LulzSec Suspect Arrested By UK Police

An anonymous reader writes "The UK's Police Computer e-Crime Unit (PCeU) has arrested a 19-year-old man in Wickford, Essex, in connection with the series of LulzSec attacks against organizations including the CIA, PBS and Sony. The man, who has been arrested under the Computer Misuse and Fraud Act, has had his house searched and a significant amount of material taken away by police for forensic examination. The PCeU worked with local Essex police and the FBI on the investigation."

It's prison time

[cgeys]

With all the high profile attacks and leaking private info of companies then attacking FBI and other law enforcement agencies I bet his looking for a lifetime sentence. Serves him right.

Re:It's prison time

[Bob+Gelumph]

How about some due process, first?

Re:It's prison time

[adolf]

With all the high profile attacks and leaking private info of companies then attacking FBI and other law enforcement agencies I bet his looking for a lifetime sentence. Serves him right.

You mean, like Federal pound-me-in-the-ass prison?

(Did anyone else notice that the end of that Youtube URL ends in "FuCK0"? Lulz.)

Re:It's prison time

Give me a break. If it is THAT vulnerable where a hacker can access a system then they are going after the wrong person. It isn't like this guy is in the country. You can't just go after anybody you please. It isn't reasonable. They can't catch guys operating out of North Korea, Sudan, Iran, or Cuba. There should be standards that developers have to live up to or I should say the products. If they don't then the companies selling said products should be the ones held liable. Yes- it means increased costs. That is what would be reasonable. Just because you catch a handful of the people who can exploit these systems because those systems are so easy to exploit does not fix the problem. It is stupid to go after the very people who are finding the holes rather than fixing the damm holes.

Re:It's prison time

[cgeys]

Yeah, you try breaking in to a house and after that try to explain it with "well, they should had armored their door and made better locks".

Re:It's prison time

It's lulzier without it.

Re:It's prison time

anonesc esc
"The good news everybody: Ryan has little to do with #LulzSec besides running IRC. All 6 members of @LulzSec are fine and safe." #AntiSec

Lifetime sentence for ru

Re:It's prison time

[WiglyWorm]

Sounds like you hate America, son.

Re:It's prison time

[norriefc]

With all the high profile attacks and leaking private info of companies then attacking FBI and other law enforcement agencies I bet his looking for a lifetime sentence. Serves him right.

This is the UK. Should he be someone from lulzsec and if they have a decent amount of evidence to prove he was a main player I'd say he'll get 2-3 years max and likely out in 12-18 months for good behaviour

Re:It's prison time

[sseaman]

A lifetime sentence for what? Was any demonstrable harm done?

If the allegations are true he engaged in criminal activity, no doubt, but let's not lump him in with war criminals.

Re:It's prison time

[maxume]

I always wonder if that joke was intended to bother people rather than amuse them.

I mean, is prison rape really the most hilarious rape?

Re:It's prison time

[girlintraining]

How about some due process, first?

They've been arrested. The public is watching. There will be a trial. How much more due process do you think a criminal deserves? These guys aren't going to some secret military prison to be tortured because their second cousin twice removed once had a bad thought about his government...

Re:It's prison time

You're missing the point. The parent is criticising the grand parent for automatically labelling him as guilty and already saying what his sentence is, before any due process has taken place..

Re:It's prison time

[Lysander7]

What due process?

Re:It's prison time

[girlintraining]

You're missing the point. The parent is criticising the grand parent for automatically labelling him as guilty and already saying what his sentence is, before any due process has taken place..

Yeah. On the internet, we call that 'tuesday'.

Re:It's prison time

[DickBreath]

Due process?

Please discontinue your wrong thinking immediately.

Remain calm, and stay where you are. A government re-education technician will be along momentarily to assist you.

Re:It's prison time

[dkf]

This is the UK. Should he be someone from lulzsec and if they have a decent amount of evidence to prove he was a main player I'd say he'll get 2-3 years max and likely out in 12-18 months for good behaviour

At that sentence length, no. Maximum 1/3 off for good behaviour once the sentence is over 2 years long.

Re:It's prison time

[rbrausse]

the big tube to Cuba will be launched in July, the group FidelSec is surely in ramp-up preparations

Re:It's prison time

[Hazel+Bergeron]

(+1, Judiciary)

Re:It's prison time

[Neil+Boekend]

Doesn't mean it's the way it should be.

Re:It's prison time

[Luckyo]

In before prison slut walks.

Re:It's prison time

[AJH16]

Better idea, nothing says you can't blame BOTH!

Re:It's prison time

[EdZ]

Closer would be placing your money in a bank, then later finding out - after the bank has been robbed and your money stolen - that their vault door was just painted onto a bit of plywood leant against the wall.

Re:It's prison time

[SilentStaid]

Whoosh.

Re:It's prison time

[FlipperPA]

Can't wait for the due process... I've been wondering how the "I Did It For the Lulz!" defense would hold up in a court of law for years!

Re:It's prison time

[jperl]

Honestly, who modded this post insightful?

Re:It's prison time

[Rennt]

They've been arrested. The public is watching. There will be a trial. How much more due process do you think a criminal deserves?

Alleged criminal.

If the courts are as quick to jump to conclusions as you, then all the publicity in the world won't buy him due process.

Re:It's prison time

it was me

Re:It's prison time

[nstlgc]

Your analogy with a house failed because a regular house is not storing millions of records on people. This is more like getting a bomb on a train, intruding into the cockpit of a plane, in order to prove a point. Both of which have been repeatedly done by TV shows.

Re:It's prison time

[bws111]

Yep, I agree. Just today I was reading about a murder trial where someone shot someone in the chest and killed them, and I thought 'That is stupid. They shouldn't prosecute the shooter, they should prosecute the maker of the t-shirt the victim was wearing. The shooter is actually a hero for pointing out how defective these t-shirts are'. I mean, you can't catch ALL the murderers, so instead you should put all the responsibility and blame on the victims, right?

It may well be that there should be some laws about minimum security measures that must be used. However, even in the presence of such laws the hackers should still be prosecuted to the fullest extent.

Re:It's prison time

Alleged criminal. Innocent until proven guilty. This guy may have been a dupe, or his computer may have been unpatched so that I....er...they...um...yeah....could gain control of it and frame someone.

Re:It's prison time

[LWATCDR]

Of course after a fair hearing. Thing is that if he is guilty then they will make an example of him and get him to turn in others. After a few dozen of the LulzSec minions are sitting in prison the rest will follow. It is funny that so many people on Slashdot really thought that LulzSec was going to get away with taunting world governments. They have their own really bright folks and lots of resources. As long as Anon and Lulz where just messing with companies like Sony and generally being juvenile they where not worth the effort. Now they are worth the effort...

Re:It's prison time

[Missing.Matter]

Since when are T-Shirts purported to be bullet proof? If I were to call up any of the hacked companies with concerns about my information, I guarantee you they'd tell me it's safe and secure. I hold these companies with my personal information just as liable as I would my bank if my safety deposit box was plundered.

Re:It's prison time

[bws111]

There are two separate issues: did the hackers make unauthorized use of a computer, and was the computer adequately protected. These are independent. There are laws against unauthorized use of computers, and they do not specify some 'degree of difficulty' before they are effective, nor should they. Unauthorized use is unauthorized use, period. There may or may not be laws regarding protection of data. However, even if there are, violation of THAT law would be a separate crime, and in no way would excuse someone who violated the unauthorized use law.

And your analogy is much worse than the house analogy. The hackers actually did damage - they released account info, DDOS'd servers etc. To complete your analogy, the bomb must actually be detonated. If that were the case, I doubt anyone would be defending the person who did it as some kind of hero for pointing out a security weakness.

Re:It's prison time

[clickety6]

Yeah, for just a few shekels a month you can store your valuable goods in my underground vault protected by this ten foot thick, time-locked steel door to which only you will have the key. Ooops! Sorry, seems somebody got in and stole your items. We never thought they would come in through that unlocked window at the back of the vault.

Re:It's prison time

[bws111]

So if your safety deposit box was plundered, you think the robbers shouldn't be found and prosecuted just because the bank to YOU it was safe? That is just stupid. Of course the bank may have some liability to you, but that certainly does not let the robber off the hook.

Re:It's prison time

[rebelwarlock]

You seem to be under the illusion that everyone who is accused of a crime is guilty.

Re:It's prison time

[creat3d]

With all the high profile attacks and leaking private info of companies then attacking FBI and other law enforcement agencies I bet his looking for a lifetime sentence. Serves him right.

So a computer crime is worth losing one's life over? Serves him right?

Re:It's prison time

[DrBoumBoum]

I wonder how much of one another's real identity they know of. Pretty little I imagine, why would someone from such a group share any private detail with others?

Also correct me if this sounds too simplistic but I imagine the very first thing I'd do if I were from such a group would be to never connect from anything else than a neighbor's open or cracked wifi (with my dedicated hack station of course, I'd have plenty of normal traffic on the other ones). Is there really still much of a chance to get identified with such a basic security measure?

Now obviously in addition to that any related activity would take place from a shadow truecrypt volume or something like that.

Re:It's prison time

[Missing.Matter]

I'd probably want both.

Re:It's prison time

[FhnuZoag]

So, you'd favour not going after bank robbers? Come on, it's not like opprobrium is a scarce resource.

Re:It's prison time

[MobileTatsu-NJG]

Closer would be placing your money in a bank, then later finding out - after the bank has been robbed and your money stolen - that their vault door was just painted onto a bit of plywood leant against the wall.

Ok... the robber is still a criminal.

Re:It's prison time

[Max_W]

OK. Due process. But if they were found guilty then there should be severe due legal punishment. Attacking servers makes a lot of damage. These people cause a lot of harm. A lot. Let alone companies and economies, but to us personally, those who try to work with servers. It is not amusing and we are not clowns for torture by these malicious individuals.

Re:It's prison time

[sosume]

They won't be able to prove anything if he has any skills. Connections are routed through Russia and China and valid evidence will be impossible to obtain. Not sure if British law obliges you to hand over your password, but my guess is that the government used anti-cp laws to get this approved.

Re:It's prison time

[Smigh]

Very well put.

Re:It's prison time

[DrXym]

He'll probably fall back on the old "I have aspergers" and "mummy!" defences first.

Re:It's prison time

[DrXym]

Even if they don't get evidence they could throw him in the clink under RIPA pt III if they suspect he has encrypted files and is unwilling to divulge the keys.

Re:It's prison time

[DrXym]

A lifetime sentence for what? Was any demonstrable harm done?

Lulzsec have caused demonstrable harm. Whether this guy has is another matter.

Re:It's prison time

[The+Moof]

Was any demonstrable harm done?

Yes. Or do you not think releasing authentication info of thousand accounts is considered damage? Or DDoSing systems, causing outages?

Sure, they exposed security flaws. However, instead of informing the companies of the flaws and helping fix them, or even releasing proof you broke into the systems without release the full account data, they chose to troll everyone "for the lulz" by releasing full account data to the public. That's where most of us have the problem with what they were doing and don't think they should be granted leniency.

Lifetime sentence? No, not lifetime. I'm sure there's a law on the book that will determine the length of the sentence... multiplied by the number of attacks. Not sure about how UK law works, but this poor guy may also be subject to civil suits as a result of the aforementioned damages.

I personally think they're going to throw the book at him, then offer him a plea deal to give up someone farther up the chain of command. From what I'm reading, this sounds like he was just the PR guy. He's probably in for a world of hurt that's a lot more than he was expecting for just being associated with the group as their voice.

Re:It's prison time

[djdanlib]

I think he was referring to the way people react to the news that someone was arrested in connection with a thing - they don't presume innocence until proven guilty, unless they are the ones in the hotseat. There hasn't been a trial, so the process hasn't been completed, yet people are passing judgment as if it were over. So you're right about the thought police, but the unfortunate reality is that the public's mob justice tends to ruin lives whether those lives were actually guilty or not. Let's all just wait and see what the courts decide before we assign guilt or innocence.

Re:It's prison time

[Nationless]

Except the service was free.

Re:It's prison time

[djdanlib]

Yes, exactly.

"Just because I noticed that you didn't provide adequate safeguards, lol" isn't a valid reason to commit a crime.

It doesn't remove the ill effects from the lives of everyone you just affected with your crime, either. Just because your conscience lets you do something, doesn't mean it is harmless to yourself or other people.

Re:It's prison time

[jgtg32a]

George Carlin had something to say on the subject, but I'm not going to google that

Re:It's prison time

[dwandy]

They've been arrested. ... There will be a trial. How much more due process do you think a criminal deserves?

I don't think those words mean what you think they do.

Re:It's prison time

[Danzigism]

forcing and physically abusing someone to have sex with you against their will, holding them down with no option of escaping is high-fucking-larious? good god what the hell is wrong with you? and you think the government is wrong? ffs.

Re:It's prison time

[AmiMoJo]

Thanks to the glacial speed that the UK justice system moves at by the time he is convicted he will probably have served his sentence already while on remand and be released immediately :-(

I imagine if he can get bail it will carry a no-computer-use clause. Since most jobs above McDonalds level require computer use these days it could screw up his life far more than getting his sentence under way now. Assuming he is found guilty at all, of course. AFAIK there is no compensation if found innocent, if you lost your job then too bad...

Re:It's prison time

[Kielistic]

The real problem is that you can't always go after hackers. To reuse the bank analogy if the vault had an open tunnel going all the way to North Korea then it would most definitely be the bank's job to seal it. If someone waltzes in from North Korea and steals everything there's no going after them. No one is saying don't go after hackers (well, mostly no one) but there is a higher burden of responsibility to the owners of the compromised networks. They must do what is in their power to ensure outside attackers cannot get in.

Re:It's prison time

[LWATCDR]

Yes.
So you are going to access the network using a cracked or open wifi. Well then you are sending to that wifi with no real encryption. You will be vulnerable to a someone sniffing the connection. Once they tack you back to that open wifi point they just put some wifi sensor on the power poles near your house to sniff your wifi signal and locate it to your house. Then they use those sensor to record all your data. Then they get a court order and put a GPS tracker on your car or in the UK just us their cameras to track you. While your out of your house they get in and plant a hacked version of Truecrypt that gets your password.
Yes your basic security measures are pretty useless to stop Mi-5, CIA, FBI, or NSA. That is what is so funny seeing "1337" posts on Slashdot. The level of arrogance involved. The real tech folks at the CIA, FBI, NSA and probably Mi-5 are every bit as smart as the best hackers and have a crap load more resources. The NSA has it's own fab for goodness sakes. They really are the brightest boys with the biggest toys.

Re:It's prison time

[snowraver1]

Tell that to the people in gitmo!

Re:It's prison time

[cyberchondriac]

Meh.. few countries, if any, have more "process" than America (the US). It's probably far more common that a guilty person gets off on a technicality than an innocent person gets sentenced, though it does happen.
-OTOH, most cases don't involve the CIA...

Re:It's prison time

[AlamedaStone]

But I just wanted my air conditioning fixed...

Re:It's prison time

[MobileTatsu-NJG]

How long would you be willing to let that escalate? Humans are a mighty creative bunch when it comes to getting into places they shouldn't.

Re:It's prison time

[DrBoumBoum]

Hum interesting, although some of your claims seem a bit far-fetched. Obviously the guy could (would) be using the wifi point to communicate with a zombie through ssh or openvpn, so no way of sniffing the content of the traffic. Nonetheless as you mention the communication with the wifi router would still be visible, but would it be sufficient to pinpoint to the physical location of the laptop? I doubt it, especially in a city like London where you would most probably be part of a large compex of tiny flats.

But even so in the end this doesn't change the fact that the cops would find nothing on the laptop itself, not a single bit of evidence whatsoever. The IP address was not his, the MAC address neither. No a single clue on the hard drive. So all what would remain would be their conviction that "the signal seemed to roughly come from this general area". I don't think this would ever stand in front of a judge; in fact I don't think they would even bother prosecute with so little evidence.

Also I don't buy the story about Mi-5 breaking in the apartment and planting something on the laptop, this definitely looks too James Bondish to me. Anyway since the laptop drive would be encrypted there's not much they could do with it. Possibly plant some kind of physical key-logger somewhere, but again at this point this is not realistic any longer. In my opinion the situation at hand is much simpler, they caught some idiot with LOIC on his hard drive and called it a day. Also the guys at NSA/Mi-5 might have some powerful tools but I doubt they're using them chasing Lulzsec, they definitely have got much bigger fishes to fry. Interesting discussion nonetheless.

Re:It's prison time

[demonlapin]

I'm neither English, nor a lawyer, but I'm pretty sure that while aspects of due process as understood in the US are protected in England via common law, the American ideas of due process actually have no direct correlate in English law. As the guy was arrested in Essex, English law surely applies.

Re:It's prison time

[horza]

It is funny that so many people on Slashdot really thought that LulzSec was going to get away with taunting world governments.

Did you even ready the article? It says that so far there is no connection between the arrest and LulzSec.

Phillip.

Re:It's prison time

[Plekto]

Oh, you also forgot a few other agencies as well around the world. But most of them will simply send an agent to take you out of the equation. (ie: Russia, Israel, and so on). If you pull stunts like this, you're going to be caught or worse. Evey time. In fact, if you live in the U.S. or U.K., there's no point even trying to hide. They know absolutely everything about everyone, or can in a very short amount of time.

Re:It's prison time

[Eggplant62]

Really, man. TFA is full of unconfirmed speculation that only posits that the guy they got was involved with Lulzsec and nothing more. I'd call it irresponsible reporting myself.

Re:It's prison time

[MobileTatsu-NJG]

Is Mazda criminally negligent because somebody used a hammer to break the window and steal my GPS?

Re:It's prison time

[mr_lizard13]

You're kidding right? He'll be on a plane to the states in no time. I suspect the US wants to have a word with him and we just love bending over for an extradition.

Re:It's prison time

[LWATCDR]

If a GPS can locate you down to a few inches they could locate a wifi to an apartment. With the right stuff you can use TOF and since wifi is in the Ghz band off the self military sigint stuff will do the job. Breaking in and planting bugs is not that unusual and even SSH is vulnerable to a man in the middle attack if you are using passwords and not ssh keys. As to not chasing Lulzsec? Don't bet on it at this point. They are making some outlandish threats. At this point the scary people may decided that they will go after them for the Lulz. Not to mention the recruitment. If you prove a challenge to catch then you may get an offer than would be unpleasant to refuse. And even more amusing is the idea that these guys will not turn over the password to their true-crypt volumes so fast it will make your head spin. "We have enough to put you away for 20 years and when you get out you will have a very hard time finding a job, wife, or making any real life for yourself. So how about you just give us that password and we will see what we can do. You may get just a slap on the wrist if you help us catch the big fish".
It really is a simple as that. A 19 year old will spill his guts in a second... as he should.

Re:It's prison time

[s73v3r]

You mean speculating on the outcome of the case? How dare he opine on what might happen to the kid if he's convicted.

Re:It's prison time

[FhnuZoag]

Well, okay, we agree completely, and the anonymous coward GP is an idiot.

Re:It's prison time

[s73v3r]

While I agree wholeheartedly in holding the keepers of the information liable as well, the kid (allegedly) broke the law. Breaking into someone's servers should still be against the law, and wouldn't change.

Re:It's prison time

[GameboyRMH]

get him to turn in others.

Yep, he's gonna spill the beans on CeilingFanCat and GarterSnakeCmdr, and the police are gonna raid their houses on 7th Street, Proxy Lane and haul them away.

Re:It's prison time

[GameboyRMH]

Anyone who uses a wifi AP within range of their house (as if regularly using the same AP isn't dumb enough), and sends anything sensitive unencrypted over wifi, deserves whatever they get.

The hacked version of Truecrypt is an interesting possibility though. Truecrypt should offer a post-boot app that confirms a hash of the bootloader code on each bootup to detect this. It would be impossible to disable this without cracking the volume key first. This way you can alert the user and wipe + replace the boot sector, where the captured key would presumably be stored.

Re:It's prison time

[GameboyRMH]

This has been fun but you've been assuming the whole time that the LulzSec guys weren't using any proxies at all. If you go through Tor and don't come out through a honeypot exit node, you can't be traced. I wouldn't be surprised if the guy they just arrested was Just Some Dude running a Tor exit node, or who accidentally left the web interface for a DD-WRT capable AP open to the Internet.

Re:It's prison time

[GameboyRMH]

Isn't that the second innocent IRC operator they've arrested now? These guys are hilariously incompetent.

Behold your mighty cyber police, LWATCDR!

Re:It's prison time

[alexborges]

They havent been arrested. This is a guy who owns a server that has an irc server. The brits are just desperate....

Re:It's prison time

[malacandrian]

The group have themselves been dumb enough to confirm this for us.

Clearly the UK police are so desperate to catch us that they've gone and arrested someone who is, at best, mildly associated with us. Lame.

Their Twitter

Re:It's prison time

[TrisexualPuppy]

Moron AC, this has nothing to do with grammar.

Re:It's prison time

[IZN0GUD]

Just because you catch a handful of the people who can exploit these systems because those systems are so easy to exploit does not fix the problem.

Yeah, that would be an ideal world (wakey wakey.) IRL, credit card companies haven't improved CC security because it is cheaper and easier to catch fraudulent persons and to compensate losses than to improve cards to be "beyond hackable". Same principle applies here - it's easier to catch and hang few perpetrators than to patch all CMSes around the globe. Note that i am just observing what goes on IRL, that does not necessarily mean i wouldn't rather live in that ideal, fair(y) world.

Re:It's prison time

[Cederic]

Why did you assume AC was envisioning the act from 'on top' ?

I know girls with rape fantasies. Shit, I know a man that fantasises about being raped. I also know a girl that giggles like hell when you tie her up, whether you have sex with her or not.

good god what the hell is wrong with you?

Glasshouses, etc.

Re:It's prison time

[psiclops]

Where i live it's Wednesday now.

Re:It's prison time

[psiclops]

That would depend on the crime(s).

in this case - possibly yes. but i'll hold judgement on that until i see what he is charged with that there is any decent evidence for.

Re:It's prison time

[Kalriath]

You probably would. Except that the general Slashdot consensus is that "LulzSec" are heroes for stealing and distributing personal information on hundreds of thousands of people and should get off scot free, while the companies that held the information should be put in front of a firing squad.

In fact, both the bastards should go to prison. "LulzSec" are goddamned criminals, and the companies holding the information are scum (since I guarantee that someone at the bottom said "this really isn't good" but someone at the top said "tough, you aren't getting any budget to fix it. Just release it already").

Re:It's prison time

[Bob+Gelumph]

Habeus corpus, innocent until proven guilty, jury trials, etc. were all used in England before they were used in the U.S.. And in answer to all the others who are talking about due process with respect to the authorities, I was referring to the posters presumption that the guy is guilty. According to LulzSec, he merely runs an IRC server that LulzSec uses, among others, and while they didn't specify, I got the feeling they meant that the IRC server was used by non-LulzSec people as well. If that is true, then next, they'll arrest the guy who runs pastebin.

Re:It's prison time

[trewornan]

Yes we do - at least in theory, the US basically got it's legal system from England (sorry about that).

Re:It's prison time

[LWATCDR]

And you are also expecting that they never use a TOR exit node that was a honey pot. It doesn't take many mistakes to get caught if you are playing with the big dogs. These are the same people that built the SR-71, used nuclear subs to tap underwater phone cables, and build and run the Keyhole and Lacross birds. It will take just one to track them down and as the link suggests http://it.slashdot.org/story/11/06/22/1236215/Authorities-Closing-On-LulzSec more than one member may have already been turned.
You really don't want to go to be a big enough problem to get on these groups radar. I find the fandom and ego trips about LulzSec's abilities to be far more amusing then their little stunts. It is too bad the they don't know the rule "don't poke the bear". LulzSec and Anon are dumb enough to think they are the bear.

Re:It's prison time

[GameboyRMH]

Even if they use a honeypot node, which can't identify the source IP unless it is passed as unencrypted traffic by some service since connections aren't direct, you're still assuming that the person was using Tor from home and was using it as their only proxy. My point was that any one measure used properly can make being tracked practically impossible, multiple anonymizing measures used together will erase all hope. And these guys might literally be using 7 proxies, at least one being a Tor connection, and then won't be hacking from home.

The "Big Dogs" have more resources (processing power, network access, physical capabilities) but they aren't magic.

Re:It's prison time

[LWATCDR]

Not magic but they have more resources and frankly talent that you can imagine. All it will take is one slip up and it is over as it may already be. But you can see how easy it is since we started off with "I will just use someone else's wifi" to now using several proxies. So what makes you think that they have not comprised those proxies with a man in the middle attack? Do you honestly think that any security organisation with access to the telecom infrastructures allows open proxies that are not monitored? I mean do you honestly think that they are not on every IRC channel and board and have access to the same list of proxies as the hacker community does? They just ignore most of the traffic because it isn't a threat to nation security. Now that they have made threats things may have changed. The only why really to avoid getting caught is to stay below the radar and not get their attention. None of this is magic just the way it is in the intelligence community. They tech they have is amazing as is the tallent and that is a good thing IMHO. I am in the LulzSec is nothing but vigilantes category the sooner they and Anon are crushed the better.Right now the smart members are sitting in their basements curled up in a ball hoping to be lucky. The dumb ones think they can not be caught.
 

Re:It's prison time

[Coren22]

Yes, Britain can lock you up for not handing over your encryption passwords.

Re:It's prison time

[Coren22]

I was kept out of EvE for a night, this harmed me greatly :P

Re:It's prison time

[GameboyRMH]

So you're saying they've literally backdoored *every* proxy out there and can basically see every single thing that happens on the Internet? I assume this was after the whole Wikileaks thing, Lockheed-Martin hacks, and RSA hacks? Or do they just reserve their amazing talent for "really important stuff" while arresting innocent IRC operators and sending secret subpoenas to Twitter to make it look like they're horribly incompetent?

Re:It's prison time

[LWATCDR]

It isn't the CIA,NSA, or MI5 sending out those. But do you think that people can could build the SR-71 using slide rules and 1950s tech ,the Corona and Keyhole satellites, and tap underseas phone cables in the USSRs backyard using nuclear subs couldn't find LulzSec if it the wanted too?
As I said the only way to not be under their thumb is not to get their attention. List of open proxies, Tor nodes, and IRC channels are not hard to find. A few thousand taps on those sites using man in the middle attacks is very easy for them. About the only way is if all the members are in unfriendly nations and using proxies in those nations but even that wouldn't be impossible.
If they are distributing SSH keys by sneaker net and keeping their keys on their own PC then it will be much harder to tap them but then again you will have the risk of people knowing each other so when one turns all is lost.
The question is only if the idiots in LulzSec are worth the trouble or not. They may just be fun low hanging fruit for the Spooks to play with or even good training. To think that LulzSec really can pull the crap they are pulling and not get caught is just arrogance. The best part is how they call themselves a Hydra. Chop off a head and more will grow back. Kind of sucks if you are one of the heads that gets chopped off. Chop a few of them off and they will learn to keep down and out of site. Jail isn't full of Lulz after all.

Re:It's prison time

[LWATCDR]

Could be as simple as a keylogger or could be a hardware hack. Find the model of keyboard they are using and replace their board with one with some custom firmware and an SD card. Could even just swap the electronics so that they don't notice. You do seal the screws on you keyboard and check them don't you?
Way back when I worked in a place with real security. People have no idea how hard real security is. If you even tried to take in or out a keyboard or screw driver in that place things got real complicated real fast.

Re:It's prison time

[GameboyRMH]

You're assuming all these three-letter agencies (Who are not the companies who built the SR-71 or much less impressive spy satellites, as if aerospace engineering would help here) have as much access to the Internet as an office LAN and can perform MITMs on everything, conveniently before their SSH keys were exchanged. If that were true, sure, it would be impossible to hide. But if they have this capability, they've never used it. Not on Wikileaks, not on Al-Quaeda, not on more serious black hats that attacked defense contractors, not on anyone. Are they really going to use their ultimate weapon for the first time on a group of for-the-lulz hackers?

Re:It's prison time

[Anonymous+Cowpat]

AFAIK there is no compensation if found innocent, if you lost your job then too bad...

That is also what I understand the position to be, although I don't know if that's ever been on a (un)pleasant trip to Strasbourg yet.

It must be Tuesday

[cultiv8]

It's important to note at this point that it has not been confirmed that the arrested man is suspected of being involved with LulzSec by the authorities. But many observers are speculating that that could be the case.

So this "news" article is nothing but speculation?

Re:It must be Tuesday

[girlintraining]

So this "news" article is nothing but speculation?

In the dark ages before the internet, when dinosaurs ruled the earth and grammar nazis were kept caged in cellars underneath college english departments, journalists learned to never directly state the person was guilty. Guidelines were developed to prevent over-zealous lawyers from destroying the freedom of the press through endless lawsuits. So, in the event of a crime, we are not allowed to refer to it as "your" crime, merely "a" crime.

Re:It must be Tuesday

[rapiddescent]

in other news, the usually vocal Lulzsec twitter feed stopped at the same time as the arrest.

Re:It must be Tuesday

[jon_doh2.0]

He has been arrested.

Re:It must be Tuesday

[jonbryce]

Given that the FBI were involved, it is more likely in response to one of their earlier US attacks, such as senate.gov

Re:It must be Tuesday

[girlintraining]

...somehow I don't think that a multi-agency-operation can be executed within 1 day

If you show your ass to authorities on six different continents, it goes without saying they're going to feel a lot more generous about cooperating in capturing you.

Re:It must be Tuesday

[TubeSteak]

he shoulda used 8 proxies

Re:It must be Tuesday

[Rijnzael]

So they went after the LulzSec mouthpiece instead of after someone involved with their illicit activities. Certainly the weakest link in the chain, but I wonder realistically how much this will limit LulzSec.

Re:It must be Tuesday

[M.+Baranczak]

This is true. But the "some observers say" thing should set off anybody's bullshit detector. Who the hell are those observers? Are they people who actually have inside knowledge of the case? Random Slashdot posters? The journalist's drinking buddies?

Re:It must be Tuesday

[Teknikal69]

Unless he was unknowingly the first proxy/bounce in the chain.

Bit early to think he is guilty but I fear they may need a scapegoat anyway.

Re:It must be Tuesday

[ifrag]

we are not allowed to refer to it as "your" crime, merely "a" crime

Of course it's company policy never to imply ownership in the event of a dildo... always use the indefinite article a dildo, never your dildo.

Re:It must be Tuesday

[Calos]

>>> So, in the event of a crime, we are not allowed to refer to it as "your" crime, merely "a" crime.

I don't see how what you're saying has anything to do with the GP's point.

All (s)he is saying is that there is no evidence of any connection to LulzSec, not even the authorities are claiming or hinting as such, and yet the article is claiming that some unnamed sources of unknown reliability are claiming it as so. This has nothing to do with presumption of innocence pre-trial. Basically all they're saying is that "Gee, this LulzSec group has been in the news for hacking, and then there's this kid being arrested for computer-related crimes, maybe they're related?"

There are two ways to take that. On one hand, it seems a totally reasonable connection to make and wonder about. On the other hand, there's no evidence for making the connection, and the article is the one drawing that link (presumably because it will get them attention). Far from avoiding the angst of lawyers - this is approaching slander.

I'm not claiming it is slander, but that's how you run a professional smear-job. Associate the person with all manner of things nefarious in the public eye, but in a purely speculative manner - and after all, it was "unnamed observers" suggesting it, not your esteemed journal.

Re:It must be Tuesday

[Missing.Matter]

Yeah, it's along the same lines as "Some people say" or "We're hearing." It's a way for journalists to bring up a topic without owning it. "Not that I'm calling you a murderer, but some people are. How do you respond?"

Re:It must be Tuesday

[dkf]

...somehow I don't think that a multi-agency-operation can be executed within 1 day

If you show your ass to authorities on six different continents, it goes without saying they're going to feel a lot more generous about cooperating in capturing you.

But it will still take more than a day for them to agree to arrest you. Don't underestimate the need for the management to have a good long meeting first, and the more high-profile agencies involved, the more that becomes necessary. (It's a primate thing, rather like baboons showing off the colour of their genitals.)

Re:It must be Tuesday

[AmiMoJo]

LulzSec The Lulz Boat
Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here! Which poor bastard did they take down?
1 hour ago

My money is on botnet victim, or maybe an anon who decided to join in.

Re:It must be Tuesday

[The+Moof]

That's generally how it works. Pick up the weak link, and try to get him to roll on the someone up the chain.
If he does, go get that person, and repeat the process.

Re:It must be Tuesday

[Smigh]

Remember that a lot of stuff was apprehended. I'd bet that on most of these cases, data on these guys' pcs will give away information about other members.

Re:It must be Tuesday

[murdocj]

Let's see... all we know for sure is that LulzSec has claimed responsibility for a bunch of high profile computer attacks, and that the official announcement from the UK police says that they've arrested a 19 year old man, and that "The arrest follows an investigation into network intrusions and Distributed Denial of Service (DDoS) attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group.". And that "The PCeU was assisted by officers from Essex Police and have been working in co-operation with the FBI."

You don't have to be Sherlock Holmes to connect the dots.

Re:It must be Tuesday

[Jaysyn]

So they arrested the guy less than one hour ago?

Re:It must be Tuesday

[Ksevio]

Just wait for after a few more of these stories the twitter feed starts speaking in the first person...

Re:It must be Tuesday

[Dhalka226]

And somehow I think this group even more than average.

A group that, according to their own "literature," commits crimes "for the lulz?" I wonder how long they will find it funny when they're staring years or even decades of prison time in the face, along with the possibility that a portion of every dime they make for the rest of their lives could be going back as fine and restitution. Lulz.

This guy is going to fold, hard and fast. The only question is how much he knows. Every bit of that will soon be in the police's hands, of that I have no doubt.

Re:It must be Tuesday

[Kenshin]

Hey, they got Bin Laden through his courier. All they need is a bit of intelligence from this guy (I know, "lulz" and "intelligence" don't exactly go together), and they can get pretty far.

Re:It must be Tuesday

[ackthpt]

So they went after the LulzSec mouthpiece instead of after someone involved with their illicit activities. Certainly the weakest link in the chain, but I wonder realistically how much this will limit LulzSec.

So you're comparing him to OBL? He effectively was just a talker once he carried out his chief ambition and had to go into hiding. This bloke is all the more fool for blathering and calling attention to himself. At least he wasn't shot trying to get away with $250 sewn into his shirt.

Re:It must be Tuesday

[Culture20]

But it will still take more than a day for them to agree to arrest you.

extradite, yes. Arrest? This is the Internet age; people communicate fast. There were probably several polycom meetings in a couple hours.

Re:It must be Tuesday

[Syberz]

It stopped for a whole 9 hours...

Re:It must be Tuesday

[IZN0GUD]

Hey, they got Bin Laden through his courier. All they need is a bit of intelligence from this guy (I know, "lulz" and "intelligence" don't exactly go together), and they can get pretty far.

They got all the intelligence they will need from this guy when they got an image of his disks. Disks will know more than any puppet.

Opening arguments

[girlintraining]

Opening arguments next month:

Judge: "Can the defendant please state, for the record, why they felt it was necessary to take down several high-profile website, costing those companies hundreds of thousands in lost income, cleanup costs, and angry support calls?"

Defendant's Lawyer: "Ah, your honor, let the record show... they did it for the 'lulz'".

Judge: "I see. Well, in the spirit of their crime, sentencing will be 'for the lulz'."

Re:Opening arguments

[txmcse]

Oh, that would be great! Let's hope the judge works in "the oceans", "aiming the guns", "butthurt", and "the long arm of the lulz" :)

Re:Opening arguments

[DamienRBlack]

Judge: "You are sentenced to 1337 years."

Re:Opening arguments

[girlintraining]

Oh, that would be great! Let's hope the judge works in "the oceans", "aiming the guns", "butthurt", and "the long arm of the lulz" :)

Plenty of aiming the guns, butthurt, and long arms where they're heading, that's for sure...

Re:Opening arguments

[crow_t_robot]

In their defense, if this person is convicted on the crimes sentencing will be much lighter than if he had done it for some more nefarious reason like financial gain...see: sentence mitigation.

Re:Opening arguments

[girlintraining]

Judge: "You are sentenced to 1337 years."

Yeah, the extra 1,300 years is because that monacle-clad man sexually assaulted nyan cat. Poor kitty...

Re:Opening arguments

[madhatter256]

Lawyer: "Implying my client is guilty."

Re:Opening arguments

[girlintraining]

In their defense, if this person is convicted on the crimes sentencing will be much lighter than if he had done it for some more nefarious reason like financial gain...see: sentence mitigation.

I have a lot more compassion for someone who is hungry, poor, or in financial difficulty committing a crime out of desperation than those who do it for shits and giggles. Especially first time offenders; This is why the sentencing for prostitution, petty theft, etc., is relatively light (I didn't say it was a slap on the wrist, just that they won't be getting 30 years in the electric chair like these asshats). Most judges, contrary to popular opinion, want to make the community a better place and understand the difference between kids who need to be taught some manners, those who are hard on their luck, and those that are motivated by greed and a callous disregard for their fellow humans.

Re:Opening arguments

[maxume]

Ah, justice, that thing you get when the judge likes you.

Re:Opening arguments

[JamesP]

'Yo're sentenced to 100 years!'

'Huh?!?'

'In binary'

'Hell yeah!'

Re:Opening arguments

[girlintraining]

Ah, justice, that thing you get when the judge likes you.

And when the judge doesn't, we can look to our endless appeals system.

Re:Opening arguments

[Penguinisto]

Yeah... that would be called "motive", and is (at least in the US) a huge factor in what charges are being faced, and in how someone is sentenced.

I'm fairly sure the UK has similar modifiers.

Re:Opening arguments

[gparent]

(I didn't say it was a slap on the wrist, just that they won't be getting 30 years in the electric chair like these asshats).

I knew some US States were harsh, but is 30 years really necessary before switching the chair off? Jeez!

Re:Opening arguments

[biodata]

I can't imagine this will ever get near any judges. If he has a decent lawyer I can't imagine him even being charged with anything. Operating IRC with intent to facilitate people chatting isn't actually a crime.

Re:Opening arguments

[Inda]

He's from England. Our gaols are full. He'll be given an ASBO and told not to do it again, via a typed letter.

Re:Opening arguments

[AmiMoJo]

You raise an interesting question: what will he be tried for? Penalties under the Computer Misuse act presumably, but in that case it seems unlikely he would get a long sentence. Maybe they could go for criminal damage but nothing was actually "damaged" per-se, just temporarily rendered unusable.

Loss of income is a civil matter and the affected organisations would have to sue him themselves for restitution.

Assuming they have the right guy of course, judging by the police's usual level of competence in these matters chances are they just arrested some poor chump whose PC is infected.

Re:Opening arguments

[FhnuZoag]

Not really. Doing attacks for the lulz (i.e. for personal enjoyment) marks you out as a criminal psychopath, substantially diminishing your opportunity for parole.

Re:Opening arguments

[FhnuZoag]

Lawyers can't stop charges being pressed. It seems like a number of reasonable charges can be brought: Perverting the course of justice, conspiracy to commit offences contrary to Section 2/3 of the Computer Misuse Act 1990, etc etc. If they want to go all out on him, they can charge him on conspiracy to commit terrorism, as a broad reading of the UK Terrorism Act encompasses LulzSec.

Re:Opening arguments

[JamesP]

0xDEADBEEF would be better

Re:Opening arguments

[biodata]

Hmm OK they can charge him with showing his arse to the queen and high treason if they want to. Operating an IRC server for zero financial gain is not a crime and unless he conspired with anyone to do anything illegal I can't see how a conspiracy charge would stick. As for perverting the course of justice, I don't see how operating a chatroom does that. Terrorism? Laughable. Even my granny isn't scared of email anymore.

Re:Opening arguments

[cold+fjord]

Judge: "You are sentenced to 1337 years."

Lawyer for the defense: "But your honor, my client pleaded "w00t".

Re:Opening arguments

[Zironic]

Actually it's the opposite. Doing it for the lulz reeks of psychopathy which is the kind of people we want to lock up for life.

People doing it for financial gain are rational people that can be rehabilitated into earning their money the legal way.

Re:Opening arguments

[AlamedaStone]

(I didn't say it was a slap on the wrist, just that they won't be getting 30 years in the electric chair like these asshats).

I knew some US States were harsh, but is 30 years really necessary before switching the chair off? Jeez!

Talk about carbon footprints...

Re:Opening arguments

[FhnuZoag]

If he was willingly and knowingly providing resources (in this case, carrying communiques between LulzSec members, which is what running an IRC server would count as) that enabled people to commit various criminal acts then that's pretty blatant conspiracy - and the fact the server is called irc.lulzsec.org kinda strongly suggests that he knew what he was doing. If he ever popped into the channel himself and didn't run to the police, or encrypted his logs, then that's perverting the course of justice. And attacking government infrastructure electronic systems is terrorism by the 2000 Terrorism Act. And this is all even if he didn't do any of the hacking himself.

Re:Opening arguments

[FhnuZoag]

Though possibly it should be accessory, instead of conspiracy. Or maybe both.

Re:Opening arguments

[biodata]

Tell that to Twitter.

Re:Opening arguments

[FhnuZoag]

The google-facebook-twitter etc defense was always that they are not responsible, because they are unaware and impossible to be aware of everything going on via the service. If however they become aware of something, they are obligated by law to do what they can to stop it immediately. Also, in this specific case, twitter isn't liable, because publicising LulzSec via a twitter account isn't itself an offence, or at least a serious one, and closing their twitter account is unlikely to hinder LulzSec.

Wait. Is he a suspect or not?

[chemicaldave]

It's important to note at this point that it has not been confirmed that the arrested man is suspected of being involved with LulzSec by the authorities. But many observers are speculating that that could be the case.

How can you go from that to "Lulzsec suspect arrested?"

Re:Wait. Is he a suspect or not?

[Nidi62]

It's important to note at this point that it has not been confirmed that the arrested man is suspected of being involved with LulzSec by the authorities. But many observers are speculating that that could be the case.

How can you go from that to "Lulzsec suspect arrested?"

This is Slashdot

Re:Wait. Is he a suspect or not?

[Tim+C]

So, putting the question mark (which is part of the sentence as a whole) inside the quotation marks (thus making it part of what is being quoted) is correct American English grammar?

Madness.

Re:Wait. Is he a suspect or not?

[thePowerOfGrayskull]

Two simple keystrokes, are you ready? Here they are:

/.

Re:Wait. Is he a suspect or not?

[abigsmurf]

I suspect that this suspect is suspect.

Re:Wait. Is he a suspect or not?

[Smigh]

Actually no. Anonymous Coward is correct in that some punctuation is placed inside the ending quotation according to the American standard but this does not apply to question marks or exclamation points, for obvious reasons.

Re:Wait. Is he a suspect or not?

[FhnuZoag]

The question for LulzSec is how long irc.lulzsec.org has been compromised. It's quite possible that GCHQ has been monitoring the site for some time, and they are only announcing the arrest now because they think they've gotten enough info out of him....

Personally, I'm enjoying the schadenfreude of seeing the shoe on the other foot. Wonder how good LulzSec's own internal security is.

Re:Wait. Is he a suspect or not?

[GodfatherofSoul]

I'm hoping that the reporters have an off-the-record comment implicating LulzSec. But, nowadays you can't distinguish speculation from journalism.

moron

so you think, a random 19 year old guy actually can have a major hand in hacking of high profile, high security targets. not unreachable, untouchable circles in russia, china, but, a 19 year old random youth from britain. you are unable to realize 'arrests have to be made' in order to save face in these situations, and random pimpleface kid goes to prison for that.

morons like you make the world go haywire. thank you for your existence.

Re:moron

[somersault]

Wha? I was coding games on my own when I was 12. Anyone who's actually interested could easily be a decent blackhat by 19.

Re:moron

[AJH16]

The difference is that the untouchable circles in Russia and China, you never hear about. They aren't dumb about advertising their successes and this can make it very easy for a company to not acknowledge it either (or maybe not even notice). It's also a lot easier to target consumers than companies. Attack a company and you may get customer information, but they are more likely to notice and take necessary actions to limit damage. That isn't the case with the little old lady that clicks the link to remove the viruses from her computer and has her life savings quietly removed from her bank account.

Re:moron

[Canazza]

12. Pah. I was writing C64 Basic when I was 5.
Granted I couldn't make it compile and I went back to playing Flimbos Quest, but I *was* doing it :P

Re:moron

[somersault]

I was writing C128 BASIC at that age, and it compiled. I was just copying it out of the manual though, it was code to draw basic shapes on the screen IIRC.

Re:moron

[DrBoumBoum]

Anyone who's actually interested could easily be a decent blackhat by 19.

Are you fucking kidding me? I could have been a decent blackhat at 14, and I'm definitely not the sharpest out there.

Re:moron

[KingMotley]

Yes.

Re:moron

[timftbf]

Commodore BASIC, as with most 8-bit micro built-in languages, was interpreted, not compiled. If you're old enough to have cut your teeth on such a beastie, you're old enough to know (and to care about) the difference ;)

The BBC Micro is the only device of that era I can remember being otherwise. You could augment the interpreted BASIC programs with in-line assembler - which would have saved me many hours spent with the Big Book of 6502 Opcodes on my VIC-20, before I could afford an assembler.

Re:moron

[somersault]

Yeah I didn't even think about that, oops. I was only 5 at the time of course.

Re:moron

[Etcetera]

I was writing in in Applesoft Basic in 3rd grade on the //e's in our classroom, and it compiled! =P That puts me at 6/7..

There's a picture somewhere of me reading http://www.amazon.com/Serious-Programming-Basic-Henry-Simpson/dp/0830626506/ref=sr_1_1?s=books&ie=UTF8&qid=1308770040&sr=1-1 with a stuffed animal next to me. /nerd

Part of the observation team?

This guy seems to have been part of the process.

https://twitter.com/#!/awallaceuk

Re:Part of the observation team?

[biodata]

Looks like a wannabee spook telling stories

Re:1 down

[smelch]

That's the idea, but really it doesn't work that way for this kind of hacking any more than it works for carjacking. In this case, one down is probably 100 less who think they'll get away with it. I mean, it's not like they're freedom fighters being stepped on by the government. They're class A jackholes, being jackholes. Watching the class clown get sent to the office where he is butt-raped by the principal probably doesn't inspire lots of others to take up the mantle and carry on the cause of lulz.

Way to spoil a potential opportunity.

[Lysander7]

What I don't get is why is this shit always publicized? Instead of waving their dicks around every time a dumb fuck is caught, it'd make more sense to use that caught individual to provide new leads, and catch as many as possible before the rest of the organization goes further into hiding. Seems to me they're doing it purely for PR, rather than because it's their damn job.

Re:Way to spoil a potential opportunity.

[biodata]

The main point is to have something to announce so they don't look like dicks for being hacked. They don't care about the hack per se, just being made to look stupid, and similarly they don't care if he is guilty or ever charged with anyhting as long as they can announce an arrest.

Re:Way to spoil a potential opportunity.

[Xest]

Or because their own site was taken down last night, and, well, they decided a "Hey, look how quickly we can respond!" PR opportunity is better than sitting and waiting to catch the rest.

Re:Way to spoil a potential opportunity.

[arkenian]

Its publicized because its pretty much illegal to arrest someone secretly -- one of those things in place to prevent police abuse of power. Arrest reports are public records. At that point you can try to slip it in to the daily feed, but its generally easier to just issue a press release in a high profile case. In this case, however, it looks like they didn't do that. They just arrested the guy and haven't talked yet about the details.

Re:Way to spoil a potential opportunity.

[Lysander7]

True, but not so if it's an issue regarding National Security, and given the court's recent stance on cyberterrorism being "an act of war", they could very easily manipulate this to be such a case so they won't have to immediately disclose anything.

Re:Way to spoil a potential opportunity.

[arkenian]

But they didn't. Which we should be treating as a good thing, not complaining.

Will the police get any evidence?

[BillKaos]

has had his house searched and a significant amount of material taken away by police for forensic examination

Frankly, I can't imagine that even the less prepared script kiddie wouldn't keep all their hacking data inside a TrueCrypt partition allowing him to claim plausible deniability.

That, an open wifi, then claim "it came that way, or I couldn't make my netbook connect, so I had to open it".

Given those basic security measures, what evidence could the police use to incriminate him? Video/screen surveillance? I can't think of any other way.

Re:Will the police get any evidence?

[nedlohs]

It's the UK. Surely having a TrueCrypt partition is a slam-dunk jail sentence under http://www.legislation.gov.uk/ukpga/2000/23/section/49

After all they can keep asking for the key to the hidden partition they "know" is there and when you refuse to provide them (because there is no hidden partition) you get 2 years in jail (5 if they can make it look terrorism related)...

Re:Will the police get any evidence?

[BillKaos]

Indeed. How can they prove that the "hidden volume" exists? Their best bet would be to install a spy-camera and watch the subject performing some illegal activity, and that may not even work if he is cautious and goes to some public place with a laptop.

Re:Will the police get any evidence?

[Computershack]

I don't think that law would actually hold up in court against plausible deniability encrypted disk images. I think the judge would want proof that a hidden volume actually did exist.

Easily proven. Oh look, here's an area of data on the hard drive that we can't decrypt using our forensic tools.

Re:Will the police get any evidence?

[L4t3r4lu5]

This is why I have a tiny hidden partition on my TrueCrypt volume, using the same key as the container, holding a single text file, with the contents "This file exists to prevent any prosecution case stating that I have not provided the encryption key to any "hidden" volume on my computer, and would otherwise not exist."

All I have on there is some personal finance information, a password database and the obligatory BitCoin wallet anyway. I just don't want to spend 2 years in jail because the prosecution's lawyer was better than mine, should the situation arise.

Re:Will the police get any evidence?

[dkf]

I don't think that law would actually hold up in court against plausible deniability encrypted disk images. I think the judge would want proof that a hidden volume actually did exist.

I'd hate to try to use such a defence in a trial. It'd be far more likely that the jury (or triumvirate of magistrates, in a lower-level court) would decide that you were pissing around with them and state that you were guilty, especially if the police provided evidence that you were communicating in a way that indicates that you were involved in hacking. Remember, conviction requires that it be proved beyond reasonable doubt, not beyond all doubt.

Re:Will the police get any evidence?

[DrBoumBoum]

Oh look, here's an area of data on the hard drive that we can't decrypt using our forensic tools.

That's not how it works, a truecrypt shadow volume is indistinguishable from "no data at that particular location on the disk surface", that's its raison d'être.

Re:Will the police get any evidence?

[L4t3r4lu5]

Almost. It looks exactly like the rest of the structure of the container file; That being that the whole container is encrypted even if it is not entirely full, and therefore you'd expect the whole of the space taken by the container to be encrypted data. It's not that there's no data on the disk surface, but more that data from free space in the container file is indistinguishable from filled space when encrypted. It's this space which is used in hidden volumes.

Re:Will the police get any evidence?

[DrBoumBoum]

Ok thanks for the clarification.

Re:Will the police get any evidence?

[mlts]

There is always the police standby, the browbeat tactic: Convince the person with the TC volume that you know they have a secret volume, won't say how you know, and commence with the threats, be it criminal charges in a civilized country, or the thumbscrews in other places.

Eventually the person will cough up a hidden volume.

Re:Will the police get any evidence?

[BillKaos]

Well it seems some people is not familiar with TrueCrypt. You have an encrypted partition that you can show, and inside it (mixed in the free space) you have a second one. This way if the police forces you to decrypt you partition you can show the fake one, and they have no way of guessing whether you had another one, the most they can do is to destroy it.

Re:Will the police get any evidence?

[Cederic]

"I never had the keys" is sadly also not a defence, even when true.

"There is no encrypted file/partition" is sadly also not a defence, even when true.

That law is asinine and malicious and scares me.

Re:Will the police get any evidence?

[Anonymous+Cowpat]

Cite please. I've only seen it carried through to prosecution once, and the guy got 16 weeks. (Which I also can't cite. Ho-hum) It's also pretty rare for someone to get consecutive sentences in a UK court (precisely because a handful of trivial crimes turn into life imprisonment).

More likely a couple of days in a police station

[biodata]

I doubt he will ever be convicted of anything, unless he makes some kind of confession. That isn't the point. The point is to have a splash in the newspapers soon after the attack. This is an information war, not a real one, and noone wants to start filling up prisons with skiddies, even if they could prove anything beyond reasonable doubt.

Re:The PCeU was assisted by the FBI

[jonbryce]

1. Someone attacks senate.gov "for teh lulz"
2. FBI investigates and discovers it is coming from an English IP address
3. They ask Scotland Yard for help, and trace it to someone in Ess*x
4. Ess*x Police get the appropriate wiretap warrants, and move in while he is in the middle of attacking soca.gov.uk, again "for teh lulz"

Pretty normal cross-border crime investigation

Suspect is not "Mastermind"

I know it makes for boring news but apparently Ryan Cleary did nothing except host the IRC where lulzsec had a channel.

Lulzsec twitter feed stopped at time of arrest

"norendition Lara Fist RT @anonesc v @KforKallisti "Ryan has little to do with #LulzSec besides running IRC. All 6 members of @LulzSec are fine & safe." #AntiSec 7 minutes ago" link

"Ryan Cleary, an alleged member of the hacking group behind the claim, LulzSec, was arrested in Essex this morning by specialist cyber crime officers from Scotland Yard." link

Given the ease with which they traced him, I can't help wondering if LulzSec is overrated and the security expertise of the PCeU is over rated. What the security people don't seem to understand is that groups like LulzSec are not formal organizations like PCeU but more a loose collection of individuals drawn together through a shared ideology. As such there is no command-and-control structure to take out. As someone once wrote - you can't fight an idea.

Re:Lulzsec twitter feed stopped at time of arrest

[numbski]

It gets better.

http://twitter.com/#!/LulzSec/status/83164092998758400

In all seriousness

[sqrt(2)]

I truly think that Lulzsec is doing good work, and they should be applauded for their efforts. I really hope this kid was using strong encryption and covering his tracks enough to provide a credible legal defense, although considering he was caught probably not. What they are doing is a good thing, there needs to be a force in the world working to encourage better security practices--there wasn't previously to a sufficient degree, nothing like this. My data is safer because of the heightened vigilance they cause, and I am thankful for and always amused at their exploits.

Re:In all seriousness

[Lysander7]

Sure, and I think people should fly planes into buildings to demonstrate the lack of airport security.

Re:In all seriousness

[sqrt(2)]

If you can't see the difference in those two scenarios then you're beyond my help. Sorry.

Re:In all seriousness

[cavreader]

Both of the scenarios involve groups who believe in their rightous cause and are willing to break the law and create harm to others to prove their point. One is certainly more extreme and damaging then the other however by condoning one you are implicitly condoning the other. Who gets to decide what constitutes a "good cause" that justifies breaking the law?

Re:In all seriousness

You really are a complete prat, aren't you? Staggered by the idiocy of your comment, I have looked through your comment history, and am somewhat surprised to find that it's not a one-off. You despise rules imposed by other people, but nevertheless believe that everyone should abide by your own.

Someday lulzsec, or some equivalent group of twats, will release your own personal details on the Pirate Bay. And then you will be back here to tell us all how information should be free and that lulzsec are great. I don't think.

Re:In all seriousness

[Computershack]

I really hope this kid was using strong encryption and covering his tracks enough to provide a credible legal defense,.

Using encryption gets you nowhere in the UK. If you are suspected of using it, they can't break it and when they ask you for the key you refuse, you get an automatic 2 year jail sentence.

Re:In all seriousness

[soccerisgod]

Golden Rule.

One should treat others as one would like others to treat oneself (positive form)
One should not treat others in ways that one would not like to be treated (negative/prohibitive form, also called the Silver Rule)

Unless you enjoy to be hacked and have your data exposed...

Re:In all seriousness

[LWATCDR]

Because attacking a PBS website because they broadcast a story you didn't like makes all of us safer. I mean no need in hearing any news story that might upset us now is there?
I hope the catch as many as possible. They have attacked freedom of speech and freedom of the press. They have hurt many innocent consumers if not out right hurt them all for the lulz. You have a really odd idea what good work is.

Re:In all seriousness

[quickgold192]

needs to be a force in the world working to encourage better security practices

That force is usually called "the bad guys." If no one ever tried to steal anything, we wouldn't need any security. And your stuff would be just as safe.

Re:In all seriousness

[toxickitty]

It's never like laws can be wrong or unfair to people, they're prefect the first time around and are always what's best for people, right?

Re:In all seriousness

[cavreader]

Laws are codified (in most countries) so justice can appear even handed and can be applied uniformly. And yes there are times when this system gets abused but there are remedies in most cases (again in most countries) where the accused can challenge the charges and the validity of the law itself in some cases. Robbery statutes don't explicityly define all the possible things that might get stolen it generalizes everything as generic property. Illegally accessing computer system statutes don't define exceptions based on why it was done. You would end up with a system based upon judging nothing but intent and that type of argument can lead to inconsistant outcomes based not upon law but upon someones opinion of right and wrong which can differ radically amongst the population.

Re:In all seriousness

[X.25]

Both of the scenarios involve groups who believe in their rightous cause and are willing to break the law and create harm to others to prove their point. One is certainly more extreme and damaging then the other however by condoning one you are implicitly condoning the other. Who gets to decide what constitutes a "good cause" that justifies breaking the law?

Everyone decides that for himself. That's why you have a brain and should use it.

If next year government introduces a law that says you have to jump off the bridge once a week, you'll be a good citizen, right?

Re:In all seriousness

[sqrt(2)]

When have I tried to make other people abide by my own rules? I'm seriously curious from which comment you drew that interpretation from. Also, have the decency to post non-AC.

Re:In all seriousness

[sqrt(2)]

That's a bit of a stretch, be honest with yourself. I suspect you're a strongly conservative leaning individual and saw that I had a more nuanced and examined view of Marxism and not just knee-jerk rejection and contempt for it, and this upset you enough to insult me personally.

There are elements within Marxist theory that are legitimate and that body of work does have something worthwhile to contribute to the debate about human society and the economy. I don't think I've ever advocated a strict following of Marxism, because I don't support that. And I'm not in favor of banning all weapons, I'm a gun owner myself and would support others to be as well. Perhaps you were talking about nuclear disarmament between nations? That's something I'm for, I think most sane people would be too (START treaty, for example). About borders? I've yet to see a coherent, well reasoned argument as to why capital should be allowed to cross borders freely, but labor should not.

All drugs being legalized is sound social policy proven time and time again. Prohibition doesn't work. And advocating making drugs legal is not pushing my views on others. If I said, everyone should DO drugs, and if you don't want to I'm going to come to your house and make you, THAT would be an example of pushing my views. If I say people should simply have the option to use drugs if they wish, that's not pushing my beliefs, that's letting you choose your own belief for yourself.

You've yet to show how I push my own rules on others.

Re:In all seriousness

[cavreader]

OK moron let's drop every law on the books and decide everything by a freaking show of hands on a case by case basis. That will surely bring justice to all.

Re:In all seriousness

[sqrt(2)]

You still haven't actually shown anything.

And I didn't say I don't see any arguments for borders, read it again until it makes sense. I said why is capital allowed to cross borders freely but labor cannot? That's a more detailed question, and you just ignored it and attack the strawman you erected yourself just now. Nice try though. Likewise you are incapable of pointing to a time in history when drug prohibition has been more successful than other forms of controlling the negative effects of drugs. There is plenty of evidence on my side showing how prohibition doesn't work, you seem to be ignorant of that. I'm unaware of any evidence FOR it not out of ignorance, but out of lack of evidence. It doesn't work, and you're supporting it or feeling like it is morally right doesn't make it so. You also are just blatantly making things up when you say I don't like the idea of military being used to defend the country. I find the attitude of, "You better like this country and be patriotic or git out!" to be incredibly repulsive and not conducive to fixing problems. It just conditions people to accept mistreatment and exploitation and to attack anyone who dares point out that things could be done differently and better.

Yes, I am unhappy with the way the world and my country is right now. But that doesn't mean I want to be some sort of dictator. It doesn't mean I am going to leave (or could) I just want to be part of a society that is more inclusive and fair, for the betterment of everyone. That's not the same as pushing my views, no matter how much you disagree with me, it doesn't make it so. I'm no more pushing my own views on others than you are.

Re:In all seriousness

[cavreader]

No system is perfect but the US system does provide a mechanism to challenge, modify, and invalidate existing laws. Laws get changed all the time. The judicial segment of the government has the power to invalidate laws passed by the legislative branch. People are also free to argue the validity of a law when on trial. In certain situations a defense lawyer can put the law itself on trial. For extreme situations the justice system also provides a way for jury nullification even when there is a clear violation of the law as written.

Re:In all seriousness

[Kalriath]

Seriously? You're now using LastPass? The one that had the master password database stolen?

Your data is now more insecure than it ever was.

Re:In all seriousness

[Anonymous+Cowpat]

it's not automatic - you still get a trial, and it's a two year maximum sentence. The only time I've seen this prosecuted, the guy got 16 weeks.

Alive & well by the sounds of it

[norriefc]

[quote]LulzSec The Lulz Boat Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here! Which poor bastard did they take down?[/quote] From twitter @ 5 minutes ago

Re:The PCeU was assisted by the FBI

[rbrausse]

[...] Ess*x
Ess*x[...]

lolwhut? What the hell is wrong with writing Essex? Let's meet in Fucking to drink one [or more] pints of Fucking Hell - maybe afterwards you're more relaxed about funny geographical names

LulzSec Responds

[abyssalson]

LulzSec has already responded on Twitter. "Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here! Which poor bastard did they take down?"

Re:LulzSec Responds

+5 Insightful? Pfft. Whether or not the arrested person was connected to LulzSec, you should expect them to put out FUD.

Re:LulzSec Responds

If they're anything like Anonymous, they won't stand by their fallen comrade, unlike actual guerrilla groups.

This will breed resentment among the ranks (why work for people who won't have your back?) and LuzSec will fall apart.

Re:LulzSec Responds

[cold+fjord]

... wait... we're all still here! Which poor bastard did they take down?"

The first of many, I expect.

Re:LulzSec Responds

[abyssalson]

LulzSec has already responded on Twitter. "Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here! Which poor bastard did they take down?"

Anonymous responded as well: ""The good news everybody: Ryan has little to do with #LulzSec besides running IRC. All 6 members of LulzSec are fine and safe. ryan cleary simply hosted the new encyclopediadramatica website and irc, lulzsec just had a channel there, not much of a relation.""

Lulzsec's Twitter feed:

[el_tedward]

"Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here! Which poor bastard did they take down?"

See: www.twitter.com/lulzsec

For the people who didn't read the article

[Subratik]

2 important key factors: "It is being widely speculated that the arrest is in connection with the high-profile attacks by the LulzSec hacking group" "It's important to note at this point that it has not been confirmed that the arrested man is suspected of being involved with LulzSec by the authorities. But many observers are speculating that that could be the case." Ladies and gentleman, it's speculative journalism at its best....

Re:The PCeU was assisted by the FBI

[ElectricTurtle]

In GP's defense, he's probably just used to forums that autocensor. Being in environments like that train people like the dogs they are. Furthermore, 'middlesex' is funnier. It's like a geographic DP threesome.

For the Lulz

[Terranex]

It wouldn't be beyond LulzSec's ability (or maybe just one member) to frame someone 'for the lulz'

Re:The PCeU was assisted by the FBI

[jonbryce]

It is a dig at stupid internet naughty words filters. I do the same for Sc**thorpe (missing letters are "un"). Also see http://en.wikipedia.org/wiki/Essex_girl

Re:man?

[equex]

If they think you did something and the punishment gets them votes, money or power, it doesn't matter if the suspect is a sleeping toddler.

LulzSec says none of its members were arrested

[mask.of.sanity]

In a tweet: "Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here! Which poor bastard did they take down?" https://twitter.com/#!/LulzSec/statuses/83164092998758400 http://www.scmagazine.com.au/News/261303,lulzsec-linked-uk-teen-arrested-in-fbi-sting.aspx

Mandatory minimum sentence is over 9000....

we have to follow the rule of law here folks...

Stupid freaking sensationalism whoring headline

[sl4shd0rk]

FTFA: "It's important to note at this point that it has not been confirmed that the arrested man is suspected of being involved with LulzSec by the authorities."

So wtf? Can we get it straight?

Re:1 down

[ArsenneLupin]

Well, if the principal is a handsome guy, and not too rough, 10% might get encouraged to try to take up the mantle...

Wrong man

[Deages]

I heard word that it was just an encyclopedia dramatica IRCop who set up a channel for one of their raids. PS: It is not bird.

Re:Wrong man

[sqrt(2)]

He wasn't a "friend" he was just an op on the network their channel also happened to be on. They didn't abandon anyone, you're reading waaaay too much into this.

Still prison time

Closer would be placing your money in a bank, then later finding out - after the bank has been robbed and your money stolen - that their vault door was just painted onto a bit of plywood leant against the wall.

It'd still be theft if you walked up, knocked the plywood out of the way, and took the cash. You'd still go to jail if they caught you.

Re:Still prison time

[Carewolf]

It'd still be theft if you walked up, knocked the plywood out of the way, and took the cash

What if you walked up, knocked the plywood out of the way, and did NOT take the cash, but just leave it as vulnerable to other criminals to take as it had been all along.. I means just for the lulz of it?

How do they know ?

[Yvanhoe]

How do they know they got the right person ? Lulzsec is notorious to act as bullies, I could see them usurp the identity of a random guy that said bad stuff about them.

Anyway I suspect it is the same as in the case of Anonymous arrests : they got a random schmuck vaguely involved that didn't manage to understand what is anonymity...

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Those fiends!

[Mister+Whirly]

So you wouldn't mind if I broke into your bank account, and moved some information around so you had nothing left in your account? I didn't actually steal anything, just moved some data around...

Just an ircop

[TurinPT]

According to Reddit, he was just an ircop on the server where the lulzsec channel is: http://www.reddit.com/r/worldnews/comments/i568z/19yearold_suspected_of_being_mastermind_behind/c20zhi1

Re:Just an ircop

[_Shad0w_]

Which moderately worries me, as an ircop on Undernet who also lives in Essex (about 15 miles from Wickford, in fact). If you can get arrested for just being an ircop on a network which a bunch of idiots are using, I'm a little worried.

On the plus side...

[_Shad0w_]

On the plus side, they were talking about building a prison in Wickford, so he could at least be near home. The next nearest one is in Chelmsford.

Re:Those fiends!

[Borland]

I'm going to have to remember that excuse when I start having online sexy chats with ladies.

"But darling, this one dude on the internet said it's just moving bits around!"

And if my wife doesn't understand, I'm sure her divorce attorney will.

A process of years

[Borland]

It takes years to take down a ring of any type; I'm sure when they go after the heavies they want plenty of evidence to nail them to the wall with. I'm pretty sure the governments of the world are not going to advertise when they find people of more importance.

Meanwhile you take down some piddly low hanging fruit to keep the public happy and keep the important people secure in the knowledge that 7 proxies have shielded them.

Re:The PCeU was assisted by the FBI

[Magada]

Right about the time Clement Atlee became Prime-Minister. Britain is an American protectorate ever since WWII. Get over it.

Possibly Ryan Cleary, possibly leader of LulzSec

[FoolishOwl]

According to the BBC story,

A man, named locally as Ryan Cleary, 19, has been arrested in Wickford, Essex. Police have not identified him.

The site AnonOps Communications published his name, date of birth, and address on May 12. They match the details of the BBC article.

According to a metro.co.uk article, Ryan Cleary was a former member of Anonymous, who broke off and formed his own group, after hacking and publishing information from one of Anonoymous's servers in May. From an interview with Cleary,

Hacking into the Anonymous system was ‘regrettable but necessary’, he told website Thinq.

‘The only way to make things safe is to make users aware how insecure it is,’ he added.

None of this is definite, but it fits together.

Re:Those fiends!

[Mister+Whirly]

It isn't in the summary, I just threw it out there to demonstrate a point. OP said only data was moved, nothing was physically taken. So I asked if I could move data around to show his bank account was zero - I didn't actually take anything, just moved data around. I wasn't trying to illustrate what had actually happened. If I somehow led you to believe that is what took place I apologize.

welly welly welly well...

[JockTroll]

... Now the fun and games are over. This loserboy is about to find out what happens when you play with the Big Guys. Now he's not behind his keyboard anymore, the harsh cruel world not mediated by the pixels of a flat screen. This is no game, there won't be any save game point, this is for keeps and he's now trembling and soiling himself in the knowledge his fate is forever out of his hands. All his self-aggrandizing dreams are now dust, confronted with the hard, merciless stare of cops and judges who are absolute masters over the pathetic remains of his life. Will he talk? Yes, he will talk: even as we're reading this he's spilling his beans and many, many loserboys are quaking in their slippers dreading the moment Fate, in a Police uniform, will come knocking four times on their door. Will he be jailed? Yes, of course he will be incarcerated. He will be locked in with the worst society has to offer, with absolutely no protection, and the inmates will have so much fun with him. But the question we want answered the most is, will they shit on his face? Yes, they will shit on his face. There will be a merry defecation on his wretched face. His skin will be ripped away and used as toilet paper, his bones will be snapped and used as toothpicks. This is the fate that will befell the loserboys who thought they could play in the Big League without having the right stuff for it.

Re:welly welly welly well...

[synthesizerpatel]

Somebody takes their PS3 time seriously!

Re:welly welly welly well...

[biodata]

I think you have some interesting fantasies going there about what jail is actually like. Seriously though, do we really think it's a good idea putting people with actual hacking skills in regular daily contact with a bunch of actual criminals? What could possibly go wrong?

Re:Those fiends!

[AlamedaStone]

Thanks for the apology, I was confused how their actions could in any way be compared to theft. Now I see that theft is a crime totally unrelated to the actual actions of the individuals in question. It reminds me of my confusion when people suggest infringement is the same as theft, when they're totally different classes of crime.

I'll try to read more carefully in the future.

Re:More likely a couple of days in a police statio

[AlamedaStone]

noone wants to start filling up prisons with skiddies

I wouldn't say no one.

Re:1 down

[GooberToo]

Interestingly enough, history has consistently proved this to be true. If in fact he was a hacker, all of his hacker friends are thinking long and hard about not only being prosecuted but walking the straight and narrow. Its the extremely rare exception where they don't walk away, let alone double down.

That's the difference between ignorant, romantic, fanaticism common on slashdot and the real world.

Re:1 down

[AlamedaStone]

it's not like they're freedom fighters being stepped on by the government.

It seems to me that it is precisely like that in some people's eyes.

Watching the class clown get sent to the office where he is butt-raped by the principal probably doesn't inspire lots of others to take up the mantle and carry on the cause of lulz.

There have been a few counter-examples over the course of US history. One man's lulz are another man's proactive defense of liberty. People like the class clown, and seeing him raped as punishment for making faces in class will enrage at least as many people as it will cow.

As an example

[Sycraft-fu]

Suppose you kill someone by beating them to death. You could be charged with three different things depending on the circumstance:

--You were beating them up, but never intended to kill them, that happened by accident. That is 1st degree manslaughter.

--You were beating them up, and in the heat of the moment decided to push it far enough to kill them. That is 2nd degree murder.

--You planned to kill them, and decided to do it by beating them to death. That is 1st degree murder.

In all cases the end result is the same: A person was beaten to death. However your motivations for doing so change what the crime is. Those crimes carry very different punishments too. Manslaughter 1 is something you can get just a couple years in prison for in some cases. Murder 1 is usually 25 years minimum, often life, and can carry the death penalty in states that allow it.

Re:As an example

[bws111]

What you are describing is differences in intent, not motive. Differences in motive would be 'I killed my beloved wife of 60 years because she was suffering terribly from cancer' and 'I killed that stranger for the lulz'.

Bradley Manning had GITMO-like treatment

[peter303]

for many months while waiting for trail. And most of the people at GITMO havent had a trial yet in ten years.

Re:Those fiends!

[FhnuZoag]

Stealing customer personal details is still theft, because personal details have value.

Acts of war

[malacandrian]

Does thid mean we have a UK citizen confirmed as having commited acts of war against the United States and her allies? ... If you need me I'll be out back digging my bomb shelter.

Re:The PCeU was assisted by the FBI

[jonbryce]

It's worth bearing in mind that while Slashdot doesn't filter naughty words, people might be browsing this site from places that have their own filtering.