LulzSec suspect arrested in U.K., reports say

British police arrest 19-year-old man following probe into network intrusions and attacks, and reports suggest that he could be at the top of the hacker group.

Don Reisinger
CNET contributor Don Reisinger is a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Don's work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.
Don Reisinger
4 min read

A 19-year-old U.K. man has been arrested on suspicion of hacking and online attacks, the U.K.'s Metropolitan Police announced this morning.

Last night's arrest was part of "a pre-planned intelligence-led operation" that also involved cooperation with the FBI, according to the Metropolitan Police. Following the arrest, the man was brought to a London police station where he is currently in custody for questioning.

LulzSec defaced the Web site of a consulting firm that offers a reward for hacking the site and posted this image.
LulzSec does have a playful side. Here, the group takes credit for hacking the Web site of a consulting firm--which had offered a reward for hacking the site. LulzSec

Sky News reported early on that the teenager is the mastermind behind LulzSec, a prominent hacking group that has wreaked havoc on several companies and government organizations of late. However, the Metropolitan Police's e-Crime Unit stopped short of saying whether the man in custody might be connected to LulzSec.

"The arrest follows an investigation into network intrusions and Distributed Denial of Service (DDoS) attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group," the Metropolitan Police said. "The teenager was arrested on suspicion of Computer Misuse Act, and Fraud Act offences."

For its part, LulzSec seemed bemused by the arrest, with a cheeky post to its Twitter account that it's still in operation.

"Seems the glorious leader of LulzSec got arrested," the group wrote on its Twitter account. "It all over now. Wait, we're all still here! Which poor bastard did they take down?"

Related links:
Who is behind the hacks? (FAQ)
Keeping up with the hackers (chart)
Hackers taunt Sony with more data leaks, hacks
LulzSec hackers--just having a laugh?
LulzSec, Anonymous announce hacking campaign

Determining a leader at LulzSec could be difficult, if not impossible. Like fellow hacking organization Anonymous, LulzSec appears to be a collective of individuals without a clear chain of command.

In fact, sources have told CNET that LulzSec is a spinoff from Anonymous, minus an overarching political message or moral principle. Anonymous has taken on targets ranging from the Church of Scientology to the governments of Iran and Egypt, as well PayPal, Visa, and MasterCard after those companies sought to impede payments to the controversial WikiLeaks organization.

LulzSec has been quite active in recent weeks, seemingly coming out of nowhere. Last month, the group attacked PBS, posting a fake news story that the late musical artist Tupac Shakur was still alive. It also released PBS passwords on the Web. In addition, the group has claimed responsibility for attacking several Sony Web sites, as well as Nintendo, Bethesda Software, and Infragard, a group of companies that work with the FBI in a private-public partnership.

It has also turned its attention on the U.S. government, attacking the U.S. Senate site and posting information from its servers online. Earlier this month, the organization also claimed responsibility for temporarily taking down the Central Intelligence Agency's site.

LulzSec has become increasingly confident in its abilities to attack sites whenever it wants. The group has even gone so far as to open a hotline through which followers can call and request sites be taken down. In its first day of operation, according to LulzSec, the group had 5,000 missed calls and 2,500 voice mails.

That hotline, in addition to the apparent fun LulzSec is having, make some wonder if the group is doing it for laughs. The organization's name, after all, is derived from "lulz," which in turn arises from the acronym LOL, for "laugh out loud."

In an interview with CNET earlier this month, Marc Maiffret, chief technology officer at eEye Digital Security echoed that sentiment, saying that LulzSec reminds him of a time when hacking was more about fun and games than the serious business it has become.

"We are seeing a revival of the sort of hacking we have not seen in many years," Maiffret said. "The hacking that has been taking place recently against Sony and others is a reminder that the hacker culture prior to our fixation on cybercrime and 'China is scary' is still alive and well."

However, LulzSec turned serious yesterday when it announced that it would partner with Anonymous to take on government agencies, banks, and other prominent organizations in a campaign called "AntiSec."

"Top priority is to steal and leak any classified government information, including email spools and documentation," Lulzsec said in a statement. "Prime targets are banks and other high-ranking establishments. If they try to censor our progress, we will obliterate the censor with cannonfire anointed with lizard blood."

Following last night's arrest, a search of the teenager's home in Wickford yielded "a significant amount of material," the Metropolitan Police said. However, the agency did not say whether that material is related to AntiSec or any other specific operation.

The FBI declined to comment for this story.

From CNET sister site ZDNet:
LulzSec: Is it too cocky for its own good?
Suspected LulzSec player arrested, in custody in London

Editors' note: This story was updated several times throughout the morning.