Investigators in Australia have arrested the self-proclaimed leader of LulzSec, the hacker group and Anonymous offshoot that previously claimed responsibility for a slew of major hacks in 2011 including attacks on Sony Pictures, the UK tabloid The Sun, and the CIA's public website. All "just for the Lulz" — laughs, that is — of it.
On Tuesday night, police in Sydney took into custody Matt Flannery, a 24-year-old Australian IT professional who goes by the online moniker Aush0k. The alleged hacker faces up to 12 years behind bars for two counts of unauthorized modification of data to cause impairment and one count of unauthorized access to a restricted computer system.
Australian Federal Police say their investigation began only two weeks ago when they discovered a government website had been compromised. Police apparently made the connection between Flannery and the recently targeted website because the multinational Tenable Network Security, where Flannery was allegedly employed, had access to specific Australian government information (a quick search on Google revealed a LinkedIn profile of Flannery claiming employment there).
However, representatives from Tenable contacted ReadWrite and informed us that Flannery was instead employed by Content Security, a security firm that subcontracted for Tenable. Still, it could explain just how he had access to such sensitive material. Tenable's Nessus software is used by clients such as the U.S. Department of Defense, Amazon and the American Red Cross for checking network security vulnerabilities. And determining weaknesses in networks is exactly what allowed LulzSec and similar hackers to pick their targets.
Following the arrest, Content Security's Phil Kurth described Flannery as a low-level support tech already on 3 month probation, although the reason behind the suspension, and any tie-into these charges, was not specified. Kurth further pointed out that Flannery had no access to any type of customer data apart from support tickets, and that most of the activities Flannery was accused of were conducted on his home PC, and seldom on his work-issued laptop.
Flannery's work computer has been seized by police.
Authorities claim Flannery asserted his LulzSec leadership in online forums monitored by police and visited by LulzSec members. They also claim Flannery admitted his leading role in the group directly to police. Some discussions in the hacker material stored at the online locker Pastebin also seems to support authorities' claims.
"This man is known to international law enforcement and police will allege he was in a position of trust within the company with access to information from clients including government agencies," explained Glen McEwen, the AFP's federal police commander.
Flannery isn't the first alleged member of LulzSec to face the wraith of law enforcement. Another reputed leader, Sabu, aka Hector Xavier Monsegur, turned states evidence and became an FBI informant after his 2011 arrest. Sabu may have been the hacker who ratted out former Reuters social media editor Matthew Keys, who was indicted for his role in the Anonymous infiltration of the Los Angeles Times website. Just 2 weeks ago, another former LulzSec member, Ryan Ackroyd, pleaded guilty to several cyberattacks in the UK. The 26 year-old Ackroyd faces sentencing next month.
Flannery has already been released on bail, and now faces a May 15 court date.
Photo courtesy of Twitter