Alleged LulzSec Spokesman Arrested In Scotland

Police in Britain have arrested an 18-year old man on hacking charges, alleging that he's Topiary, the Twitter-savvy spokesman for the LulzSec hacking group.

According to a statement released on Wednesday by Britain's Metropolitan Police Service, the arrested man "is believed to be linked to a continuing international investigation into the criminal activity of the so-called 'hacktivist' groups Anonymous and LulzSec, and allegedly uses the online nickname 'Topiary' which is presented as the spokesperson for the groups."

The man, who hasn't been named by authorities, was arrested at a residence in the Shetland Islands in a joint operation involving the United Kingdom's Police Central e-Crime Unit, the Scottish Crime and Drug Enforcement Agency, and the Lincolnshire Constabulary. The Shetlands, located off of the northeast coast of Scotland and comprising about 100 islands--only 16 of which are inhabited--are better known for their wildlife, rather than wild lulz.

Interestingly, all of the posts to Topiary's Twitter feed have been deleted, save one, stating: "You cannot arrest an idea." That post was made on July 22, in response to the FBI's arrest of 14 people, on July 21, on charges that they participated in Anonymous attacks.

On Wednesday, the alleged Topiary was being transported to a police station in London for questioning, and police were searching his residence. Also on Wednesday, as part of the investigation, an unnamed 17-year-old boy was being questioned--he wasn't arrested--and his residence searched by police in Lincolnshire, in eastern England.

Previous, albeit anonymous allegations, suggested Topiary might be a man based in Sweden. Given the arrest in Scotland, chat boards predictably lit up with discussions about whether British police had been duped by LulzSec into arresting the wrong person.

As part of their investigation into distributed denial of service (DDoS) attacks launched under the Anonymous and LulzSec banners, British police had previously arrested two other people. The first was Ryan Cleary, 19, who allegedly ran servers hosting LulzSec chat rooms and launched DDoS attacks against the British Phonographic Industry's website.

Cleary has been remanded in custody, and is due to appear in court late next month. Meanwhile, a 16-year-old boy, unnamed, was earlier arrested and is currently on bail, "to return in late August pending further inquiries," according to police.

LulzSec became famous for its 50-day hacking spree, in which it compromised numerous websites, including those belonging to Sony and the U.S. Senate. Then the group called it quits, urging its admirers to focus their efforts on AntiSec, a joint operation it launched with Anonymous (from which LulzSec had sprung).

Still, LulzSec has remained current. Last week, Sabu, the supposed leader of LulzSec, said via Twitter that his group had obtained a gigabyte of data from NATO, most of which it wouldn't release, as well as numerous emails relating to News International, which it was set to release. In addition, the group planted a false story on the homepage of the Sun and The Times of London newspapers--both owned by Rupert Murdoch, head of News International--saying that Murdoch had died, before redirecting website viewers to the LulzSec Twitter feed.

News International has faced heavy criticism after it emerged that Murdoch's News of the World newspaper paid private investigators to hack into the voice mail of at least several thousand people, and also paid police officials to obtain information. Those revelations have caused a scandal in Britain, and triggered a police investigation that has led to at least 10 arrests.

The scandal has seen News International executives, including Murdoch, face sharp questioning by members of the U.K. parliament, and recently led to the resignation of the head of the Metropolitan Police Service, Paul Stephenson.

Read our report on how to guard your systems from a SQL attack. Download the report now. (Free registration required.)