LulzSec's 'Topiary' arrested (opens in new tab)

(nakedsecurity.sophos.com)

148 pointsSubZero14y ago107 comments

107 comments

67 comments · 18 top-level

jgrahamc14y ago· 10 in thread

The other day his Twitter feed was cleaned up and a single tweet remained: http://twitter.com/#!/atopiary/status/94225773896015872 reading "You cannot arrest an idea". I guess he saw this coming.

ChuckMcM14y ago

Isn't the second half of that 'but you can torture a metaphor' ?

I get the impression reading some of the blogs that some of the arrests recently have in fact picked up people who were 'known' to other people who might very well become somewhat more cautious.

cowboyhero14y ago

Almost positive that's a direct quote toward the end of Alan Moore's V for Vendetta.

Which kinda makes me grin and roll my eyes at the same time.

civilian14y ago

I've been listening to the teaching company's audio lectures on the history of freedom, and I think the idea that "you can't kill an idea" is also represented in Socrates & Jesus-- both of their influences did not waver after death. /historynerd

nathanb14y ago

That may be so, but I suspect it's in more direct reference to the LulzSec/Anon open letter to the FBI posted at http://pastebin.com/RA15ix7S

shpxnvz14y ago

I'd guess that both were derived from Medgar Evers:

You can kill a man, but you can't kill an idea.

citricsquid14y ago

http://topsy.com/twitter/atopiary

Archive

Aloisius14y ago

You may not be able to arrest an idea, but you sure can give its owner more jail time for destroying evidence. What was he thinking?

fragsworth14y ago

I don't think anyone can claim the evidence was destroyed. All of their posts have been archived in many places.

1 more reply

bediger14y ago

Don't be silly. No one can own an idea. The very concept of "intellectual property" is false to facts.

pyre14y ago

When you're facing the possibility of having multiple governments looking to 'come down hard' on you, I doubt destruction of evidence adds much to the mix.

driverdan14y ago· 7 in thread

I'm curious what led to all the arrests. It's not that hard to hide your identity if you truly want to be anonymous.

knieveltech14y ago

Hiding your identity from casual observers: trivial. Hiding your identity from scrutiny by local law enforcement: straightforward. Hiding your identity from scrutiny by federal agents: Tricky. Hiding your identity from scrutiny by an international investigation after having pissed off several high octane intelligence agencies: impossible.

3pt1415914y ago

Not impossible. Very burdensome and lonely, but not impossible.

1 more reply

Mizza14y ago

Snitching. It really isn't that hard to remain anonymous, as you said. But if you're spending hundreds of hours working on Ops with a small team, you learn to trust them and you slip up and share personal information. When somebody slips up, the cops threaten to drop the hammer unless they give up the rest. A 17 year old kid isn't going to risk his whole life for somebody he's never even met, so he snitches.

LulzSec isn't anything new, this kind of hacking has been going on since the 80s - they've just taken a different approach with the media. And snitching is always how hacker groups fall.

This is essentially how all law enforcement investigations work, actually. Drugs, hacking, graffiti, white collar crime, whatever. Get a good snitch and you'll get the whole organization eventually.

lambersley14y ago

"Would you have sex for $5?" "No" Would you have sex for $500?" "Maybe" "Would you have sex for $5,000,000?" "Yes"

Everyone succumbs (snitches) with the right encouragement (threat)

tlear14y ago

Taking all the precautions necessary and doing it consistently while not talking/bragging about it to outside people requires a lot of discipline. Most of these guys do no really have it. It takes few rounds of arrests, trials etc for the core group of survivors to get actually paranoid smart enough.

fragsworth14y ago

I would imagine it is pretty hard to make no mistakes. He might have accidentally logged into his twitter account (or some other account known to be his) through the wrong browser, which allowed them to see his real IP address.

rajpaul14y ago

I don't think it's anything technical, just the same old tactics they use against any other criminal organization.

Catch a weak link, offer them a deal in exchange for information that leads to the conviction of someone higher up in the organization, repeat until you make it to the top.

yalue14y ago· 6 in thread

I find it hard to believe that European kids care that much about the CIA or Arizona's immigration laws. Yet many of these alleged LulzSec arrests seem to be in Europe.

xyzzyz14y ago

These are only excuses to show off their "skills". Everyone loathes script-kiddies, and they know the only way for them not to be considered script-kiddies (which they are in fact) is make everyone believe that their motivation is different than fame and feeling of power.

schrototo14y ago

I think every wannabe-hacker wants to "hack" the CIA and Arizona's racist laws have been covered extensively on comedy programs like The Daily Show which I'd imagine are popular with anti-authoritarian internet-savvy youths worldwide.

ellyagg14y ago

Of course, if it were really about their problems with "racist" immigration laws, many countries in Europe have stronger and more strictly enforced immigration policies.

nikcub14y ago

because they find the vulnerability first with a scanner and then work backwards to find the cause they are fighting for

pnathan14y ago

I'm personally a bit curious as to why it's only been European (only UK perhaps?) people.

I'd think the FBI would in on it too.

redthrowaway14y ago

They will be. This latest round of arrests by the FBI were made based on the PayPal attacks, which were ages ago. LulzSec didn't even start going until months later, and the attacks that would have really pissed off the FBI happened just recently. The FBI is big and slow, but they'll get around to it if they have any evidence of members in the US.

zgorgonola14y ago· 5 in thread

Interesting that this arrest follows just a week after a series of other arrests in USA/UK/NL regarding LulzSec and Anonymous:

http://nakedsecurity.sophos.com/2011/07/20/arrests-lulzsec-a...

Not a good time to be a hacktivist

colinplamondon14y ago

Hacktivists? These guys are breaking into private companies and stealing property. They're criminals.

pavpanchekha14y ago

Hold on, hold on, let me try to clear some things up.

A criminal is a rigidly-defined adjective meaning an entity which breaks or broke laws.

An activist is a rigidly-defined term meaning an entity which acts to further some idea and bring it to public perception.

A hacktivist isn't well-defined, but we'll assume here that it's a form of activist.

Now based on this, the Anonymous and Lulzsec hackers were hacktivists, at least according to their own statements of their intent. They also were criminals, at least according to my reading of the laws of the US. Now, what you may be looking for is whether they were ethically good --- but don't conflate lawfulness with morality, that's worked out poorly in both directions.

But of course, you acknowledge that this is a horribly simplistic view of things. Even DnD got this, after all (clearly Anon is Chaotic, and whether it's Neutral or Good depends on whom you talk to).

So perhaps you might say "I don't believe Anon's actions were for the good", or even "weren't well-intentioned", but please recognize that passing judgement beyond noting the factual statement that they are criminals, is a personal judgement. Not that personal opinions shouldn't be argued, defended, and spread --- just that they should not be conflated with fact.

2 more replies

pvarangot14y ago

  > They're criminals.

So was Martin Luther King.

The civil rights movement has been historically full of criminals. Lets question the legitimacy of all their claims!

1 more reply

ThomPete14y ago

You say that as if it's some sort of objective truth.

It's not. It's much more complicated than that.

ryusage14y ago

Activists tend to break laws, no?

2 more replies

chippy14y ago· 4 in thread

I am very curious as to the methods of how they caught him. Anyone care to guess, or know?

dlss14y ago

Well, since no one else is wading in here's what look like the usual suspects to me:

- obvious digital connection (forgot to use tor / ipredator / hacked vpn)

- timing attacks (keeping normal waking hours for his home country, using a vpn instead of tor)

- word frequency attacks (since he wrote a lot of press releases, his word choices may have been cross correlated with a personal blog)

- bragging to a friend

- getting flagged after showing up at a political/high-suspicion meet up (which might be enough to allow for a timing attack)

- voice analysis from interviews he did w/o a voice transformer being matched to other audio

- opsec blunders (loose lips when talking to press / on IRC / wherever anon talks)

Anyone else have any guesses?

nikcub14y ago

if I were tasked with catching these guys, I would:

* setup numerous honeypot open proxies and tor gateways

* work with journalists to have all emails and communications forwarded

* isolate ddos clients and reverse-engineer command and control. surprisingly many of these trojans are poorly written and have security holes themselves

* setup numerous fake twitter profiles and provoking them into responses - things like posting images, replying, etc.

* setup fake hacker groups. stage defacements etc. in order to get in touch with them

* I would write a system that tracks and stores every bit of communication they make and plot out their social communication graphs and when they are talking, who to, etc.

* ask ISP's or proxy providers to grep for traffic patterns.

* get user-agent info from twitter, or provoke them into visiting a link, and possibly load malware. no browser is really safe in a targetted attack

* word/speech tracing. this is why 1337 5p34k was invented, so you can not be traced via your vocab/grammar/spelling/phrases etc. it doesn't take a large sample to start narrowing it down

probably more - haven't really thought about it, but when i did see that they started using twitter I gave them 3-4 months, tops.

4 more replies

AndyJPartridge14y ago

It is very likely he was informed on. (Grassed / Snitched)

One of the better broadsheet newspapers here in the UK had an article on Lulzsec/Anonymous, and one of the best comments they made was:

"Hackers fear other hackers more than law enforcement."

In this community it seems there is no honour amongst thieves. I very much suspect they grabbed a bunch of people around the world who were less talented at hiding themselves, and one of them knew enough to plea bargain in return for information.

pvarangot14y ago

If I were to guess it was the same methods they used to "catch" Manning. From my narrow (but not inexistant) knowledge of hacktivism arrests, it always reduces to someone feeling lonely/overtrusting someone on IRC/Jabber.

_delirium14y ago· 3 in thread

Excellent. This means the problem is solved and we don't have to secure any of our systems, because he was a one-in-a-billion case that nobody could replicate. (Surely nobody is currently doing the same things with less fanfare.)

commandar14y ago

So we shouldn't arrest people when they commit a crime because others are committing the same crime? Or because they're doing it in a high-profile manner?

I'm not sure what your point is here.

electromagnetic14y ago

> It is dangerous to be right in matters on which the established authorities are wrong. ~Voltaire

Our governments have no comprehension or understanding of the prospects or implications that the internet has on modern civilization. When an individual can take down an organizations method of operation (mastercard/visa/paypal), it isn't the individuals fault (regardless of their actions) it is the organizations fault.

You don't blame someone for stealing from a bank when they pile gold bullion in the entrance without a guard in sight. You blame the bank because that's fucking stupid.

Being able to dDOS mastercard isn't the individuals fault, it's mastercards. I've never heard of someone dDOSing Google, why? Because Google only makes money when people access it and their system can support insane amounts of instantaneous traffic. It's a simple fact that sooner or later mastercard/visa would have been taken down by a normal traffic spike.

Is it the users fault when mastercard gets dDOS'd by a few million people placing midnight orders on Black Friday?

Seriously, look at the world rationally. If I can spend $5 on a padlock, it's my fault when someone steals my $500 BBQ from my back yard. Someone committed a crime, yes, but I'm going to be buying a padlock like I should have in the first place.

Why didn't mastercard/visa/paypal/sony/sony/sony/(sony x 27 fucking times) front the goddamn cash so they wouldn't lose hundreds of thousands.

1 more reply

18pfsmt14y ago

I think his point is that by doing this we are simply treating the symptom (breach in security), and not the cause (unsound security measures). It appears to me as "security theater" in every sense that I understand the phrase.

1 more reply

dmbass14y ago· 3 in thread

So the A-Team dox were a bunch of rubbish? (or perhaps that was already confirmed and I missed it).

http://pastebin.com/iVujX4TR

pyre14y ago

If this report is right, then those d0x were BS:

  ###########################################################################
  ###########################################################################
  ooooooooooooo                       o8o                                
  8'   888   `8                       `"'                                
       888       .ooooo.  oo.ooooo.  oooo   .oooo.   oooo d8b oooo    ooo
       888      d88' `88b  888' `88b `888  `P  )88b  `888""8P  `88.  .8'  
       888      888   888  888   888  888   .oP"888   888       `88..8'  
       888      888   888  888   888  888  d8(  888   888        `888'    
      o888o     `Y8bod8P'  888bod8P' o888o `Y888""8o d888b        .8'    
                           888                                .o..P'      
                          o888o                               `Y8P'      
 
  ###########################################################################
  ###########################################################################

    Now we have Topiary.  Probably the lamest one of the bunch.  He doesn't
    actually do anything except give interviews.  There are plenty of logs of
    him all over the internet being a complete idiot.  His "d0x" are all over
    the internet also.  He tries to deny it but there are logs of him bitching
    about being d0x'ed int he #hq logs that Laurelai leaked.
 
    Name: Daniel Ackerman Sandberg
    Location: Sweden

mdisraeli14y ago

It's not unreasonable to suspect that a user in the Shetlands Isles might have had a POP in Sweden, or use of a connection in Sweden to host a remote box with a better connection than available to them normally.

1 more reply

lwat14y ago

Yea that was Aaron Barr's attempt at 'exposing' anonymous after losing his job in disgrace.

JacobIrwin14y ago· 3 in thread

The top minds behind Lulzsec are worth more to federal authorities ALIVE - when (or if) they are caught. By alive, I mean: not in a prison cell.

Frank Abagnale Jr. comes to mind.

tmp4352214y ago

No they're not that good, if the arrests are correct then they're actually pretty bad. For the little value that they are worth, they're worth far more as an example to be made for others.

Tsagadai14y ago

Actually, arresting them is next to worthless. Does the oodles of cash spent each year pursuing, prosecuting, jailing, fining, policing and enforcing vandalism cases result in decreased vandalism? Boredom is a social problem, no amount of enforcement will reduce bored kids desire to break stuff. If anything, drawing attention to Anonymous only attracts more people to it.

srl14y ago

I doubt it.

The people who are worth catching for the sake of their minds ... don't get caught. At least not nearly as easily as this group.

alanfalcon14y ago· 2 in thread

Every time I read a story like this, I picture the opening sequence from "Hackers". I wonder if that isn't one of the most realistic portrayals (of anything) in that movie?

Hominem14y ago

I was busted in much the same way in the early 90s in NYC.

Yes, it was the only realistic part of the movie. It is a bit frightening to be woken up by a man pointing a shotgun in your face when you are 13.

IIRC, there was a well known NYC hacker who was getting ready for school, and was in the shower, when the SS burst in and the scene was loosely based on him.

alexgartrell14y ago

Any way we could get you to share more of your story?

1 more reply

koenigdavidmj14y ago· 2 in thread

Article does not say why they think that he is Topiary.

nikcub14y ago

the newspaper hacked his phone

gcb14y ago

if he was arrested, somebody probably gave a reason good enough for a judge (keyword is probably...i know nothing of UK law)

sausagefeet14y ago· 2 in thread

For computer crime do they have to be able to draw a direct line from the act to the person's computer? Also, does a persons computer legally mean they committed the crime? What I'm getting at is, could a group like LulzSec guarantee lighter sentences for themselves if a line could be drawn from the crime to the group but you couldn't determine who actually hit the keyboard?

starwed14y ago

In the US, they could be charged with "Conspiracy to commit <crime>".

>One important feature of a conspiracy charge is that it relieves prosecutors of the need to prove the particular roles of conspirators. If two persons plot to kill another (and this can be proven), and the victim is indeed killed as a result of the actions of either conspirator, it is not necessary to prove with specificity which of the conspirators actually pulled the trigger.[1]

I'd assume English law has something equivalent -- it's a really old problem, and involving computers won't change the principles involved.

[1] http://en.wikipedia.org/wiki/Conspiracy_%28crime%29#Conspira...

_delirium14y ago

Given the close proximity of this case to the News Corp phone-hacking case, any bets on whether similar conspiracy-to-hack charges will be brought against all the people who were involved in that one? Not putting large odds on it; I'd bet that if anybody goes to jail for it, it'll only be a person or two who can be shown to have actually personally done the break-in.

r0s14y ago· 1 in thread

It always grates on my nerves when someone that young, seventeen, is referred to as a "man".

I suppose teenagers enjoy more freedom in Europe, maybe it's more appropriate there.

adw14y ago

Scots law: age of consent (and age you can enlist) is 16, drivers license is 17, drinking and voting is 18. And this is Scotland, so the age of criminal responsibility is 12. (Until recently, it was eight: http://news.bbc.co.uk/1/hi/scotland/7916561.stm).

cwiese9514y ago· 1 in thread

I found it interesting how he deleted all of his twitter updates with the exception of "You cannot arrest an idea"

chuchurocka14y ago

I think that at least a few other people have access to the account. To bad there isn't an api to see when the tweets were deleted.

ipsin14y ago

According to:

http://www.guardian.co.uk/technology/2011/jul/27/lulzsec-hac...

The source is the Metropolitan Police Service of London, a.k.a. Scotland Yard.

grahammather14y ago

I'm on the edge of my seat following all this AntiSec/AntiAntiSec drama: The original AntiAntiSec crusader: http://th3j35t3r.wordpress.com has picked up some helpers: http://lulzsecexposed.blogspot.com/

jared31414y ago

They always shoot the messenger.

mckoss14y ago

http://www.quip-art.com/3RP

Volscio14y ago

I was surprised there was someone in the Shetland Islands?

j / k navigate · click thread line to collapse

107 comments

67 comments · 18 top-level

jgrahamc14y ago· 10 in thread

The other day his Twitter feed was cleaned up and a single tweet remained: http://twitter.com/#!/atopiary/status/94225773896015872 reading "You cannot arrest an idea". I guess he saw this coming.

ChuckMcM14y ago

Isn't the second half of that 'but you can torture a metaphor' ?

I get the impression reading some of the blogs that some of the arrests recently have in fact picked up people who were 'known' to other people who might very well become somewhat more cautious.

cowboyhero14y ago

Almost positive that's a direct quote toward the end of Alan Moore's V for Vendetta.

Which kinda makes me grin and roll my eyes at the same time.

civilian14y ago

nathanb14y ago

That may be so, but I suspect it's in more direct reference to the LulzSec/Anon open letter to the FBI posted at http://pastebin.com/RA15ix7S

shpxnvz14y ago

I'd guess that both were derived from Medgar Evers:

You can kill a man, but you can't kill an idea.

citricsquid14y ago

http://topsy.com/twitter/atopiary

Archive

Aloisius14y ago

You may not be able to arrest an idea, but you sure can give its owner more jail time for destroying evidence. What was he thinking?

fragsworth14y ago

I don't think anyone can claim the evidence was destroyed. All of their posts have been archived in many places.

1 more reply

bediger14y ago

Don't be silly. No one can own an idea. The very concept of "intellectual property" is false to facts.

pyre14y ago

When you're facing the possibility of having multiple governments looking to 'come down hard' on you, I doubt destruction of evidence adds much to the mix.

driverdan14y ago· 7 in thread

I'm curious what led to all the arrests. It's not that hard to hide your identity if you truly want to be anonymous.

knieveltech14y ago

3pt1415914y ago

Not impossible. Very burdensome and lonely, but not impossible.

1 more reply

Mizza14y ago

LulzSec isn't anything new, this kind of hacking has been going on since the 80s - they've just taken a different approach with the media. And snitching is always how hacker groups fall.

This is essentially how all law enforcement investigations work, actually. Drugs, hacking, graffiti, white collar crime, whatever. Get a good snitch and you'll get the whole organization eventually.

lambersley14y ago

"Would you have sex for $5?" "No" Would you have sex for $500?" "Maybe" "Would you have sex for $5,000,000?" "Yes"

Everyone succumbs (snitches) with the right encouragement (threat)

tlear14y ago

fragsworth14y ago

rajpaul14y ago

I don't think it's anything technical, just the same old tactics they use against any other criminal organization.

Catch a weak link, offer them a deal in exchange for information that leads to the conviction of someone higher up in the organization, repeat until you make it to the top.

yalue14y ago· 6 in thread

I find it hard to believe that European kids care that much about the CIA or Arizona's immigration laws. Yet many of these alleged LulzSec arrests seem to be in Europe.

xyzzyz14y ago

schrototo14y ago

ellyagg14y ago

Of course, if it were really about their problems with "racist" immigration laws, many countries in Europe have stronger and more strictly enforced immigration policies.

nikcub14y ago

because they find the vulnerability first with a scanner and then work backwards to find the cause they are fighting for

pnathan14y ago

I'm personally a bit curious as to why it's only been European (only UK perhaps?) people.

I'd think the FBI would in on it too.

redthrowaway14y ago

zgorgonola14y ago· 5 in thread

Interesting that this arrest follows just a week after a series of other arrests in USA/UK/NL regarding LulzSec and Anonymous:

http://nakedsecurity.sophos.com/2011/07/20/arrests-lulzsec-a...

Not a good time to be a hacktivist

colinplamondon14y ago

Hacktivists? These guys are breaking into private companies and stealing property. They're criminals.

pavpanchekha14y ago

Hold on, hold on, let me try to clear some things up.

A criminal is a rigidly-defined adjective meaning an entity which breaks or broke laws.

An activist is a rigidly-defined term meaning an entity which acts to further some idea and bring it to public perception.

A hacktivist isn't well-defined, but we'll assume here that it's a form of activist.

But of course, you acknowledge that this is a horribly simplistic view of things. Even DnD got this, after all (clearly Anon is Chaotic, and whether it's Neutral or Good depends on whom you talk to).

2 more replies

pvarangot14y ago

  > They're criminals.