AFP arrests LulzSec leader in NSW

The Australian Federal Police has arrested a 24-year-old man who claims to be the leader of LulzSec.

Michelle Starr
Michelle Starr Science editor
Michelle Starr is CNET's science editor, and she hopes to get you as enthralled with the wonders of the universe as she is. When she's not daydreaming about flying through space, she's daydreaming about bats.
2 min read

The Australian Federal Police (AFP) has arrested a 24-year-old man who claims to be the leader of LulzSec.

(Credit: LulzSec)

The AFP arrested a 24-year-old man yesterday at Point Clare on the NSW Central Coast, the self-proclaimed leader of hacking group LulzSec, the ABC has reported. The AFP began investigating the man earlier this month after AFP investigators discovered an Australian government website compromised.

The arrest follows hard on the heels of Cody "recursion" Kretzinger pleading guilty and being sentenced to a year and a day in US federal prison for hacking charges against Sony Pictures, and Ryan Ackroyd, Jake Davis and Mustafa al-Bassam pleading guilty in the British court for attacks against various media, entertainment and governmental websites.

LulzSec — which claimed responsibility for several high-profile hacking attacks, including the CIA website and an attack on Sony Pictures in 2011 that compromised user account information — has been the target of a concerted international police investigation.

Founder Sabu has been cooperating with the FBI for over a year to bring down the other high-profile members of the group. To date, members Sabu, Topiary, Kayla, Tflow, Avunit, Pwnsauce, Palladium and Anarchos have been arrested.

The man, who is the first member of LulzSec to have been arrested by the AFP and an employed member of the professional IT industry, has been charged with two counts of unauthorised modification of data to cause impairment, contrary to Section 477.2 of the Criminal Code Act 1995, and one count of unauthorised access to, or modification of, restricted data, contrary to Section 478.1 of the same legislation. These charges carry maximum sentences of 10 years and two years, respectively.

The AFP believes the man's skills constituted a significant risk to his employer's clients.

"Those thinking of engaging in such activities should be warned that hacking, creating or propagating malicious viruses or participating in distributed denial-of-service attacks are not harmless fun," said manager of the Cyber Crime Operations, commander Glen McEwen. "Criminal acts such as this can result in serious long-term consequences for individuals, such as criminal convictions or imprisonment."

The man has been granted bail, and is due to appear before Woy Woy Local Court on 15 May 2013.

Updated at 10.59am, 24 April 2013: added details of charges and bail, statement by McEwen and arrest information of fellow LulzSec members.