21 Jun 2011

Claims LulzSec hackers have ‘obtained UK census’

Channel 4 News learns an international computer hacking group may have targeted the 2011 UK census, as a 19-year-old is arrested in Essex on suspicion of masterminding activity by LulzSec.

A 19-year-old, named as Ryan Cleary, has been arrested on suspicion of helping mastermind an international computer hacking ring, as Channel 4 News separately learns hackers may have targeted the 2011 UK Census.

The teenager was detained in Wickford, Essex, following a joint operation by the FBI and Scotland Yard, sources said.

LulzSec, which has previously claimed to have exposed security flaws at the CIA, Sony and NHS, is now being linked to an alleged breach of 2011 UK Census data. The census database holds details of every UK citizen who filled out the survey earlier this year.

An online posting, claiming to be from the group, says “we have blissfully obtained records of every single citizen who gave up their records to the security-illiterate UK government for the 2011 census”.

But on Twitter, LulzSec has denied targeting the census, saying “that’s not us”.

The loose structure of the group is what makes it so effective, difficult to track. Warwick Ashford

A spokesperson for the 2011 census told Channel 4 News “We are aware of the suggestion that census data has been accessed.

“We are working with our security advisers and contractors to establish whether there is any substance to this. The 2011 census places the highest priority on maintaining the security of personal data. At this stage we have no evidence to suggest that any such compromise has occurred.”

Earlier this year stolen data from security fobs was used to break into computers at US arms firm Lockheed Martin.

More from Channel 4 News: Hacked security giant offers to replace 40m key fobs

Lockheed’s data handling department coordinated the UK census after being awarded the contract by the Office for National Statistics (ONS).

LulzSec Twitter icon.

The Essex arrest follows a different alleged security breach on Monday at the Serious Organised Crime Agency (Soca) which forced the agency to take its website offline for a time.

In a statement Soca said: “Soca chose to take its website offline temporarily last night to limit the impact of the Distributed Denial of Service (DDoS) attack on other clients hosted by our service provider.

“The Soca website only contains publicly available information and does not provide access to Soca’s operational material or data.”

Warwick Ashford, who writes about cyber security at ComputerWeekly.com, told Channel 4 News: “The command and control structure of LulzSec is unknown and therefore it is not really possible to attribute any motive.

“The loose structure of the group is what makes it so effective, difficult to track, and dangerous in the sense that it allows for individuals to act on personal agendas.

“It is encouraging however, that law enforcement authorities have made some arrests of suspected Anonymous members, proving that members of these groups, although elusive, are not entirely beyond the reach of the law.”

More from Channel 4 News: 'Tens of thousands' of cyber attacks every day
LulzSec mystery graffiti.

‘Mayhem and chaos’

In the last month the Lulz group has gained notoriety on social network Twitter, with @LulzSec now boasting nearly a quarter of a million followers.

Lulz claim to be “the world’s leaders in high-quality entertainment at your expense”.

(Pictured: LulzSec “mystery” graffiti.)

Before the apparent attacks on Soca and the 2011 census, the group posted several messages about the site being targeted “in the name of #AntiSec” and said that “later we’ll unleash fire on multiple targets”.

On the Lulz Security website the anonymous hackers claim to have “caused mayhem and chaos throughout the internet”, listing apparent hacks against the FBI, the CIA and other US government departments. The group also claims responsibility for a hacking attack on the Sony PlayStation network.