Today Jake Davis, allegedly known as Topiary, the purported spokesman and frontman of the Infamous LulzSec hacker group, was heard by Westminster Magistrates’ Court on five charges, including conspiracy for the DDoS attack against the Serious Organised Crime Agency’s website, forced offline on June 20.
- Unauthorised access to a computer system, contrary to Section 3 of the Computer Misuse Act 1990;
- Encouraging / assisting offences, contrary to S46 of the Serious Crime Act 2007;
- Conspiracy with others to carry out a Distributed Denial of Service Attack on the website of the Serious and Organised Crime Agency contrary to S1 Criminal Law Act 1977
- Conspiracy to commit offences of section 3 Computer Misuse Act 1990, contrary to S1 Criminal Law Act 1977
- Conspiracy between the defendant and others to commit offences of section 3 Computer Misuse Act 1990 contrary to S1 Criminal Law Act 1977.
During the day more and more details were disclosed about the 18 years old boy, already released on bail, the most sensational of which are represented by “his personal cache of 750.000 passwords” found in his laptop during the arrest, but also by the fact that prosecutors have claimed that Davis’s laptop was found to contain the fake article announcing Rupert Murdoch’s death; the same article was published on The Sun Home Page during the famous hack on July, the 18th related to the phone voicemail scandal that has overwhelmed News Corp, leading News Of The World to end its publications.
But I must confess I was intrigued by other two details: Jake is defined an avid online chess player, and most of all, The Daily Mail defines him “an Autistic Shetland Teen”, even if it does not report any medical information in support of its argument, but only general evidence.
Jake Davis is the third UK Teen arrested as an alleged member of LulzSec, in June same thing had happened to Ryan Cleary, a 19-year-old from Wickford Essex, while on July, the 19th, a 16-year-old boy from south London was arrested and subsequently released on police bail pending further inquiries. He was believed to be Tflow, another member of the Lulz Boat.
Curiously Ryan Cleary, he also charged for the SOCA DDoS, was also found to suffer from Autism, a light form called Asperger’s Syndrome. As I already said, this kind of disease seem to be quite common between hackers, since it was also diagnosed to Gary McKinnon the author of the Ufo Hack. For sure, it is not a coincidence: probably since they have difficulties in interacting with humans, they use the saved brain resources for interacting with computers, although Topiary, the alleged LulzSec Identity of Ryan Cleary, has also shown great ability with words, astounding the world with the irony and the subtlety of its pastebin press releases.
This infosec summer is getting hotter and hotter…
Actually I cleaned it up a little bit in order to show only some of the events happened in 2011, which were inserted in the original matrix. As a reference I left some events of the previous years (inserted in the original matrix as well) in order to have a kind of normalization. They include the infamous Ufo Hacker, the Greek Cellphone Caper, and finally the Palin’s Email Hacking.
As you may easily notice, Stuxnet deserves the Top of the Rock for Innovation and Impact. The infamous malware (the terror the nuclear power plants) has divided the infosec community in different factions: those who consider the malware as the first example of next-gen cyber-weapons developed (maybe by Israel and the U.S.) to seriously damage and delay the Iranian nuclear program (whose development took at least ten years of work), or those who consider it the work of an amateur, a script kid, possibly an astronomer with knowledge of the Holy Bible. Regardless of the real origin, because of its huge exploitation of 0-day vulnerabilities (which make it really contagious) the malware has established a new level, and probably a new standard for the information security landscape.
The RSA breach ranks in a considerable position as well. As known, compromised seeds were used to attack several main contractors of U.S. Defense (L-3, at the beginning of April but disclosed at the end of May, Lockheed Martin, on May, the 22nd, and Northrop Grumman on May, the 26th). As I told in one few posts ago I am afraid that also the Mother of All Breaches, that is the breach of 24,000 files by a Contractor, happened in March but disclosed by Pentagon last week, may be somehow related to the RSA Breach. As a consequence of the latter breach, a classified US military weapons system will have to be redesigned. Because of the impact, this breach should also be included in the matrix.
Probably the effects of the Epsilon Data Breach have been underestimated, since it is likely that security concerns, in terms of phishing, for the owners of breached e-mail addresses will last for years.
Obviously the matrix could not miss the infamous Anonymous and LulzSec Hacking groups. Their actions are considered quite simple with a major impact for the Lulz Boat. The Anonymous group is perhaps unfairly considered only for DDoS, and probably the matrix was drawn before the events of the last days such as the Monsanto Hack performed by Anonymous (whose impact is quite huge and denotes a growing interest of the group towards social problems), or the Sun Hacking (at this link some technical details on the hack).
Finally a quick consideration, of course it is a coincidence, but I could not help noticing that the author of the Ufo Hack, Gary McKinnon, has been diagnosed with the Asperger’s Syndrome, a form of Autism. Curiously the same disease has been diagnosed to Ryan Cleary, the alleged LulzSec member arrested in U.K. on June, the 21st. Probably some individuals suffering of autism spectrum disorders establish with machines the links and relationships they are not able to establish with the other human beings. This explains in part why they are so able with hacking…
Again, thanks to Massimo for reporting this really interesting (and enjoying) link.
- The LulzSec Boat is Back (and sails under The SUN) (paulsparrows.wordpress.com)
The storm which hit the media empire of Rupert Murdoch has rapidly spread over the web. Yesterday night I was fighting against my summer insomnia, when the silence of a quiet July summer night has been broken by a storm of tweets from the LulzSec boat (immediately followed by a predictable bunch of Anonymous echoes).
I could not help typing http://www.thesun.co.uk, but when I detected this first storm of tweets and consequently went to SUN Home page, the defacement was already completed, so I missed the bogus story on Rupert Murdoch’s death, which the hacker group posted on the home page of the SUN.
But this does not mean that I was not able to taste the the hacking ability of the LulzSec boat as well: with great surprise I noticed that the front page was only apparently correct, since after few sconds I was redirected to the LulzSec Twitter account. Few after a new storm of tweets from the Lulz Boat flooded the Internet:
Not satisfied with the defacement, the Hacker Group also decided to divulge the email, password info and phone numbers for one Rebekah Wade—Brooks’ maiden name—along with many others from Murdoch’s tabloid crew.
So it looks like the #antisec wave has hit the shores of the Murdoch Media Empire under the new declination of #MurdochMeltdownMonday. This is probably due both to the huge echo raised by the phone hacking scandal involving News Of The World, another piece of the Murdoch Empire, but another possible reason may rely on the critical and ironical position held by Murodoch’s tabloids against the hacking group: see for instance the article describing Ryan Cleary’s arrest from The Sun perspective.
Probably the group did not like the excessive use of terms such as geek or nerdy teenager, and hence decided to have a memorable revenge…
Update 06/22/2011: Other tweets of Cyberwar: it lools like the Operation #OptItaly is going on. Currently the site http://www.renatobrunetta.it is under DDoS attack and does not reply correctly to connection requests (it takes too much to load and sometimes the page is not open).
It looks like that the #AntiSec Operation has landed in Italy. The Anonymous boats have bulleted their ammunitions against some Web Sites affiliated with PM Silvio Berlusconi and, although the operation started more than ten hours ago, the situation is not completelely back to normal.
Yesterday evening the web sites were invested with an impressive wave of DDos attacks: all the sites were unavailable and right now, http://www.governoberlusconi.it is still not responding.
This is the first (known) example of the #AntiSec (Anti-Security) operation in Italy issued by the hacker group Lulzsec (famous for the repeated attacks to Sony, Nintendo, CIA and FBI-affiliated). The #AntiSec manifesto declares a real cyber war, whose top priority is to steal and leak any classified government information, including email spools and documentation (with banks and other high-ranking establishments declared as Prime Targets) “teaming up with the Anonymous collective and all affiliated battleships.”
For the chronicle the first act of this cyberwar has been a massive DDoS attack against SOCA on June, the 20th, and yesterday a fake declaration was posted on pastebin indicating the next release of the 2011 UK Census.
Moreover, yesterday a joint operation between FBI and Scoltland Yard arrested Ryan Cleary, an 19 years old boy in Essex, claimed to be the head of the LulzSec group. After an initial silence the LulzSec tweets were back indicating the boy arrested was a “simple” Admin of a server used for IRC (here a full story with an amusing perspective from the famous tabloid The Sun) and was in no way affiliated to the group.
The revenge of the group was merciless: LulSec replied leaking personal information of two hackers claimed to have supported FBI and Scotland Yard (defined “FBI & other law enforcement clowns”) for the investigations.
The war is just beginning no holds barred.
- LulzSec Teams With Anonymous, In Operation AntiSec (news.slashdot.org)
- SOCA website scalp claimed by LulzSec in apparent DDoS attack (nakedsecurity.sophos.com)
- Police arrest teen from Lulz Security for DDOS attack (infoworld.com)