LulzSec Arrest Rumor Debunked

By Fahmida Y. Rashid  |  Posted 2011-06-06

The hacker group LulzSec denied that one of its members was in FBI custody hours before it released more information illegally obtained from Sony's servers.

According to a post on the Full Disclosure mailing list on June 6, a member of the hacker group who'd been behind various attacks on Sony, Nintendo, FBI-partner Websites, and had been detained by the Federal Bureau of Investigation. "We don't even know who he is," the group said in a posting on text-sharing site Pastebin and noted that no members have been arrested.

Sources at the FBI told All Things D that the agency had made no arrests.

"Nobody arrested, no significant logs leaked, website up, twitter up, Pirate Bay account up, IRC up, Lulz Boat sailing... victory for us. :D," the group posted on Twitter.

LulzSec has been busy with its assaults, including exploiting zero-day vulnerabilities, SQL injection, and defacing Websites. It also attacked the Atlanta chapter of Infraguard, a non-profit organization affiliated with the FBI that is devoted to sharing security information between the FBI and private businesses. It tried the passwords in the e-mail database against other services and discovered most were reused.

The Full Disclosure post claimed to be a chat log from LulzSec. LulzSec claimed the log file was not anyone within the organization but just someone who "hang out with us," on the Pastebin statement. Even though the information wasn't sensitive, LulzSec apparently punished the person who leaked those logs in the first place, as he "has been completely hacked inside and out," the group said.

LulzSec is perfectly within its rights to take action against someone within the organization that posts internal data. Too bad it didn't stop to consider that releasing a torrent containing usernames and passwords it pilfered from Sony Pictures is just exposing the victims to even more attacks.

Rocket Fuel