A suspected hacker from Britain has been arrested in connection with an alleged cyber attack on the United States Department of Defence (DoD) as part of a week-long UK-wide operation.
The 23-year-old man was arrested by National Crime Agency (NCA) officers in Sutton Coldfield, in the West Midlands, on Wednesday on suspicion of offences linked to data stolen from a messaging service used by DoD employees around the world.
Contact information for around 800 people including name, title, email addresses and phone numbers, as well as details for around 34,400 devices, were obtained during the attack last June, the NCA said.
Following the attack, the hacker posted screenshots taken from the dashboard used to control the database as well as a bizarre message on the text storage website Pastebin.
It read:
"We smite the Lizards, LizardSquad your time is near. We're in your bases, we control your satellites.
"The missiles shall rein upon thy who claim alliance, watch your heads, ** T-47:59:59 until lift off. We're one, we're many, we lurk in the dark, we're everywhere and anywhere.
"Live Free Die Hard! DoD, DISA EMSS : Enhanced Mobile Satellite Services is not all, Department of Defense has no Defenses."
The stolen information was taken from an international satellite message dissemination system known as Enhanced Mobile Satellite Services. It also included IMEI numbers, which are the unique codes used to identify a mobile device.
No sensitive data were obtained and none of the data obtained could be used to identify anyone or threaten US national security, the NCA added.
Jeffrey Thorpe, special agent in charge at the US Department of Defence criminal investigative service (DCIS), said: "This arrest underscores DCIS commitment and the joint ongoing efforts among international law enforcement to stop cyber criminals in their tracks. DCIS special agents will use every tool at their disposal to pursue and bring to justice those that attack the Department of Defence."
Some 57 arrests have been made this week by the NCA's National Cyber Crime Unit at more than 20 separate locations across England, Wales and Scotland as part of a week of activity targeting cyber crime. Crime-fighters visited 60 businesses, with personalised security data reports, identifying 5,531 compromises on servers within the UK.
The arrests include:
- A 21-year-old man arrested on March 5 by the NCA's NCCU on suspicion of a network intrusion attack committed by 'D33Ds Company' hacking group, which stole more than 400,000 email addresses and passwords from Yahoo! and published them online in 2012.
- A 23-year old man arrested on March 4 by NCCU officers, supported by West Midlands ROCU, on suspicion of offences relating to a network intrusion in June 2014 on the US Department of Defence (DoD).
- A 22-year-old man arrested on March 3 by the NCCU and South West ROCU in Aldbourne, Marlborough on suspicion of developing and distributing malware.
- A 20-year-old male from Hackney, London arrested on March 4 by Metropolitan Police and NCCU on suspicion of committing a £15,000 phishing attack.
- A 27-year-old from Leyton arrested on March 4 by Metropolitan Police and NCCU, on suspicion of cyber-enabled fraud.
- A 25-year-old man from North London arrested by the Metropolitan Police on suspicion of deploying malware against banks, resulting in financial losses.
- A 16-year-old man, from the Pudsey area of Leeds has been arrested by the Metropolitan Police for suspected Computer Misuse Act offences concerning the use of DDoS attacks believed to target approximately 350 websites.
- Two men, aged 38 and 29, arrested in South London and the Cambridge area by the Metropolitan Police for suspected conspiracy and Computer Misuse Act offences relating to the theft of valuable intellectual property from a London financial company.
- Some 25 suspects in the London and Essex areas were arrested by The Metropolitan Police Fraud and Linked Crime Online (FALCON) unit on suspicion of cyber-enabled fraud offences - including fraud by false representation, theft and money laundering.
- An 18-year-old man arrested by the Eastern ROCU in Watford, suspected of being responsible for the development and administration of the Titanium and Avenger stressor tools which have been used in DDoS attacks on public sector websites, including police.
- A 22-year-old man and a 59-year old woman arrested in Camberwell by the Eastern ROCU, suspected of offences relating to cyber-enabled fraud targeting high street retailer loyalty point schemes.
- A 22-year-old man arrested in Slough by South East ROCU, suspected of offences relating to cyber-enabled fraud.
- Officers from Thames Valley Police and South East ROCU arrested five men in Kiddlington, Oxford - aged 40, 39, 38, 36 and 34 - for conspiracy to commit computer misuse offences, in relation to a network intrusion attack.
- Officers from Sussex and Surrey Police cyber crime unit together with South East ROCU arrested a 58-year-old man in Bexhill, Sussex, suspected of network intrusion and DDoS offences.
- A 21-year-old man arrested by Police Scotland in County Durham on suspicion of Computer Misuse Act offences relating to a DDoS attack on the Police Scotland website.
- A 51-year-old man arrested by North East ROCU in Northumbria on suspicion of Computer Misuse Act offences relating to a network intrusion.
- A 33-year-old man from Barry was arrested by South Wales ROCU, suspected of a DDoS on a rival company for competitive advantage.
- Three suspects arrested in South Wales by NCCU, Gwent and Dyfed Powys police on suspicion of a number of Computer Misuse Act Offences.
- Working with the US FBI, a production order was served by the East Midlands ROCU on a hosting company whose servers are suspected of being used to house suspected criminal infrastructure.
- Several ROCU's have also issued cease and desist orders visiting individuals who have been identified as purchasing remote access tools (RATs).
Andy Archibald, deputy director of the NCA's National Cyber Crime Unit, said:
"The 57 arrests around the country this week are a result of the essential partnership activity with law enforcement, industry and government that is at the heart of fighting cybercrime.
"Criminals need to realise that committing crime online will not make them anonymous to law enforcement. We are continuously working to track down and apprehend those seeking to utilise computers for criminal ends, and to disrupt the technical networks and infrastructures supporting international cyber crime.
"It's imperative that we continue to work with partners to pursue and disrupt the major crime groups targeting the UK, but also, crucially, work to make sure that people have the knowledge and resources to make the UK as inhospitable as possible for cyber criminals in the first place."