Media Release: AFP arrests first ‘Lulzsec’ hacker

Release Date: Wednesday, April 24 2013, 10:30 AM

The Australian Federal Police (AFP) has charged a 24-year-old Point Clare man with hacking offences after he allegedly attacked and defaced a government website earlier this month.

The man is a self-proclaimed leader of the group ‘Lulz Security’ (Lulzsec), a computer hacking group that has existed since 2011.

The man is the first member of the group to be charged by the AFP.

The investigation began earlier this month when AFP Cyber Crime Operations investigators found a compromise to a government website.

The 24-year-old is an IT professional employed in the industry.

Police will allege the man was in a position of trust within the company, with access to sensitive information from clients including government agencies.

The AFP believes the man’s knowledge and skills presented a significant risk to the clients of the company for which he was employed had he continued his illegal online activities.

Manager Cyber Crime Operations Commander Glen McEwen said the impairment or disruption of communications to or from computer networks can have serious consequences.

“Those thinking of engaging in such activities should be warned that hacking, creating or propagating malicious viruses or participating in Distributed Denial of Service attacks are not harmless fun,” Commander McEwen said.

“Criminal acts such as this can result in serious long-term consequences for individuals, such as criminal convictions or imprisonment.”

The man was bailed to appear in Woy Woy Local Court on 15 May 2013 and has been charged with the following offences:

  • Two counts of unauthorised modification of data to cause impairment, contrary to section 477.2 of the Criminal Code Act 1995; and
  • One count of unauthorised access to, or modification of, restricted data, contrary to section 478.1 of the Criminal Code Act 1995.

The maximum penalty for these offences is ten and two years respectively.

The AFP advises businesses involved in IT to:

  • Provide employee awareness and education programs
  • Monitor content going into and out of networks
  • Implement acceptable use policies for wireless technology, information technology and mobile devices
  • Complete background checks on staff
  • Conduct mandatory reporting of misuse and abuse of computer equipment
  • Complete a set of written standard operating procedures for technology
  • Manage account and password policies

Organisations should also be aware of Defence Signals Directorate’s top four mitigation strategies to protect their ICT systems. These include:

  • Application whitelisting - A technical measure which only allows specifically authorised applications to run on a system. This helps prevent malicious software and unauthorised applications running.
  • Patching systems - A small piece of software designed to fix problems or update a computer program.
  • Restricting administrative privileges - Minimising administrative privileges makes it more difficult for the adversary to spread or hide their existence on a system.
  • Using the latest versions of operating systems.

Further information is available from: http://www.dsd.gov.au/publications/csocprotect/top_4_mitigations.htm

 

Media enquiries:
AFP National Media (02) 6131 6333