LulzSec deny census database hack
An alleged member of the “hactivist” collective LulzSec was arrested by police in Essex today as part of an international investigation into a series of high profile cyber assaults on Sony, the US Senate and the CIA’s public homepage.
Officers from the Metropolitan Police’s Central e-Crime Unit raided the home of Ryan Cleary, from Wickford, Essex as part of a “pre-planned intelligence operation” in collaboration with the FBI.
The arrest came on a day on confusion in which a blog post claimed that LulzSec had obtained a digital copy of Britain’s entire census database. The claim was quickly denied by both the Office of National Statistics and LulzSec through its official Twitter feed but it nonetheless sent the internet into apoplexies of speculation over what could have been the largest data breach in history.
Last month Anonymous - , another cyber protest group which shares an intense rivalry with LulzSec - published details of Mr Cleary online after claiming that he had fallen out with them. Anonymous claimed he tried to break into their encrypted chat rooms and they responded by posting a string of personal details online.
Sources say that Mr Cleary’s arrest on suspicion of computer misuse and fraud is not related to any activity with Anonymous and was instead sparked by international investigations into the recent hacking of websites run by Sony Pictures, the CIA and Britain’s Serious Organised Crime Agency. Over the past two months, LulzSec claims to have successfully disrupted or hacked all these sites.
In a statement the Metropolitan Police said the arrest followed an investigation into network intrusions and Distributed Denial of Service (DDoS) attacks “against a number of international business and intelligence agencies by what is believed to be the same hacking group.” Officers also found “a significant amount of material” and said forensic examinations were ongoing.
The arrest is one of the first times that an alleged LulzSec member has been arrested since it rode a wave of global publicity two months ago with a series of headline-grabbing hacks including the theft of hundreds of thousands of user details from Sony Pictures.
Posting anonymously self-proclaimed members of LulzSec were quick to play down speculation that Mr Cleary is one of their leaders. “Good news everybody,” wrote one. “Ryan has little to do with #LulzSec besides running [chat rooms]. All 6 members of @LulzSec are fine and safe.”
This afternoon the group responded to the arrest on their official Twitter account: “Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here!” the group taunted.
Later postings also mocked claims that they had stolen census data. “Just saw the [claim] of the UK census hack,” one tweet read. “That wasn't us - don't believe fake LulzSec releases unless we put out a tweet first.”
Details of whether LulzSec have actually obtained a copy of the census dominated Twitter for much of the morning. The group usually announces hacks on its Twitter account and its own homepage. When using this method to announce successful attacks it has always delivered by eventually providing evidential details. Yesterday’s claim, however, was made in a blog posting on the PasteBin website and contained no proof.
“We have blissfully obtained records of every single citizen who gave their records to the security-illiterate UK government for the 2011 census,” the fake statement read. “We're keeping them under lock and key though... so don't worry about your privacy (...until we finish re-formatting them for release).”
Earlier Twitter postings from the group's official account did however suggest that LulzSec has been involved in a large operation to obtain sensitive data over the past 24 hours.
In one posting on Monday evening the group boasted that “Government hacking is taking place right now behind the scenes.” Another post 11 hours later thanked “supporters who have assisted in leaks". The last post from LulzSec then promised to reformat the data and post them on the popular file sharing website Pirate Bay.
In a statement the Office of National Statistics, which runs the census and contracted US defence firm Lockheed Martin to run security, said it had no evidence that census data had been stolen.
“We are aware of the suggestion that census data has been accessed,” the statement read. “We are working with our security advisers and contractors to establish whether there is any substance to this. The 2011 Census places the highest priority on maintaining the security of personal data. At this stage we have no evidence to suggest that any such compromise has occurred.”