The arrests of five members of the hacker group LulzSec are unlikely to land a lasting blow for authorities in the “constantly moving battle” with politically motivated online collectives, experts say.
Police overnight charged two men in Britain, two in Ireland, and one in Chicago with hacking-related offenses. They also revealed that the alleged LulzSec leader, known as “Sabu” and now identified as 28-year-old Hector Xavier Monsegur, pled guilty last August to computer hacking conspiracies and other crimes.
Monsegur allegedly became a cooperating witness for police after his arrest in June, according to unconfirmed reports.
LulzSec is believed to be an offshoot of hactivist collective Anonymous and has reportedly left a billion-dollar trail of damage through governments and corporations.
The group surfaced in May last year and disbanded less than two months later, but not before launching attacks against the websites of Fox Broadcasting and Sony Pictures Entertainment, among others. It also claimed responsibility for taking the CIA website offline. In June it released 62,000 email addresses and passwords, including some that came from AusAid, Victorian Government departments and local councils in Victoria and New South Wales.
One of the arrested men, Jeremy Hammond from Chicago, is thought to have been the main person responsible for the massive December attack on US security company Stratfor, in which LulzSec and Anonymous combined to steal millions of emails and thousands of credit card details.
An FBI agent was quoted as describing the police operation as a “devastating” victory over LulzSec, but Mark Gregory, Senior Lecturer in Electrical and Computer Engineering at RMIT University, said it would change little in the endless battle between authorities and hackers.
“The people in the core of these groups will go back and redevelop their defences, and they will look to expand out from there. One side kicks a goal, the other side consolidates. The goal posts shift. There’s no end in sight,” Mr Gregory said.
“Most of the people they picked up were in the second or third tiers, they were just foot soldiers. They were nowhere near the core of these groups and they were too easy to pick up.
"If one group closes down, there’s a vacuum and certain people will fill it. There are parallels with drug dealing - police make a bust, arrest 30 people, but then another 30 people replace them.”
The arrests would even act as a kind of challenge to some in the hacking community, he said. Anonymous appeared to confirm that notion when it declared that the police operation would spur them on. Via Twitter, the group said: “#Anonymous is a hydra, cut off one head and we grow two back.”
Jason But, a Lecturer at the Centre for Advanced Internet Architectures at the Swinburne University of Technology, agreed that some in the hacking community would be incensed at the arrests and would ramp up their activities as a result, while others would “consider it a challenge to prove that they were better than LulzSec because they won’t get caught”.
“A good hacker requires talent, but many hackers release programs that do all the work, people who use these programs are called ‘script kiddies’”, Dr But said. “Some people have accused LulzSec of being script kiddies, but it is difficult to determine if this is fair.”
“Hacker collectives are likely to be caught eventually, not because they are ineffective, but due to human nature. People find it hard to avoid bragging about their exploits - once two people know, it is no longer a secret. Eventually enough people will find out so as to result in an arrest.”