A joint operation by Scotland Yard, the FBI and the Metropolitan Police led to the arrest of a UK teenager in connection with the recent denial-of-service attacks against “a number of international businesses and intelligence agencies by what is believed to be the same hacking group.”
That hacking group, would of course be LulzSec. They’ve gained a great deal of notoriety over the past two months for hacking such high-profile targets as PBS News, the U.S. Senate, the CIA, the UK’s Serious Organised Crime Agency, Sony, Nintendo, and Simon Cowell’s X Factor show.
Ryan Cleary, 19, was arrested this morning in the intelligence sting and is being held on Computer Misuse Act and Fraud Act offenses.
The teenager is being held at a Central London police station for questioning and authorities have admitted that a search of Cleary’s residence in Wickford, Essex have yielded “a significant amount of material.”
It’s hard to tell how significant this arrest is or what methods from the intelligence sting led to police to target Cleary.
In our interview with Internet security expert and professional social engineer Chris Hadnagy, he said that most hackers are caught when someone rats on them, rather than through any police tactics.
“Like many criminal activities, what gets people caught most of the time is someone talks. This is either someone that is involved or otherwise informed on criminal activities that gets in trouble and cuts a deal or someone that infiltrates the group for the purposes of finding information,” Hadnagy said. “Beyond that, the next most likely way is to simply make a mistake.”
None of the reports indicates if Cleary made a mistake, if a police officer infiltrated the group or if someone sold him out. Further, there’s no way to tell what this arrest means in the larger picture. That hasn’t stopped Sky News from jumping the gun by inexplicably referring to the teen as a suspected “mastermind” within the group on the one hand, while failing to source that information on the other.
Security group Sophos took aim at LulzSec this morning, writing “[one] had to wonder if all of this bragging could lead to the group’s downfall” and claiming “it would, after all, be hard to keep a secret from friends and peers if you were a member of LulzSec.”
Would it really? Perhaps. Sophos suggests LulzSec is “drunk with the popularity of their Twitter account,” which as this post goes live has over 225,000 followers.
At the very least, Sophos believes or at least hints that any arrests made would be because LulzSec members didn’t keep their identity a secret from family or friends. Which, implies, at the very least, that it would take some ratting out the members for them to be arrested.
Ultimately, here’s the only factual things we know about this arrest: Ryan Cleary is allegedly a hacker who has been arrested. He’s possibly tied to LulzSec. In all likelihood he is not the mastermind.
Here’s LulzSec’s response to the news, which the group couldn’t resist poking a little fun at, while simultaneously distancing themselves from Cleary:
Oh, and today, the group is also not claiming responsibility for the recent UK Census hack, which has been attributed to them, as The Next Web reported they did.