Alleged Hacker Remanded In Custody

Alleged LulzSec hacker Ryan Cleary has been remanded in custody for three days as magistrates in London granted police more time to question him on computer crime charges.

Ryan Cleary, 19, from Wickford, is charged with five offences under the Computer Misuse Act and Criminal Law Act.

The charges specifically relate to Monday’s DDoS attack against the Serious and Organised Crime Agency’s website and similar attacks on the websites of the British Phonographic Industry (BPI) and the International Federation of the Phonographic Industry (IFPI) in October and November of last year.

Vociferous hacktivists LulzSec claimed responsibility for the SOCA attack and police will reportedly also be examining a computer seized during Cleary’s arrest for data relating to Sony, which suffered a massive breach in May also claimed by LulzSec.

However, since Cleary’s arrest LulzSec has repeatedly denied that he is a member of the group, much less a leader.

LulzSec is thought to be an offshoot of hacktivist group Anonymous and the attacks on the BPI and IFPI coincide with that group’s online harassment of music and film organisation, tagged ‘Operation Payback’.

Source of embarrassment

Boasting about its exploits and taunting victims on Twitter, Lulzsec has embarrassed some of the world’s largest companies and governmental departments using relatively simple techniques.

As well as the physical disruption of the attacks, many security professionals have pointed to the equally damaging loss of face for the victims and loss of faith from the public.

“The organisations they attack now are those that we as tax payers will lose faith in,” says Ray Bryant, CEO of Idappcom.

“I feel that the supposed simplicity of these attacks is as newsworthy as the event. The attacks – exact exploit not yet known – are the basic material of final year Computer Science students and script kiddies, if we can’t protect against these type of attacks then what hope do we have against the real hackers!”

Mickey Boodaei, CEO of Trusteer, warns however that the simplicity of the attacks serves to make the matter more serious and hopes the latest headlines will be a wake-up call for complacent enterprises.

“Targeted attacks against specific enterprises is a topic that didn’t get a lot of media attention prior to this recent string of attacks. However, it has been the weakest spot of the industry for a long time,” he said.

“These are the threats which can eventually bring an enterprise to its knees. These recent attacks are the concern of not just IT departments but also of the entire executive team of the enterprise as they represent serious business threats.”

Fractious relationships

Ryan Cleary’s arrest is the first time law enforcement agencies have got their hands on an alleged member of LulzSec but Lulzec has published names and addresses of members or associates it branded as ‘snitches’, inviting the authorities to arrest them, and indeed Cleary himself was outed by Anonymous earlier this year.

It is LulzSec’s taste for the limelight that could eventually be their undoing, says Amichai Shulman, CTO of Imperva.

He said: “Law enforcement and intelligence agencies possess the technologies and capabilities that allow them to track down individuals involved in illegal cyber activities. It has been proven in many cases in the past, including the notorious Alberto Gonzales and the infamous Kevin Mitnick.

“In general the more these individual keep a high network profile the easier it will be for law enforcement authorities to track them down.”