High-profile hacker arrests a coup for FBI, analysts say
Penchant for publicity may have done in LulzSec and Anonymous hackers
Computerworld - Security analysts said that today's FBI arrest of several prominent LulzSec and Anonymous hackers demonstrates that U.S. law enforcement agencies are effectively fighting cybercrime.
The U.S. Attorney's Office for the Southern District of New York today said that four U.K. residents were arrested on hacking charges related to a series of high-profile attacks against cybesecurity firm HBGary, Sony and other organizations over the past year.
Another alleged hacker, identified as Jeremy Hammond of Chicago, was arrested in the that city late today on charges related to a December 2011 intrusion at security intelligence firm Strategic Forecasting (Stratfor).
Authorities acted on information provided by Hector Monsegur, who was the leader of LulzSec before being arrested last year. Monsegur, also known as "Sabu," pleaded guilty last August to 12 hacking charges and faces up to 124 years in prison, according to the U.S. Department of Justice.
Monsegur was said to be cooperating with the FBI in hopes of getting a reduced sentence.
The arrests are a major victory for FBI investigators, who have been under growing pressure to respond to the often taunting attacks by members of the Anonymous and LulzSec hacking collectives.
"They did a heck of a job in hunting down the ringleader and turning him around so they could go deeper into the stack," said Rich Mogull, an analyst at Securoris. "This is classic law enforcement."
The four hackers arrested in the U.K. were identified as Ryan Ackroyd, also known as "kayla"; Darren Martyn, also known as "pwnsauce"; Donncha O'Cearebhail, also known as "palladium"; and Jake Davis, also known as "topiary."
All four are have been indicted on hacking and other charges related to the intrusions into the systems of HBGary, Sony, the Irish political party Fine Gael, and numerous other websites.
Officials said the four alleged cybercriminals belonged to Internet Feds, a splinter group of Anonymous, when they carried out many of the attacks.
In May 2011, following the massive publicity surrounding the HBGary and Fine Gael attacks, Ackroyd, Martyn, Davis and Monsegur formed LulzSec.
The LulzSec collective was involved in several attacks around the world. Though the alleged hackers claimed the attacks were carried out in jest, LulzSec in reality stole confidential personal information, publicly disclosed that information and defaced the websites of its victims, according to the indictment filed in the case.
"LulzSec sought to gain notoriety for their hacks by varied and repeated efforts to broadcast their acts of online destruction and criminality," the document noted. Ackroyd, 23, of Doncaster, England, David, 29, of Lerwick, on the U.K.'s Shetland Islands, and Martyn, 25, of Galway, Ireland, each face two computer hacking conspiracy charges and could be sentenced to as many as 20 years in prison if convicted.
O'Cearebhail, of Birr, Ireland, faces up to 10 years in prison on one count of hacking for his role in the attack against the Fine Gael website.
Hammond was charged with hacking the website of security think tank Stratfor last December.
Hammond and his co-conspirators are alleged to have illegally accessed and leaked email and account information belonging to about 860,000 Stratfor subscribers. Hammond is also charged with stealing data from some 60,000 credit cards stored on Stratfor's site and using it to make $700,000 in purchases.
Court documents filed in connection with today's arrests reveal some details about Monsegur's role in the arrests.
As a member of LulzSec, Monsegur primarily functioned as a "rooter," whose role is to find vulnerabilities in systems. He also provided other hackers with access to servers and routers that could be used to launch attacks.
According to the DOJ, Monsegur took part in high-profile hacking attacks against HBGary, Sony, Fox Broadcasting, PBS, the Chicago Tribune and the L.A Times, among other organizations.
He also participated in the December 2010 distributed denial-of-service attacks against PayPal and MasterCard in retaliation for their actions against whistle-blower website WikiLeaks.
After his arrest, Monsegur, identified in one document as CW-1, agreed to cooperate with the government.
He provided assistance to the FBI in its investigation of the Stratfor hack, and engaged in several incriminating IRC chats in which Hammond and members of Anonymous and LulzSec allegedly admitted their roles in various attacks.
The arrests today are not surprising, said Rob Rachwald, director of security strategy at Imperva.
By attracting a lot of attention, LulzSec and Anonymous "stuck a finger in the eye of law enforcement, which obviously had no option but to go after them with a great deal of resources and effort," said Rachwald.
Moreover, the groups "didn't have purpose," he noted. "They were just randomly hacking a bunch of different [groups]" with the resources to respond.
John Pescatore, an analyst at Gartner, said that most traditional crime gangs have been taken down by law enforcement agencies that use informants and engage undercover police work.
The same approach appears to have worked in this case, he said. "Human intelligence and doing the same thing the attackers do in taking advantage of human frailties is still the most effective way to take down criminals," he said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at
@jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is firstname.lastname@example.org.
- Everything You Know About Enterprise Security Is Wrong
- UK man charged with hacking Federal Reserve
- McAfee Offers Global Response to Nationalized Malware
- Tech Industry Praises Cybersecurity Framework From White House
- Ransomware like Cryptolocker uses Bitcoin, other virtual currencies for payment
- Trial for alleged Silk Road creator Ross Ulbricht set for November
- Target attack shows danger of remotely accessible HVAC systems
- U.S. is investigating Target data breach, AG Holder says
- Russian man pleads guilty in SpyEye malware case
- Suspected email hackers for hire charged in four countries
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts