard did they take down?" said LulzSec on Twitter earlier Tuesday.
LulzSec has claimed responsibility for hacking several prominent websites, including a number of Sony sites. It also claims that it defaced the site operated by the U.S. Public Broadcasting Service (PBS) and attempted to access systems belonging to the U.S. Senate and the CIA.
If LulzSec is telling the truth -- that Clearly was hosting an IRC (Internet relay chat) channel used by the group -- police investigators may be able to unveil the real identities of its members.
"Assuming [Cleary] is part of the group, and that's not certain, law enforcement might have access to enough information from the IRC logs to better point to the location of different members who accessed the chat room," said Amichai Shulman, co-founder and CTO of Imperva, an IT security vendor.
Shulman also leads Imperva's research lab and its hacker intelligence group. "I've had some experience in this kind of investigation, and if you have enough data for a long enough period of time, you may be able to narrow down the [IP addresses] of other members, or correlate with other data to locate them," said Shulman.
That may be possible even if LulzSec's members used anonymizing techniques, such as routing their traffic through Tor or other proxies, to hide their identity, something Shulman said he assumed the group did.
Another way that U.K. police may be able to finger LulzSec is through standard police work, added Shulman. "If they think he's part of the group, it's possible members know the real identity of others, and they could use normal investigative measures to get that out of him," Shulman said.
But while it's speculation at this point whether the IRC logs can provide leads for police, Shulman was cautiously optimistic that LulzSec would be tracked down.
"If we look back 20 years at hacking incidents, we find that the high-profile attacks or those that involve serious losses to governments or commercial companies have ended up with law enforcement finding the perpetrators... eventually," said Shulman.
"When you create this kind of visibility in the media and attack serious industries, like the gaming industries, there will be lots of pressure on law enforcement," he added. "My guess is that if law enforcement puts in the resources, they will catch these people."
Cleary is scheduled to appear in a London court Thursday morning.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
- Everything You Know About Enterprise Security Is Wrong
- UK man charged with hacking Federal Reserve
- McAfee Offers Global Response to Nationalized Malware
- Tech Industry Praises Cybersecurity Framework From White House
- Ransomware like Cryptolocker uses Bitcoin, other virtual currencies for payment
- Trial for alleged Silk Road creator Ross Ulbricht set for November
- Target attack shows danger of remotely accessible HVAC systems
- U.S. is investigating Target data breach, AG Holder says
- Russian man pleads guilty in SpyEye malware case
- Suspected email hackers for hire charged in four countries
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts