LulzSec Suspect Arrested By UK Police

An anonymous reader writes "The UK's Police Computer e-Crime Unit (PCeU) has arrested a 19-year-old man in Wickford, Essex, in connection with the series of LulzSec attacks against organizations including the CIA, PBS and Sony. The man, who has been arrested under the Computer Misuse and Fraud Act, has had his house searched and a significant amount of material taken away by police for forensic examination. The PCeU worked with local Essex police and the FBI on the investigation."

It must be Tuesday

[cultiv8]

It's important to note at this point that it has not been confirmed that the arrested man is suspected of being involved with LulzSec by the authorities. But many observers are speculating that that could be the case.

So this "news" article is nothing but speculation?

Re:

[girlintraining]

So this "news" article is nothing but speculation?

In the dark ages before the internet, when dinosaurs ruled the earth and grammar nazis were kept caged in cellars underneath college english departments, journalists learned to never directly state the person was guilty. Guidelines were developed to prevent over-zealous lawyers from destroying the freedom of the press through endless lawsuits. So, in the event of a crime, we are not allowed to refer to it as "your" crime, merely "a" crime.

Re:

[M. Baranczak]

This is true. But the "some observers say" thing should set off anybody's bullshit detector. Who the hell are those observers? Are they people who actually have inside knowledge of the case? Random Slashdot posters? The journalist's drinking buddies?

Re:

[Missing.Matter]

Yeah, it's along the same lines as "Some people say" or "We're hearing." It's a way for journalists to bring up a topic without owning it. "Not that I'm calling you a murderer, but some people are. How do you respond?"

Re:

[ifrag]

we are not allowed to refer to it as "your" crime, merely "a" crime

Of course it's company policy never to imply ownership in the event of a dildo... always use the indefinite article a dildo, never your dildo.

Re:It must be Tuesday

[rapiddescent]

in other news, the usually vocal Lulzsec twitter feed [twitter.com] stopped at the same time as the arrest.

Re:

[TubeSteak]

he shoulda used 8 proxies

Re:It must be Tuesday

[Rijnzael]

So they went after the LulzSec mouthpiece instead of after someone involved with their illicit activities. Certainly the weakest link in the chain, but I wonder realistically how much this will limit LulzSec.

Re:It must be Tuesday

[Kenshin]

Hey, they got Bin Laden through his courier. All they need is a bit of intelligence from this guy (I know, "lulz" and "intelligence" don't exactly go together), and they can get pretty far.

Re:

[numbski]

It gets better.

http://twitter.com/#!/LulzSec/status/83164092998758400 [twitter.com]

Re:

[jonbryce]

Given that the FBI were involved, it is more likely in response to one of their earlier US attacks, such as senate.gov

Re:

[girlintraining]

...somehow I don't think that a multi-agency-operation can be executed within 1 day

If you show your ass to authorities on six different continents, it goes without saying they're going to feel a lot more generous about cooperating in capturing you.

Opening arguments

[girlintraining]

Opening arguments next month:

Judge: "Can the defendant please state, for the record, why they felt it was necessary to take down several high-profile website, costing those companies hundreds of thousands in lost income, cleanup costs, and angry support calls?"

Defendant's Lawyer: "Ah, your honor, let the record show... they did it for the 'lulz'".

Judge: "I see. Well, in the spirit of their crime, sentencing will be 'for the lulz'."

Re:

[txmcse]

Oh, that would be great! Let's hope the judge works in "the oceans", "aiming the guns", "butthurt", and "the long arm of the lulz" :)

Re:Opening arguments

[DamienRBlack]

Judge: "You are sentenced to 1337 years."

Re:

[JamesP]

'Yo're sentenced to 100 years!'

'Huh?!?'

'In binary'

'Hell yeah!'

Re:

[Inda]

He's from England. Our gaols are full. He'll be given an ASBO and told not to do it again, via a typed letter.

Re:

[crow_t_robot]

In their defense, if this person is convicted on the crimes sentencing will be much lighter than if he had done it for some more nefarious reason like financial gain...see: sentence mitigation.

Re:

[maxume]

Ah, justice, that thing you get when the judge likes you.

Re:

[Penguinisto]

Yeah... that would be called "motive", and is (at least in the US) a huge factor in what charges are being faced, and in how someone is sentenced.

I'm fairly sure the UK has similar modifiers.

Re:

[gparent]

(I didn't say it was a slap on the wrist, just that they won't be getting 30 years in the electric chair like these asshats).

I knew some US States were harsh, but is 30 years really necessary before switching the chair off? Jeez!

Re:

[AmiMoJo]

You raise an interesting question: what will he be tried for? Penalties under the Computer Misuse act presumably, but in that case it seems unlikely he would get a long sentence. Maybe they could go for criminal damage but nothing was actually "damaged" per-se, just temporarily rendered unusable.

Loss of income is a civil matter and the affected organisations would have to sue him themselves for restitution.

Assuming they have the right guy of course, judging by the police's usual level of competence in these

Wait. Is he a suspect or not?

[chemicaldave]

It's important to note at this point that it has not been confirmed that the arrested man is suspected of being involved with LulzSec by the authorities. But many observers are speculating that that could be the case.

How can you go from that to "Lulzsec suspect arrested?"

Re:Wait. Is he a suspect or not?

[Nidi62]

It's important to note at this point that it has not been confirmed that the arrested man is suspected of being involved with LulzSec by the authorities. But many observers are speculating that that could be the case.

How can you go from that to "Lulzsec suspect arrested?"

This is Slashdot

Re:

[thePowerOfGrayskull]

Two simple keystrokes, are you ready? Here they are:

/.

Re:

[abigsmurf]

I suspect that this suspect is suspect.

Re:

[Tim C]

So, putting the question mark (which is part of the sentence as a whole) inside the quotation marks (thus making it part of what is being quoted) is correct American English grammar?

Madness.

Way to spoil a potential opportunity.

[Lysander7]

What I don't get is why is this shit always publicized? Instead of waving their dicks around every time a dumb fuck is caught, it'd make more sense to use that caught individual to provide new leads, and catch as many as possible before the rest of the organization goes further into hiding. Seems to me they're doing it purely for PR, rather than because it's their damn job.

Re:

[Xest]

Or because their own site was taken down last night, and, well, they decided a "Hey, look how quickly we can respond!" PR opportunity is better than sitting and waiting to catch the rest.

Re:

[arkenian]

Its publicized because its pretty much illegal to arrest someone secretly -- one of those things in place to prevent police abuse of power. Arrest reports are public records. At that point you can try to slip it in to the daily feed, but its generally easier to just issue a press release in a high profile case. In this case, however, it looks like they didn't do that. They just arrested the guy and haven't talked yet about the details.

Re:

[Lysander7]

True, but not so if it's an issue regarding National Security, and given the court's recent stance on cyberterrorism being "an act of war", they could very easily manipulate this to be such a case so they won't have to immediately disclose anything.

Will the police get any evidence?

[BillKaos]

has had his house searched and a significant amount of material taken away by police for forensic examination

Frankly, I can't imagine that even the less prepared script kiddie wouldn't keep all their hacking data inside a TrueCrypt partition allowing him to claim plausible deniability.

That, an open wifi, then claim "it came that way, or I couldn't make my netbook connect, so I had to open it".

Given those basic security measures, what evidence could the police use to incriminate him? Video/screen surveillance? I can't think of any other way.

Re:

[nedlohs]

It's the UK. Surely having a TrueCrypt partition is a slam-dunk jail sentence under http://www.legislation.gov.uk/ukpga/2000/23/section/49 [legislation.gov.uk]

After all they can keep asking for the key to the hidden partition they "know" is there and when you refuse to provide them (because there is no hidden partition) you get 2 years in jail (5 if they can make it look terrorism related)...

Re:

[L4t3r4lu5]

This is why I have a tiny hidden partition on my TrueCrypt volume, using the same key as the container, holding a single text file, with the contents "This file exists to prevent any prosecution case stating that I have not provided the encryption key to any "hidden" volume on my computer, and would otherwise not exist."

All I have on there is some personal finance information, a password database and the obligatory BitCoin wallet anyway. I just don't want to spend 2 years in jail because the prosecution's

Re:

[BillKaos]

Indeed. How can they prove that the "hidden volume" exists? Their best bet would be to install a spy-camera and watch the subject performing some illegal activity, and that may not even work if he is cautious and goes to some public place with a laptop.

Suspect is not "Mastermind"

[Anonymous Coward]

I know it makes for boring news but apparently Ryan Cleary did nothing except host the IRC where lulzsec had a channel.

In all seriousness

[sqrt(2)]

I truly think that Lulzsec is doing good work, and they should be applauded for their efforts. I really hope this kid was using strong encryption and covering his tracks enough to provide a credible legal defense, although considering he was caught probably not. What they are doing is a good thing, there needs to be a force in the world working to encourage better security practices--there wasn't previously to a sufficient degree, nothing like this. My data is safer because of the heightened vigilance they

Re:

[Lysander7]

Sure, and I think people should fly planes into buildings to demonstrate the lack of airport security.

Re:

[sqrt(2)]

If you can't see the difference in those two scenarios then you're beyond my help. Sorry.

Re:

[cavreader]

Both of the scenarios involve groups who believe in their rightous cause and are willing to break the law and create harm to others to prove their point. One is certainly more extreme and damaging then the other however by condoning one you are implicitly condoning the other. Who gets to decide what constitutes a "good cause" that justifies breaking the law?

Re:

[soccerisgod]

Golden Rule [wikipedia.org].

One should treat others as one would like others to treat oneself (positive form)
One should not treat others in ways that one would not like to be treated (negative/prohibitive form, also called the Silver Rule)

Unless you enjoy to be hacked and have your data exposed...

Re:

[Anonymous Coward]

You really are a complete prat, aren't you? Staggered by the idiocy of your comment, I have looked through your comment history, and am somewhat surprised to find that it's not a one-off. You despise rules imposed by other people, but nevertheless believe that everyone should abide by your own.

Someday lulzsec, or some equivalent group of twats, will release your own personal details on the Pirate Bay. And then you will be back here to tell us all how information should be free and that lulzsec are great. I

Re:

[Computershack]

I really hope this kid was using strong encryption and covering his tracks enough to provide a credible legal defense,.

Using encryption gets you nowhere in the UK. If you are suspected of using it, they can't break it and when they ask you for the key you refuse, you get an automatic 2 year jail sentence.

Re:In all seriousness

[LWATCDR]

Because attacking a PBS website because they broadcast a story you didn't like makes all of us safer. I mean no need in hearing any news story that might upset us now is there?
I hope the catch as many as possible. They have attacked freedom of speech and freedom of the press. They have hurt many innocent consumers if not out right hurt them all for the lulz. You have a really odd idea what good work is.

Re:

[quickgold192]

needs to be a force in the world working to encourage better security practices

That force is usually called "the bad guys." If no one ever tried to steal anything, we wouldn't need any security. And your stuff would be just as safe.

LulzSec Responds

[abyssalson]

LulzSec has already responded on Twitter. "Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here! Which poor bastard did they take down?"

Re:

[Anonymous Coward]

If they're anything like Anonymous, they won't stand by their fallen comrade, unlike actual guerrilla groups.

This will breed resentment among the ranks (why work for people who won't have your back?) and LuzSec will fall apart.

Lulzsec's Twitter feed:

[el_tedward]

"Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here! Which poor bastard did they take down?"

See: www.twitter.com/lulzsec

For the Lulz

[Terranex]

It wouldn't be beyond LulzSec's ability (or maybe just one member) to frame someone 'for the lulz'

LulzSec says none of its members were arrested

[mask.of.sanity]

In a tweet: "Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here! Which poor bastard did they take down?" https://twitter.com/#!/LulzSec/statuses/83164092998758400 [twitter.com] http://www.scmagazine.com.au/News/261303,lulzsec-linked-uk-teen-arrested-in-fbi-sting.aspx [scmagazine.com.au]

Stupid freaking sensationalism whoring headline

[sl4shd0rk]

FTFA: "It's important to note at this point that it has not been confirmed that the arrested man is suspected of being involved with LulzSec by the authorities."

So wtf? Can we get it straight?

Re:It's prison time

[Bob Gelumph]

How about some due process, first?

Re:It's prison time

[Anonymous Coward]

It's lulzier without it.

Re:It's prison time

[WiglyWorm]

Sounds like you hate America, son.

Re:

[cyberchondriac]

Meh.. few countries, if any, have more "process" than America (the US). It's probably far more common that a guilty person gets off on a technicality than an innocent person gets sentenced, though it does happen.
-OTOH, most cases don't involve the CIA...

Re:

[SilentStaid]

Whoosh.

Re:

[girlintraining]

How about some due process, first?

They've been arrested. The public is watching. There will be a trial. How much more due process do you think a criminal deserves? These guys aren't going to some secret military prison to be tortured because their second cousin twice removed once had a bad thought about his government...

Re:

[Anonymous Coward]

You're missing the point. The parent is criticising the grand parent for automatically labelling him as guilty and already saying what his sentence is, before any due process has taken place..

Re:It's prison time

[girlintraining]

You're missing the point. The parent is criticising the grand parent for automatically labelling him as guilty and already saying what his sentence is, before any due process has taken place..

Yeah. On the internet, we call that 'tuesday'.

Re:

[Neil Boekend]

Doesn't mean it's the way it should be.

Re:It's prison time

[Rennt]

They've been arrested. The public is watching. There will be a trial. How much more due process do you think a criminal deserves?

Alleged criminal.

If the courts are as quick to jump to conclusions as you, then all the publicity in the world won't buy him due process.

Re:

[djdanlib]

I think he was referring to the way people react to the news that someone was arrested in connection with a thing - they don't presume innocence until proven guilty, unless they are the ones in the hotseat. There hasn't been a trial, so the process hasn't been completed, yet people are passing judgment as if it were over. So you're right about the thought police, but the unfortunate reality is that the public's mob justice tends to ruin lives whether those lives were actually guilty or not. Let's all just w

Re:

[dwandy]

They've been arrested. ... There will be a trial. How much more due process do you think a criminal deserves?

I don't think those words mean what you think they do.

Re:

[DickBreath]

Due process?

Please discontinue your wrong thinking immediately.

Remain calm, and stay where you are. A government re-education technician will be along momentarily to assist you.

Re:

[FlipperPA]

Can't wait for the due process... I've been wondering how the "I Did It For the Lulz!" defense would hold up in a court of law for years!

Re:

[LWATCDR]

Of course after a fair hearing. Thing is that if he is guilty then they will make an example of him and get him to turn in others. After a few dozen of the LulzSec minions are sitting in prison the rest will follow. It is funny that so many people on Slashdot really thought that LulzSec was going to get away with taunting world governments. They have their own really bright folks and lots of resources. As long as Anon and Lulz where just messing with companies like Sony and generally being juvenile they whe

Re:

[DrBoumBoum]

I wonder how much of one another's real identity they know of. Pretty little I imagine, why would someone from such a group share any private detail with others?

Also correct me if this sounds too simplistic but I imagine the very first thing I'd do if I were from such a group would be to never connect from anything else than a neighbor's open or cracked wifi (with my dedicated hack station of course, I'd have plenty of normal traffic on the other ones). Is there really still much of a chance to get identi

Re:

[Hazel Bergeron]

(+1, Judiciary)

Re:

[adolf]

With all the high profile attacks and leaking private info of companies then attacking FBI and other law enforcement agencies I bet his looking for a lifetime sentence. Serves him right.

You mean, like Federal pound-me-in-the-ass prison [youtube.com]?

(Did anyone else notice that the end of that Youtube URL ends in "FuCK0"? Lulz.)

Re:

[Luckyo]

In before prison slut walks.

Re:It's prison time

[Anonymous Coward]

Give me a break. If it is THAT vulnerable where a hacker can access a system then they are going after the wrong person. It isn't like this guy is in the country. You can't just go after anybody you please. It isn't reasonable. They can't catch guys operating out of North Korea, Sudan, Iran, or Cuba. There should be standards that developers have to live up to or I should say the products. If they don't then the companies selling said products should be the ones held liable. Yes- it means increased costs. That is what would be reasonable. Just because you catch a handful of the people who can exploit these systems because those systems are so easy to exploit does not fix the problem. It is stupid to go after the very people who are finding the holes rather than fixing the damm holes.

Re:It's prison time

[cgeys]

Yeah, you try breaking in to a house and after that try to explain it with "well, they should had armored their door and made better locks".

Re:

[EdZ]

Closer would be placing your money in a bank, then later finding out - after the bank has been robbed and your money stolen - that their vault door was just painted onto a bit of plywood leant against the wall.

Re:

[FhnuZoag]

So, you'd favour not going after bank robbers? Come on, it's not like opprobrium is a scarce resource.

Re:

[MobileTatsu-NJG]

Closer would be placing your money in a bank, then later finding out - after the bank has been robbed and your money stolen - that their vault door was just painted onto a bit of plywood leant against the wall.

Ok... the robber is still a criminal.

Re:

[nstlgc]

Your analogy with a house failed because a regular house is not storing millions of records on people. This is more like getting a bomb on a train, intruding into the cockpit of a plane, in order to prove a point. Both of which have been repeatedly done by TV shows.

Re:It's prison time

[bws111]

There are two separate issues: did the hackers make unauthorized use of a computer, and was the computer adequately protected. These are independent. There are laws against unauthorized use of computers, and they do not specify some 'degree of difficulty' before they are effective, nor should they. Unauthorized use is unauthorized use, period. There may or may not be laws regarding protection of data. However, even if there are, violation of THAT law would be a separate crime, and in no way would excuse someone who violated the unauthorized use law.

And your analogy is much worse than the house analogy. The hackers actually did damage - they released account info, DDOS'd servers etc. To complete your analogy, the bomb must actually be detonated. If that were the case, I doubt anyone would be defending the person who did it as some kind of hero for pointing out a security weakness.

Re:

[clickety6]

Yeah, for just a few shekels a month you can store your valuable goods in my underground vault protected by this ten foot thick, time-locked steel door to which only you will have the key. Ooops! Sorry, seems somebody got in and stole your items. We never thought they would come in through that unlocked window at the back of the vault.

Re:

[Mister Whirly]

So you wouldn't mind if I broke into your bank account, and moved some information around so you had nothing left in your account? I didn't actually steal anything, just moved some data around...

Re:

[Mister Whirly]

It isn't in the summary, I just threw it out there to demonstrate a point. OP said only data was moved, nothing was physically taken. So I asked if I could move data around to show his bank account was zero - I didn't actually take anything, just moved data around. I wasn't trying to illustrate what had actually happened. If I somehow led you to believe that is what took place I apologize.

Re:

[AJH16]

Better idea, nothing says you can't blame BOTH!

Re:

[bws111]

Yep, I agree. Just today I was reading about a murder trial where someone shot someone in the chest and killed them, and I thought 'That is stupid. They shouldn't prosecute the shooter, they should prosecute the maker of the t-shirt the victim was wearing. The shooter is actually a hero for pointing out how defective these t-shirts are'. I mean, you can't catch ALL the murderers, so instead you should put all the responsibility and blame on the victims, right?

It may well be that there should be some law

Re:

[Missing.Matter]

Since when are T-Shirts purported to be bullet proof? If I were to call up any of the hacked companies with concerns about my information, I guarantee you they'd tell me it's safe and secure. I hold these companies with my personal information just as liable as I would my bank if my safety deposit box was plundered.

Re:

[bws111]

So if your safety deposit box was plundered, you think the robbers shouldn't be found and prosecuted just because the bank to YOU it was safe? That is just stupid. Of course the bank may have some liability to you, but that certainly does not let the robber off the hook.

Re:

[Missing.Matter]

I'd probably want both.

Re:

[rbrausse]

the big tube to Cuba will be launched in July [google.com], the group FidelSec is surely in ramp-up preparations

Re:

[norriefc]

With all the high profile attacks and leaking private info of companies then attacking FBI and other law enforcement agencies I bet his looking for a lifetime sentence. Serves him right.

This is the UK. Should he be someone from lulzsec and if they have a decent amount of evidence to prove he was a main player I'd say he'll get 2-3 years max and likely out in 12-18 months for good behaviour

Re:

[dkf]

This is the UK. Should he be someone from lulzsec and if they have a decent amount of evidence to prove he was a main player I'd say he'll get 2-3 years max and likely out in 12-18 months for good behaviour

At that sentence length, no. Maximum 1/3 off for good behaviour once the sentence is over 2 years long.

Re:

[sseaman]

A lifetime sentence for what? Was any demonstrable harm done?

If the allegations are true he engaged in criminal activity, no doubt, but let's not lump him in with war criminals.

Re:

[rebelwarlock]

You seem to be under the illusion that everyone who is accused of a crime is guilty.

Re:

[somersault]

Wha? I was coding games on my own when I was 12. Anyone who's actually interested could easily be a decent blackhat by 19.

Re:

[Canazza]

12. Pah. I was writing C64 Basic when I was 5.
Granted I couldn't make it compile and I went back to playing Flimbos Quest, but I *was* doing it :P

Re:

[somersault]

I was writing C128 BASIC at that age, and it compiled. I was just copying it out of the manual though, it was code to draw basic shapes on the screen IIRC.

Re:

[AJH16]

The difference is that the untouchable circles in Russia and China, you never hear about. They aren't dumb about advertising their successes and this can make it very easy for a company to not acknowledge it either (or maybe not even notice). It's also a lot easier to target consumers than companies. Attack a company and you may get customer information, but they are more likely to notice and take necessary actions to limit damage. That isn't the case with the little old lady that clicks the link to rem

Re:

[smelch]

That's the idea, but really it doesn't work that way for this kind of hacking any more than it works for carjacking. In this case, one down is probably 100 less who think they'll get away with it. I mean, it's not like they're freedom fighters being stepped on by the government. They're class A jackholes, being jackholes. Watching the class clown get sent to the office where he is butt-raped by the principal probably doesn't inspire lots of others to take up the mantle and carry on the cause of lulz.

Re:

[ArsenneLupin]

Well, if the principal is a handsome guy, and not too rough, 10% might get encouraged to try to take up the mantle...

Re:

[jonbryce]

1. Someone attacks senate.gov "for teh lulz"
2. FBI investigates and discovers it is coming from an English IP address
3. They ask Scotland Yard for help, and trace it to someone in Ess*x
4. Ess*x Police get the appropriate wiretap warrants, and move in while he is in the middle of attacking soca.gov.uk, again "for teh lulz"

Pretty normal cross-border crime investigation

Re:

[rbrausse]

[...] Ess*x
Ess*x[...]

lolwhut? What the hell is wrong with writing Essex? Let's meet in Fucking to drink one [or more] pints of Fucking Hell [www.rnw.nl] - maybe afterwards you're more relaxed about funny geographical names

Re:

[ElectricTurtle]

In GP's defense, he's probably just used to forums that autocensor. Being in environments like that train people like the dogs they are. Furthermore, 'middlesex' is funnier. It's like a geographic DP threesome.

Re:

[jonbryce]

It is a dig at stupid internet naughty words filters. I do the same for Sc**thorpe (missing letters are "un"). Also see http://en.wikipedia.org/wiki/Essex_girl [wikipedia.org]