The Federal Bureau of Investigation disclosed on Sept. 22 that it made arrests in San Francisco and Phoenix of two alleged members of Anonymous and LulzSec.
The LulzSec suspect, Cody “recursion” Kretsinger, of Tempe, Ariz., was charged with conspiracy and the unauthorized impairment of a protected computer, according to an unsealed federal indictment. Kretsinger is accused of taking part in a SQL injection attack against Sony earlier this summer. If convicted, he faces up to 15 years in prison, according to a statement from the FBI.
The Anonymous suspect, who the FBI has not yet named, lives in San Francisco and has been charged with attacking Santa Cruz County government Websites, FBI officials told Fox News. The suspected member is apparently homeless, according to the report. It’s likely that the suspect relied on cheap or free Internet services at coffee houses, cafes and libraries, Graham Cluley, senior technology consultant at Sophos, wrote on the Naked Security blog.
“#Fauxnews reported that the 8th @LulzSec member was arrested. Finally reached count of -1. Now, how do you arrest negative numbers?” Anonymous posted on the AnonymousIRC’s Twitter account. It’s been long believed that LulzSec consisted of seven members.
More warrants are currently being executed in New Jersey, Minnesota and Montana, according to Fox News.
LulzSec is often considered a splinter group from the collective Anonymous, a loose collection of cyber-savvy individuals who band together claiming to fight for Internet freedoms. Anonymous has defaced and shut down Websites belonging to the music industry, companies that severed ties with WikiLeaks and various government agencies. LulzSec burst onto the scene in May and attacked a wide range of sites for “lulz” or for laughs and entertainment. While the group officially disbanded in June, many of them remained active in later Anonymous operations.
The FBI and international law-enforcement agencies have been investigating the attacks and making arrests for the past few months. In July, 16 alleged Anonymous members were arrested in the United States and the United Kingdom. Since then, two other individuals have been arrested, who are thought to have shared the online name “Kayla” and were among the founders of LulzSec.
“They brought too much attention to themselves and you could expect law enforcement to find them,” Rob Rachwald, directory of strategy at Imperva, wrote on the company blog. They were “extremely unfocused” and bragged a little too much, disclosing a lot of information about their activities, which “left an electronic trail with enough footprints,” Rachwald added.
Attackers often used SQL injection in their attacks. Imperva said in a recent report that SQL injection has been responsible for 83 percent of data breaches that were the result of hacking. On average, Web applications suffered 71 SQL injection attempts an hour since July, the Imperva report found. Attackers increasingly bypass simple defenses with new attack variants and often use automated tools to launch their attacks, Imperva found.
LulzSec, made SQL injection “a key part of their arsenal,” the report’s authors wrote.
According to the indictment, Kretsinger allegedly used a proxy server to mask his IP address and erased the hard drives used to carry out the Sony attack to avoid getting caught. Approximately 150,000 confidential records were stolen and posted on the LulzSec Website before being publicized on Twitter in that attack, which was launched to criticize the Japanese entertainment giant’s weak security.
As for the San Francisco suspect, using Internet systems in public places may have made it harder for authorities to track down who was launching the attack because the device is shared, Cluley said. However, many of these places also have cameras that authorities can use to gather evidence on who was using the computer at the time of the attack, he noted.