Anti-Malware , Breach Response , Cybersecurity

UK Police Arrest 57 Alleged Hackers

U.S. Defense Dept. and Yahoo Hack Suspects Apprehended
UK Police Arrest 57 Alleged Hackers

British police announced that over the course of this week, they launched more than a dozen cybercrime raids, which included the arrest of a man who's been accused of launching a June 15, 2014, hack attack that penetrated a U.S. Department of Defense network.

See Also: Detecting Insider Threats Through Machine Learning

The man, age 23 - who has not been named by police - was arrested in Sutton Coldfield, England, on March 4 by officers from the National Cyber Crime Unit, which is part of Britain's National Crime Agency, according to an NCA statement.

The arrest was made as part of a cybercrime-targeting "strike week" launched by NCA officers - together with police from England, Scotland and Wales, as well as London's Metropolitan Police Service. The effort comprised 25 raids and resulted in 57 arrests. The raids were launched in coordination with the U.S. Federal Bureau of Investigation as well as the U.S. Defense Department's Defense Criminal Investigation Service. Officials say the suspects have been charged with a number of crimes, ranging from phishing and malware development to "cyber-enabled" fraud and launching distributed denial-of-service attacks. The raids also resulted in the arrest of a man who's been charged with hacking Yahoo in 2012, as well as a suspected member of the notorious Lizard Squad group, the BBC reports.

"We will continue to work with partners to pursue and disrupt the major crime groups targeting the U.K., but also, crucially, to make the U.K. as difficult as possible a target for cybercriminals in the first place," says Andy Archibald, deputy director of the NCA's National Cyber Crime Unit.

DoD Hack

In the case of the alleged DoD hacker, British officials say the related network intrusion "obtained data used as part of an international satellite message dissemination system - Enhanced Mobile Satellite Services - used by the U.S. Department of Defense to communicate with employees via email or phone around the world."

The resulting data breach exposed 800 individuals' "non-confidential contact information," the NCA says, including their names, titles, email addresses and phone numbers, as well as the international mobile equipment identity numbers for 34,400 government-issued mobile devices. These unique IMEI numbers are used by service providers to track any device that uses its network.

But the NCA says none of the breached data was classified. "No sensitive data was obtained, and none of the data obtained could be used as personally identifiable information or compromise U.S. national security interests," it says.

Authorities say that after successfully gaining access to the DoD network, the alleged attackers then posted the following message to text-sharing site Pastebin:

"We smite the Lizards, LizardSquad your time is near. We're in your bases, we control your satellites. The missiles shall rein upon thy who claim alliance, watch your heads, ** T-47:59:59 until lift off. We're one, we're many, we lurk in the dark,we're everywhere and anywhere. Live Free Die Hard! DoD, DISA EMSS : Enhanced Mobile Satellite Services is not all, Department of Defense has no Defenses."

"This arrest underscores DCIS' commitment and the joint ongoing efforts among international law enforcement to stop cybercriminals in their tracks," says Jeffrey Thorpe, special agent in charge at the Defense Criminal Investigative Service.

Arrested: Yahoo Hacking Suspect

As part of the raids, a 21-year-old man was arrested in London on suspicion of being a member of the D33Ds hacking group, police report. That group claimed credit for a 2012 attack against Yahoo that resulted in the theft of more than 400,000 email addresses and passwords, which the group subsequently leaked online. Yahoo later was hit with a class-action lawsuit related to the breach.

One of the raids in London was witnessed by BBC journalist Rory Cellan-Jones. He reports that after the arrest, digital forensics investigators arrived to process a laptop and desktop that had been found at the residence, both of which were powered up, Internet-connected and unlocked at the time of the raid. "One officer was employed simply keeping her finger on the laptop's trackpad to make sure it didn't go to sleep," he reported. "Later, police cyber-specialists would spend many hours examining exactly what was on the two computers."

Arrested: Lizard Squad Suspect

The raids also resulted in the arrest of a suspected member of the Lizard Squad group, at a residence in Leeds, England. Lizard Squad, which offers a "Lizard Stresser" DDoS attack service, has claimed credit for a number of attacks and disruptions, including hacking the Lenovo website in February, the January disruption of the Malaysian Airline website, the 2014 Christmas Day disruption of the Sony PlayStation and Microsoft Xbox Live networks, as well as an August tweet that caused an American Airlines flight on which Sony president John Smedley was traveling to be diverted.

British police say they also arrested this week multiple individuals suspected of being connected to alleged DDoS attacks or services. Those included an 18-year-old man who's suspected of being the developer and administrator behind the Titanium and Avenger DDoS "stressor" services, as well as a 21-year-old man who was arrested on suspicion of launching a DDoS attack against the Police Scotland website.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network