Skip to main content

Suspected LulzSec mastermind arrested in UK

LulzSec-Arrested-UK-Ryan-Cleary

Authorities have arrested a 19-year-old in the UK who they claim is the “mastermind” of now-infamous hacker group Lulz Security, reports Sky News. The group, better known as LulzSec, has denied that anyone in their outfit has been apprehended.

The young man, known as Ryan Cleary, was taken into custody following an investigation by the Federal Bureau of Investigation and Scotland Yard launched after the hacker group claimed to have infiltrated the website of the US Central Intelligence Agency, CIA.gov. Scotland Yard’s e-Crime unit arrested Cleary Monday night at his Wickford, Essex, home on suspicion of “Computer Misuse Act, and Fraud Act offenses.” He remains detained for questioning at the central London police station.

According to LulzSec, however, they’ve got the wrong guy. At about 9:30am EST, the group posted to its popular Twitter feed that all LulzSec members have been accounted for.

“Seems the glorious leader of LulzSec got arrested, it’s all over now…” wrote LulzSec, “wait… we’re all still here! Which poor bastard did they take down?”

Confessed LulzSec member “Sabu” posted an earlier tweet saying that “all LulzSec members are safe,” and that “Ryan Clearly [sic] had little to do with lulzsec,” aside from running Internet Relay Chat site irc.lulzsec.org.

Despite LulzSec’s dismissals, a Scotland Yard spokesman told Sky that the search of Cleary’s residence has led to “the examination of a significant amount of material.”

“The arrest follows an investigation into network intrusions and distributed denial of service attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group,” the spokesman added.

Network and intrusions and distributed denial of service (DDoS)  are certainly right up LulzSec’s alley. And the group has indeed waged both kinds of cyberattacks against “international businesses and intelligence agencies.” The list of LulzSec victims includes: PBS, Sony, FBI affiliate Infragard Atlanta, Nintedo, Bethesda Software, Senate.gov, CIA.gov. Sony and some more Sony.

LulzSec even reportedly joined forces with the world’s other most-infamous hacker group, Anonymous, for a campaign dubbed “Operation Anti-Security” (or #AntiSec in Twitter speak). The aim of this operation, like most of LulzSec’s past hacks, is to pull back the veil on shoddy cybersecurity measures.

A rival hacker group, known as Web Ninjas and led by hacker Th3J35t3r (“The Jester”), has begun posting pictures and personal data of individuals they say are members of LulzSec to a website entitled “LulzSec Exposed“. They also claim LulzSec is simply an off-shoot of Anonymous, not a separate group, and their list includes a number of hackers widely believed to be part of Anonymous, including “Kayla” and self-appointed Anon spokesman Barrett Brown.

Ryan Cleary is not on Web Ninjas’ list.

Editors' Recommendations

Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
LulzSec wages war with Anonymous and 4Chan, releases 62,000 logins [update]
lulzsec-vs-anonymous

The rascally hackers of Lulz Security have unleashed pure havoc on the entire Internet today with the release of 62,000 email-password combos that serve as the login credentials for, well, we're not exactly sure — the group, better known as LulzSec, won't say explicitly. But so far Twitter users have reported hacked Gmail, PayPal, Facebook, Hotmail and Twitter accounts related to the stolen data, so it appears that nothing's safe if you're unlucky enough to have made the list.
The lulz seem to be going both ways with this one: good and nauseatingly bad. While at least one user reports having received an email chocked full of child pornography, others have gotten (un-earned) super-boosts to their World of Warcraft accounts (at the expense of someone else, of course). All-in-all, it would seem LulzSec's shenanigans are going precisely according to plan.
In addition to the leak, LulzSec has begun to take shots at an unlikely target: 4Chan.org and its infamous /b/ message board. 4Chan is famously the original home of another hacker group, Anonymous, and is the source of a wide variety of popular Internet memes, like LolCats and Rick Rolling.
According to VentureBeat, the moves against 4Chan began after LulzSec kicked-off a "DDoS party" on a variety of websites and game servers popular with gamers, including that of EVE Online, League of Legends and Minecraft, all of which faced outages or major slow-downs because of the flood of malicious traffic.
Visitors to 4Chan's /v/ imageboard, whose users focus on video games, caught wind of the attacks, and began their own DDoS campaign against anything related to LulzSec.
Today, LulzSec continued the civil war of the online underground with a series of tweets meant to provoke 4Chan visitors.
"Everybody visit this cool and edgy imageboard, they love new members!" wrote LulzSec on its 150,000-follower-strong Twitter feed, with a link to /b/. "Ask them how to triforce and how to become legion."  LulzSec followed this up with a variety of other tweets drawing attention to /b/, with suggestions for how to annoy its regular users.
It may seem odd to some that LulzSec would hit so close to Anonymous' home, seeing as they are both hacker groups that have hit similar targets. (Or, in the case of Sony, the same target.) But LulzSec has consistently denied any relation to Anonymous. And now, it seems, the two groups are at war*.
"We are the concentrated success of 2005 /b/, being ‘hunted’ by the 2011 furry horde. Challenge accepted, losers," Anonymous posted to its Twitter account.
At the beginning of this writting, 4Chan either failed to load or loaded extremely slowly, a sign that a DDoS attack was underway. By the the time of publication, the site was running smoothly.
UPDATE: *Both Anonymous and LulzSec have denied that they are at war. "Saying we're attacking Anonymous because we taunted /b/ is like saying we're going to war with America because we stomped on a cheeseburger," said LulzSec on Twitter early Friday afternoon. The Anonymous-associated Twitter feed YourAnonNews furthered that assertion, saying, "We are NOT at war with @LulzSec."

Read more
LulzSec DDoS attacks disrupt CIA and other U.S. agencies’ sites
LulzSec

Hacker group LulzSec continued their antics today with brazen attacks against U.S. agencies. The CIA website was hit this afternoon by a DDoS attack, the Detroit FBI headquarters were hit with a phone DOS and the Senate also claims the group attempted to break into their website for the second time.
“Tango down – CIA.Gov- for the lulz.” the group taunted on the LulzSec Twitter account. Immediately after the tweet and for the rest of the day the agency's website loaded slowly or not at all. CIA representatives had no real comment on the events, only that they were looking into it.There is no evidence that sensitive data had been compromised. Service to the U.S. Central Intelligence Agency site resumed a more reliable nature once LulzSec showed a little mercy.
“Goodnight twitter. The CIA anti-lizards will probably rise from the packet sea while we rest our shining -yet-saturated power field arrays,” the group tweeted, 4 hours after the attacks began.
Before the CIA site takedown, LulzSec was also redirecting their publicly available 614-LULZSEC request line to many targets' call centers, creating a DOS for the phone service. Along with the FB I in Detroit, the hackers' “phone redirect hive" hit WOW customer support and HBGary as well as the customer support for magnets.com who reportedly took in 200+ calls a minute.
Over the weekend, the U.S. Senate claimed that LulzSec managed to infiltrate their servers. The hacker group released stolen data, but Senate Deputy Sergeant-at-Arms Martina Bradford released a statement which said the data wasn't sensitive and was intended for public consumption. On Wednesday the Senate also reported that their website was attacked once again, though it is not clear if this was the work of the LulzSec.
All of this discord comes at the heels of yesterday's Titanic Takeover Tuesday where several popular MMO's were hit with DDoS attacks. LulzSec has also hit numerous high-profile sites including SONY, Nintendo, and FBI's Infragrade, showing off their muscle. Reuters says that security analysts have downplayed these attacks which are only for attention since there hasn't been any sensitive data lifted.
Jeffrey Carr, author of the book Inside Cyber Warfare: Mapping the Cyber Underworld, points out that, “All they're doing is saying 'Look how good we are'. These guys are literally in it for embarrassment, to say 'your security is crap.'”

Read more
LulzSec now taking phone requests for DDoS attacks
lulzsec-tupac-pbs

UPDATE: The CIA's website currently appears to be down and LulzSec has claimed responsibility via Twitter.
Lulz Security , better known as LulzSec, the unscrupulous hacker group whose targets have ranged from porn sites to PBS, is now taking requests over the phone. In a tweet posted yesterday, LulzSec unveiled a phone number where people could call in and leave the name of a target website. If LulzSec approved, it was suggested that the hacktivist group would then initiate a distributed denial of service (DDoS) attack to render the site inaccessible.
"Call into 614-LULZSEC and pick a target and we'll obliterate it. Nobody wants to mess with The Lulz Cannon - take aim for us, twitter," read LulzSec's tweet. The number's area code points to the Colombus, Ohio area, however, it's not at all likely that any members of LulzSec are actually based there. Throughout the day today, the group's Twitter feed has many several mentions of the hotline number, encouraging followers to call in with requests.
We called the number (but didn't leave a message, obviously) and were greeted by a voicemail message spoken by a "Pierre Dubois" in a French accent of questionable authenticity. LulzSec has claimed that it took down a total of eight websites handpicked by its followers on the first day of the hotline's existence. LulzSec also boasted that the number has received over 5,000 missed calls and taken in some 2,500 voicemail messages.
LulzSec's decision to field DDoS requests over the phone may at first seem like an open invitation to be cornered by the authorities. But, in age where anyone can establish a Google Voice number, it's also likely that a voicemail system is likely just as secure than most methods possible through the Internet. LulzSec hasn't said if the hotline will become a permanent fixture in the group's ongoing quest for "maximum lulz."

Read more