Government // Cybersecurity
News
9/2/2011
12:11 PM
Connect Directly
RSS
E-Mail
50%
50%

Scotland Yard Arrests LulzSec, Anonymous Suspects

"Kayla," thought to be key LulzSec figure, part of sting. Reacting to the arrests, Anonymous hackers are crafting less traceable attack tools.

Scotland Yard on Thursday announced that as part of a trans-Atlantic investigation with the FBI into the hacktivist groups LulzSec and Anonymous, it had separately arrested two men, age 24 and 20, on charges of misusing computers. They're due to appear in court on Wednesday.

"The arrests relate to our enquiries into a series of serious computer intrusions and online denial-of-service attacks recently suffered by a number of multi-national companies, public institutions, and government and law enforcement agencies in Great Britain and the United States," said detective inspector Mark Raymond from the Metropolitan Police's central e-crime unit, reported the Associated Press.

At least one of the arrests appears to relate to an investigation into the LulzSec operator known as "Kayla," Scotland Yard told the Guardian. Interestingly, Kayla's Twitter feed hasn't been updated since 1:34 p.m. U.K. time on Thursday.

"Kayla, alongside the likes of Sabu, Topiary, and Tflow, is considered to be one of the key figures in the LulzSec hacking gang," said Graham Cluley, senior technology consultant at Sophos, in a blog post. "However, Kayla--who has claimed involvement in the hack against security firm HBGary--has presented herself online to be a giggly 16-year-old girl. Although Kayla has given interviews to the press in the past, 'she' has always declined to use Skype to confirm an adolescent female voice."

Also on Thursday, Scotland Yard, as part of a separate investigation into Anonymous attacks, arrested two men, age 26 and 20 on charges of "conspiracy to do an unauthorized act in relation to a computer." The two men were released on bail, but are due to appear in court on Wednesday along with a man, age 22, and boy, age 17, previously arrested on similar charges. Meanwhile, a 16-year-old boy arrested on similar charges has been referred to a youth justice board.

The arrests of so many people involved in Anonymous operations has led its members to try and build a replacement for the distributed denial-of-service tool, dubbed Low Orbit Ion Cannon or LOIC, that the group had favored for attempting to knock targeted websites offline. As many Anonymous participants have now learned, each packet sent by LOIC wasn't necessarily anonymous. In fact, unless users actively changed their packet source address, it was often contained in every packet launched by LOIC. Authorities have apparently been tracing those source addresses back to participants, in part by using lists of attack addresses supplied by organizations that were hit with LOIC, such as PayPal.

According to the AnonOps Communications blog, which has served as a reliable source of Anonymous-related news, the new tool, dubbed RefRef, was built with JavaScript, and is designed "to use the target site's own processing power against itself," according to the blog. "In the end, the server succumbs to resource exhaustion due to #RefRef's usage," apparently by using a known SQL injection vulnerability.

The tool was reportedly tested earlier this week in an attack against the website of WikiLeaks, which Anonymous famously supported (although it was originally formed to attack the Church of Scientology).

One or more hacktivists claiming responsibility for the takedown said they had "a personal vendetta against WikiLeaks," and later posts suggested the disagreement involved money. But according to the Twitter post: "We are sorry we took you down. We are even."

RefRef has also apparently been tested recently against Pastebin and online community 4Chan, from whence Anonymous sprung. RefRef is due to be officially released on September 17, 2011. But whether it keeps Anonymous members who use it anonymous remains to be seen.

The vendors, contractors, and other outside parties with which you do business can create a serious security risk. Here's how to keep this threat in check. Also in the new, all-digital issue of Dark Reading: Why focusing solely on your own company's security ignores the bigger picture. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.