According to Scotland Yard, someone associated with the Lulz Security group of hackers has been arrested. Nineteen year old Ryan Cleary of Essex was arrested by the Metropolitan Police Central e-Crime Unit (PCeU), who were working in conjunction with the Federal Bureau of Investigations, and was described as potentially being a “mastermind” of the secretive hacking group. The arrest comes following a series of data breaches against various companies, ranging from video game companies to the United States Senate. Mr. Cleary is being held under the Computer Misuse Act and Fraud Act
The arrest also comes following a Pastebin announcing a breach of the UK’s census data, which it is saying is being kept “under lock and key” for the time being. However, LulzSec has denied this via their Twitter feed. Furthermore, the Pastebin’s ASCII text seems to have been sloppily cut and pasted from an earlier one by the group, as the bottom still contains links to the Bethesda and Senate.gov information.
LulzSec has also denied that Ryan Cleary was a part of the group, stating that he just ran a few IRC channels. While one of the IRC channels that LulzSec used is down, others – including the one at 2600 – are indeed active as of this writing. If this is true – and it appears to be the case – than this would throw a wrench into Scotland Yard’s implication that Mr. Cleary is a “major player” in the group. He has also run IRC servers for AnonOps, before that group’s takeover by a splinter cell.
The group continues to operate despite the arrest. Last night, they claimed to be taking information from certain organizations as part of their “#AntiSec” campaign to take down government and “white hat” security organizations. They also just posted the personal information of two people accused of leaking IRC logs.
Check here for our relevant coverage of Lulz Security.
EDIT: Scotland Yard has confirmed to UK-based Develop that the arrest was in relation to an attack on the Serious Organized Crime Agency’s (SOCA) website, and that they were investigating his computers for information relating to the Sony leak. LulzSec claimed responsibility for the SOCA hack yesterday.
EDIT 2 @ 0720 EST, 6/22/11 – It seems that Mr. Cleary was a victim of the AnonOps hack. His information was leaked in a Pastebin post back in May, when the AnonOps drama was occuring. The Twitter account for @anonymouSABU, believed by many to be the “leader” of LulzSec, stated that it was “m_nerva” who “narced” Mr. Cleary’s documents. Seemingly in retaliation, LulzSec released information regarding this user and another user “hann”. m_nerva, who’s real name is reportedly Marshal Webb of Hamilton OH, was called out in the group’s official Twitter channel.
Analysis: To me, the story isn’t so much that a “mentally disturbed” (according to Sky) 19 year old IRC admin was arrested. To me, the importance here revolves around two things:
1) I am appalled at the press’s coverage of this story. Most places are echoing the type of coverage that came out of Information Week, which reported this kid to be some kind of criminal computer mastermind. Don’t you guys do any kind of fact checking? Or is everything coming out of Scotland Yard sacrosanct? Or is it just a case of the people doing the reporting having no freaking idea of how any of this works? “Hey Tim, I’ve got a big story on Luls Seck or something like that! I’m moving up from reporting about dog shows! I’ll have that 11PM anchor chair yet!” Basically, a few mainstream places got it completely wrong, and a large percentage of games press just fell in lockstep. If you reported this kid as a “mastermind” without following up with the right facts, shame on you, and you should return your revenue from your false information. It’ll be a cold day in hell before that happens, but that’s never stopped a lot of you from completely screwing the pooch on a major story before.
2) I have a strong feeling that Scotland Yard and the FBI know that this kid is really not a major player. The whole point of this arrest, if all he does is maintain an IRC server, is discovery. They arrested him because he was an easy target – it’s easy to see who maintains an IRC server – and because they want as much information as they can get from these groups. Just arresting the guy who runs the server could potentially chill others from being involved in any way, shape or form with groups like this, but most importantly, it’s a better way of getting inside information, and potentially incriminating information, than just getting a search warrant. Scotland Yard is likely hoping that this leads to bigger arrests.
I’m unfamiliar with UK law in this case, so I’m unsure if just running an IRC server is grounds to penalize someone with jail time. However, I think that is not the ultimate goal of this particular arrest.