Arrested LulzSec hacker: he's one of us

Powered by SC Magazine
 

AFP scalps hacker 'leader' inside Australia's IT ranks.

The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.

The self-proclaimed 'leader' of hacker movement LulzSec was arrested by police at his office in Sydney late yesterday and charged with three counts of unauthorised access to a computer system.

The unnamed 24-year-old, known online as Aush0k, resides in Point Clare on the Central Coast.

Police said he worked at the Australian operations of a large international firm offering IT security services, but declined to name the company. Research by iTnews and SC Magazine has since discovered the man is Matthew Flannery, a low-level support consultant at Content Security.

Flannery was charged with hacking offences, and is alleged to have defaced a government website this month. The AFP confirmed it was not a Federal Government website. 

"He took advantage of a known exploit to access the website, then put a backdoor in" to gain further access, said Detective Superintendent Brad Marden, national coordinator of cybercrime operations at the Australian Federal Police.

Flannery was alleged to have also defaced the site by posting an image and 'altered' the internal structure of the site.

He is the first alleged member of the LulzSec group to be arrested by the AFP.

The AFP said Flannery was an IT professional and held a "position of trust" within his unnamed company, with access to "sensitive information from clients including government agencies". He had the potential to access data stored on the affected website but it did not appear he had done so, the AFP said. 

His knowledge and skills presented "a significant risk to the clients of the company for which he was employed had he continued his illegal online activities," police said.

This has been disputed by Flannery's employer.

Content Security had no knowledge of his actions, according to the AFP. 

Commander Glen McEwan, manager of the AFP's Cyber Crime Operations, said he wanted to get the message out that it was not 'harmless fun' to attack government websites.

"It is not about the magnitude of damage, its about the vulnerabilities that exist," he said. "No one has tacit consent to acceas such information. We are not dealing with a small, petty crime here."

Such access has "huge ramifications for society," he said.

The man has been bailed to appear May 15 at Woy Woy local court and must report to police three times a week.

LulzSec still in operation?

The AFP said the man had been invovled with LulzSec for some time, but they were not aware of his motives.

LulzSec claimed responsibility for a series of high-profile attacks against government agencies and large corporations during 2011.

The group claimed to have ceased activities by late 2011, but Detective Marden said sporadic hacks continue.

"There has been ongoing talk - it is not necessarily a group as such, people affilliate with these networks with other motivated individuals."

One simply becomes a member of LulzSec "by self-affilliation", he said.

It is unknown whether the arrested man engaged in other LulzSec operations, and no extradition has been sought from a foreign jurisdiction.

The arrest follows the one year jail sentence handed down to Lulzsec member Cody Kretsinger, aka Recursion, who pled guilty in April last year for an attack on Sony Pictures International.

Other members of the group have pled guilty to hacking offences - among them, group leader Hector Xavier Monsegur, known as Sabu.

Copyright © SC Magazine, Australia


Arrested LulzSec hacker: he's one of us
 
 
 
Top Stories
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
The CISO’s dilemma: Do you trust your partner’s partner?
[Blog post] How far down the chain do you check?
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 317

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 121

Vote