UPDATE: Lulzsec's Leader A Well-Respected Australian IT Professional -- Could Go To Prison For Over 10 Years

The Australian Federal Police has released more information on the man they're calling the "self-proclaimed leader" of Lulzsec. According to the AFP the man is a well respected IT Professional working at the local branch of an international company. The AFP believe he had access to sensitive information from multiple different clients, including government agencies.

Lulzsec was the group that claimed responsibility for hacks into multiple different game companies, including Sony, who was hacked in response to legal action taken against George 'Geohotz' Hotz.

“Those thinking of engaging in such activities should be warned that hacking, creating or propagating malicious viruses or participating in Distributed Denial of Service attacks are not harmless fun,” said Commander Glen McEwen, from Cyber Crime Operations.

“Criminal acts such as this can result in serious long-term consequences for individuals, such as criminal convictions or imprisonment.”

According to the press release, the AFP believes the man’s knowledge and skills "presented a significant risk to the clients of the company for which he was employed had he continued his illegal online activities."

The man was arrested yesterday at work in Sydney, after investigators discovered that government website had been compromised. Apparently the internal mechanisms of the website were altered and an image within the website was altered, but the AFP would provide no further details.

He has been charged on two counts of "unauthorised modification of data to cause impairment", offenses which carry a potential jail term of 10 years.

UPDATE: The AFR has revealed more information about the suspect, including his name, company and client list.


Comments

    I get why he is in trouble, and why they have to act, but did he actually do any damage to the clients he is involved in? If not how is he a threat to them if he he never acted on the info he has been privy too, presumably, for a number of years.

      The attacks cost Sony a small fortune and damaged their brand. I think it will be time well earned.

        I didn't say he didn't deserve to be caught but the "he is a threat to his clients" BS makes no sense. Unless of course Sony was his client, but it doesn't sound like it

          Would you feel comfortable having your business and livelihood in this guys hands?

            my money is with bankers - how is this any different? :)

              Because banks only have access to money. He'd have access to private emails, confidential files on their servers about business deals, upcoming products, and other business decisions, any of which he could decide to sell or post online.

                um you do know banks do more than hold your money right? for a business loan you may need to provide a business development plan - this is business deal information. or plans on how you are going to monetise a product to get capital investment. your credit card details and history they could give to marketers. a whole bunch of stuff that is just as confidential as this company stuff.

            He has managed to bring massive corps. online services to their knees yet he has had free access to your sensitive info and hasn't done anything? Yeah I'd feel he must like what you're doing, and then utilise his abilities to your advantage

              Criminal offences have nothing to do with damage actually done. They are relating to conduct so reprehensible or dangerous that it cannot be tolerated, regardless of whether the damage sought to be prevented has occurred. This is really how it should be, otherwise we couldn't see someone punished for drink driving unless they harm someone.

              If he -had- done damage to any legal person, then they would be able to seek damages likely under laws of tort to compensate them for their suffering, so as to restore them as best possible to the position they were in before the damage occurred.

              Edit: Made analogy to driving under the influence much clearer.

              Last edited 24/04/13 11:48 am

                Ah right, so we should be persecuting people for what they can do not what they have done. Sounds fair, let's lock every single human being up because we are all capable of killing.

                He should go to jail for what he has done, worsening his situation because of what he could do is complete bullshit

                  Further can you not be charged with conspiracy to murder or indeed conspiring to bomb somewhere? Even if said act has not taken place?

                  In this instance, I think you're probably right, unless he can be caught under any breach of confidence provisions (which iirc aren't usually criminal anyway; that's all tortious stuff), any criminal negligence provisions (unlikely; they're extremely serious), or other criminal measures (fraud, property damage, maybe other things?). I don't think that's very likely, given the criminal standard for evidence, but I do think he's almost certainly going to be in breach of an employment contract, potentially other contracts, and quite possibly up for tortious negligence, deceit, fraud, property damage, breach of confidence, assault or other common law offences.

                  However, in the original article, I believe the correct interpretation of the commentary about 'potential threat to clients' relates to the decision to apprehend and prosecute immediately rather than waiting and potentially racking up more charges or using the accused as a means to identify others. I would be extremely surprised (and equally interested in reading the judgement!) if the accused is sentenced in relation to the criminal matter(s) based upon 'potential threat' posed.

                  That's not what Fenixius said. People may be capable of killing but no one gets locked up until they attempt to kill someone, which is why attempted murder is just as bad as actual murder in the eyes of the law. Read the article again, it says they found evidence of a government website being compromised, presumably by him.

                  @Piat: Your missing the *intent* part. It's the same case w/ attempted murder charges. The man broke into a system w/ *intent* to cause malice/mischief. While he did not complete or follow through w/ the damages he still had the capability and intent to take it further.

                But drunk drivers aren't charged with murder, they're charged with driving under the influence.

          A few examples; a serial pedophile being allowed to work in childcare, an arsonist employed at a gas station, or a drug addict in a methadone clinic. If your behavior is compromised in one aspect of your life it is safe for outside parties to assume that lapse across all aspects of your life. Robin Hood was a thief, he gave to the poor, but I wouldn't hire him to run security at a bank. Anyway, his behaviour means that he was a threat to his clients not that he was acting in such a manner (from what we know).

      He is a threat the same way that a rogue doctor is a threat to his patients. Not only does he have access to sensitive information, he is more than likely involved in their infrastructure in some way, opening all sorts of doors (back or front) to cause any number of problems should he so desire.

      It's not really a case of whether he has acted on what he knows or has access to, it's that he has shown he has the potential to misuse his skills and knowledge. To return to the rogue doctor analogy, doctors have enough knowledge and access to medication to kill you or cause serious harm, intentionally or accidentally. Yet they are never perceived as a threat to us until they have a malpractice case raised against them.

    DSD is desperate for people. Hire him.

    I suppose if you do the crime, you do the time.

    So a well known hacker at work gets arrested in Sydney while at work by a bunch of Agents? Does this remind anyone of the first Matrix movie?

    I love how white collar crime always seems to carry a heavier penalty than regular crime.

      Except it doesn't. Look at whatever happens when a CEO departs a company they've run into the ground... golden handshake.

      Edit: Neutralised gender in my comment (ie: he -> they).

      Last edited 24/04/13 11:49 am

        Ahhh, that's a different beast entirely - we call that one "corruption".

          White collar crime which goes unpunished is still white collar crime, so I believe my commentary is still accurate ^^;

        I believe the grammatically correct gender for a hypothetical is always your own. For example, I would say, 'when a CEO departs a company he has run into the ground".

      Murder? 10 years in jail!

      Exposing security flaws in an international corporation's databases (containing sensitive user information)? 10 years in jail!

      This just in: Exposing security flaws is murder!

        10 years is the maximum possibile penalty for the crime, there is no indication that the prosecution while go for the maximum jail term.

          The court case will be held in America with the legal (and financial) support of one of the world's largest companies.

          I'm sorry to say it, but the guy probably will get 8-10 years in prison... :\

        Exposing security flaws is only incidental, what they actually did was actively harm the companies that they attacked, costing them millions.
        Your argument is like saying vandals who break into an office and set everything on fire actually did nothing but expose the weak security on the front door.

          I don't remember them actively harming Sony (apart from revealing the security flaws). Any light you could shed on this would be fine.

          As far as I remember, all Lulzsec did was post portions of the information online when Sony actively denied they had been hacked. I may be wrong though?

            Let's see, as I remember back then all these playstation owners were complaining for ages about being locked out of their online accounts, having their stuff hacked etc and Sony not being able to do anything for weeks and weeks, so yeah, I think that probably harmed them financially quite a bit.

            They're not in the same noble league as Julian Asange. Their aims were more about being dicks and having fun, hence the name

              Hmm, I get that perspective, but the way I saw it was that they were proving just how easily Sony could fall to pieces.

              It certainly made a fair few people rethink their trust of major corporations.

              I'm not saying they were revealing some massive corruption, nor are they heroes, but I do think that their actions did help in fostering a sense of care in people who were otherwise blissfully ignorant to security issues.

        So if I break into your car and steal or smash up your sh**, it is OK as long as I am actually just exposing the security flaws in your car?

          If my car stores sensitive information about thousands of people and it's out in the open, then yes.

          Also, they didn't "smash up ... shit". They merely exposed how weak Sony's security policies were. I think you may be thinking of Anonymous, who did something similar a while back.

      Keep in mind they're talking potential jail term of ten years. Obviously they're not going to go light on him but it's not a simple matter of ten years for hacking a website.

    i say lock the “self-proclaimed leader” douchebag up for ever

      Ah the joys of a jury "of your peers". And people wonder why the legal system is broken.

    He won't do ten. If a child rapist and murderer does 5 years... this should be short, more like a year in low to medium security.

    Should be treated no different than if they had broken into a physical location. Just because its online doesnt make it romantic and wild.

    10 years huh? A bit harsh - I know violent criminals who get less. I'm not disputing the fact that he was malicious and hacked things, not out of any noble purpose but just because "he could" and it was fun for him, but 10 years is a little bit on the harsh side.

    I'm not that sorry for him. Julian Assange, whether or not you think he's done harm or good (and I think he's done a little of both, but mostly good), fought for principles. He hacked and he stole information for a principled cause. I can sympathize more with Assange. But this guy, this joker, he exposed regular people's credit card information, he disrupted legitimate businesses just for the hell of it. He showed no remorse, not one shred of it, when he decided to play and stuff around with the private information of ordinary folks. He has no principles. He's just a trickster who likes to make life difficult for others so that he can feel powerful.

    While I wouldn't put him in jail for 10 years (a hell of a long time), I would put him in jail for 5 years.

    Wrong. Sony's douchebaggery with GeoHot and not securing customer data correctly cost Sony a small fortune and damaged their brand.

Join the discussion!

Trending Stories Right Now