"Kayla," thought to be key LulzSec figure, part of sting. Reacting to the arrests, Anonymous hackers are crafting less traceable attack tools.
Scotland Yard on Thursday announced that as part of a trans-Atlantic investigation with the FBI into the hacktivist groups LulzSec and Anonymous, it had separately arrested two men, age 24 and 20, on charges of misusing computers. They're due to appear in court on Wednesday.
"The arrests relate to our enquiries into a series of serious computer intrusions and online denial-of-service attacks recently suffered by a number of multi-national companies, public institutions, and government and law enforcement agencies in Great Britain and the United States," said detective inspector Mark Raymond from the Metropolitan Police's central e-crime unit, reported the Associated Press.
At least one of the arrests appears to relate to an investigation into the LulzSec operator known as "Kayla," Scotland Yard told the Guardian. Interestingly, Kayla's Twitter feed hasn't been updated since 1:34 p.m. U.K. time on Thursday.
"Kayla, alongside the likes of Sabu, Topiary, and Tflow, is considered to be one of the key figures in the LulzSec hacking gang," said Graham Cluley, senior technology consultant at Sophos, in a blog post. "However, Kayla--who has claimed involvement in the hack against security firm HBGary--has presented herself online to be a giggly 16-year-old girl. Although Kayla has given interviews to the press in the past, 'she' has always declined to use Skype to confirm an adolescent female voice."
Also on Thursday, Scotland Yard, as part of a separate investigation into Anonymous attacks, arrested two men, age 26 and 20 on charges of "conspiracy to do an unauthorized act in relation to a computer." The two men were released on bail, but are due to appear in court on Wednesday along with a man, age 22, and boy, age 17, previously arrested on similar charges. Meanwhile, a 16-year-old boy arrested on similar charges has been referred to a youth justice board.
The arrests of so many people involved in Anonymous operations has led its members to try and build a replacement for the distributed denial-of-service tool, dubbed Low Orbit Ion Cannon or LOIC, that the group had favored for attempting to knock targeted websites offline. As many Anonymous participants have now learned, each packet sent by LOIC wasn't necessarily anonymous. In fact, unless users actively changed their packet source address, it was often contained in every packet launched by LOIC. Authorities have apparently been tracing those source addresses back to participants, in part by using lists of attack addresses supplied by organizations that were hit with LOIC, such as PayPal.
The tool was reportedly tested earlier this week in an attack against the website of WikiLeaks, which Anonymous famously supported (although it was originally formed to attack the Church of Scientology).
One or more hacktivists claiming responsibility for the takedown said they had "a personal vendetta against WikiLeaks," and later posts suggested the disagreement involved money. But according to the Twitter post: "We are sorry we took you down. We are even."
RefRef has also apparently been tested recently against Pastebin and online community 4Chan, from whence Anonymous sprung. RefRef is due to be officially released on September 17, 2011. But whether it keeps Anonymous members who use it anonymous remains to be seen.
The vendors, contractors, and other outside parties with which you do business can create a serious security risk. Here's how to keep this threat in check. Also in the new, all-digital issue of Dark Reading: Why focusing solely on your own company's security ignores the bigger picture. Download it now. (Free registration required.)
Security Job #1 For FedsThe 2014 InformationWeek Government IT Priorities Survey shows federal IT pros care about security - itís rated as very important by 69% of respondents, 30 percentage points ahead of the No. 2 priority, disaster recovery. Will the upcoming NIST cyber-security framework help manage risk?