backtop


Print 11 comment(s) - last by IcePickFreak.. on Aug 2 at 2:17 PM


  (Source: PAUL GROVER)

Jake Davis was in court today yesterday, facing charges over his alleged hacking with the group LulzSec under the alias "Topiary".  (Source: AP Photo/ Anthony Devlin/PA)

Anti-LulzSec hacktivist "AnonymousDown" published the hacker's first name, before the court appearance, indicating it had advanced knowledge of Topiary. It is possible that "AnonymousDown" and/or arrested 16-year-old UK LulzSec member tflow were responsible for providing police with Topiary's true identity and whereabouts.
"Tflow" may have held the key to catching "Topiary"

The LulzSec drama continues, even though the group's epic hacks [1][2][3][4][5][6][7] [8][9][10][11][12][13][14][15] are a thing of the past.  New information has surfaced since we last updated.  Here's a quick run-down on what's happened:

1.  "Topiary" was revealed to be 18-year-old Jake Davis by London police.  They claim they have ample proof to nail him on tough charges.
2.  LulzSecurityExposed's supposed doxing of Daniel Akerman turned out to be patently false.  The group complains of "misinformation.
3.  A shadowy individual named "AnonymousDown" communicated with someone who is believed to be "Topiary" pre-arrest.
4.  LulzSec chief "T-Flow" is out on bail, may have cooperated with London police in bringing "Topiary" into custody.

The latter points have been remarkably under-publicized and are fascinating aspects of this developing story.

I. The Real Topiary?

The possibility that the arrested 18-year-old Shetland Islands boy is anyone other than LulzSec founding member and mastermind "Topiary" is looking increasingly scant.  As mentioned in our previous piece, "Sabu" -- another LulzSec founder and chief -- has said that Topiary was indeed arrested.

At this point, it appears that the logs published by anti-LulzSec/ anti-Anonymous hacktivist th3j35t3r ("The Jester"):

Topiary: yeah well, this is my plan: 
Topiary: (as you know I stole this nickname from a troll last December, didn't work out so well) 
Topiary: I'll just keep denying it until they try to go after the troll 
Topiary: then they'll think that's me and harass him 
[removed]: then he harasses back? 
Topiary: yeah but if I deny my real dox enough, people will go looking for other dox
Topiary: then nobody will believe I'm me 
Topiary: and all you bastards told me my Brit voice was good, damnit 
Topiary: did they get voice recognition? 
[removed]: well when you talk the Swedish accent comes out a bit 
[removed]: but not for a couple of minutes 
Topiary: these f*%gots aren't hitting the UK ni$%*r Topiary
...
[removed]: frame up this damn trollfaggot, and "carry on" 
Topiary: hope it blows over and they start doxing Ireland f@% or Scotland f@% or wherever the fuck UK part he's from 


...were obfuscation on the part of Topiary to hide his identity.  Of course the logs could be altogether fabricated, but given that Topiary didn't exactly keep a low profile on IRC, it seems more likely that Topiary was simply trying to hide his identity.

Based on audio for Anonymous, Topiary's British accent was obvious.  It appears now that was an authentic accent, not an affected one.  By pretending to be "in on" a framing attempt on the "UK troll Topiary", Topiary could have made authorities second guess his whereabouts.

British police have virtually erased the possibility that the arrested man is anybody other than Topiary, revealing that they found a stash of 750,000 user passwords on his computer and drafts of the fake Rupert Murdoch death story that LulzSec redirected The Sun's homepage to earlier this month.

The young man, whose name was revealed to be Jake Davis, was charged [press release] with unauthorized access to a computer system, participation in a distributed denial of service attack, and other crimes.

So far the charges have been limited to intrusions into Britain's National Health Service, News Corp. (NWS) subsidiary News International's servers, and an attack on the website of the Serious Organized Crime Agency.  Noticeably absent were charges for LulzSec's various U.S. hacks and its hacks against Sony Corp. (TYO:6758).

It is unclear whether there is enough evidence to charge Mr. Davis with these crimes, and if so, when he might be charged.

Mr. Davis's demeanor further eroded doubts regarding whether he was the true "Topiary".  In court he wore a black T-shirt under a denim shirt and sunglasses (indoors).  And Reuters reports he "suppressed a smile when the prosecutor struggled to pronounce 'LulzSec.'"  He read a copy of the book Free Radicals: The secret anarchy of science.  During questioning he confirmed his name and address, but was otherwise silent.

This combined pictured hardly presented itself as a person hoping to prove his innocence.

A handful of more details have arisen via the Facebook page "Free Topiary".  Kelly Smith, a student at Shetland College comments on one post:
he was clever, quiet and never did anything wrong...ever. got aggrophobia when he was 13-14 ish after a family bereavement...nobody ever really saw him after that.
Paul Lewis and Aimee Smith, two other locals, confirm that Mr. Davis dropped out of the local public school when he was 14.

Mr. Davis was released on conditional bail at City of Westminster Magistrates’ Court.  Set to next appear in court on Aug. 30, Mr. Davis must wear an electronic monitoring ankle bracelet and is banned from accessing the internet.  He faces a 10 p.m. to 7 a.m. curfew, and will live with his mother and brother in their residence.

II. LulzSecurityExposed Admits it was Wrong

As we've covered several times, LulzSecurityExposed, published by self-proclaimed "web ninjas" supposed doxed several members of LulzSec earlier this year.  Among them was Topiary -- whom it claimed to be a Swedish youth named Daniel Akerman Sandberg.

These accusations now appear to be patently false.

Even LulzSecurityExposed admits they were wrong, writing:
We could n't find the real Topiary because of disinformation and Kudos to MET police for a Job Well Done.

We have tried our best with minimal resources we had and at the end it is cops who will nab these kids with evidence.
We sincerely apologize Daniel Akerman for doxing him as Topiary.

Game Over page updated with Topiary arrest.
With the page still claiming to be on the hunt of remaining at-large admin "Sabu", its doxing claims should be considered highly suspect.

One issue is that by creating a blogspot account, rather than an official webpage, it's impossible to confirm the true owners of the page.  It's very possible that LulzSec itself created the page, as clearly it was trying to spread misinformation about its members' true whereabouts.

III. AnonymousDown Alludes to Prior Knowledge of Topiary's True Identity

A Twitter account named AnonymousDown wrote earlier today:
Chat log w/ @Atopiary b4 he got busted http://bit.ly/pVXhE0" rel="nofollow Take Heed #anonymous #therightway or #exposed #topiary #antisec #theassociates
The chat log (which appears to have taken place on the servers of the hacker magazine 2600reads:

AnonymousDown: Last chance before shit hits fan my friend
Top (Topiary):  good timing
Top:      I was just about to sign off
AnonymousDown: yep. np fair sailing off into the sunset ive been reading ehh?
Top:      I'm done with the Anonymous/LulzSec/hacktivism activity
Top:      closed down LulzSec as a whole
Top:      can't speak for others because they'll continue, but everything I had is now with them
Top:      so what's up?
AnonymousDown: Yeah, was reading into it over the weekend.  You know with your knowledge tope, you can turn this whole thing around to your benefit, maybe do good things with it.  The offers themselves could be enormous.... fyi...
Top:      tell me what you're thinking bro
AnonymousDown: auth in via twitter and ill consider it =) am following (just clicked) send dm or somethin
Top:      atopiary or lulzsec?
Top:      sent on atopiary
AnonymousDown: atopiary..kk
AnonymousDown: ty sir
AnonymousDown: got it
AnonymousDown: do you know who I really am?
Top:      not at all, truth be told I've never tried to dox any of you
Top:      wouldn't surprise me if one of you was Aaron Barr, as conspiratorial as that sounds

The log is dated to Monday, June 27, 2011 at around 4:30 p.m.

Now clearly (if the date is correct) and the log is authentic, Topiary didn't stick to his promise of staying clean.  After all, the UK police report having proof (drafts of postings) of his involvement in the July 18th defacement of News Corp.  Apparently the allure of hacking was too much for Topiary if he really meant what he wrote.

It'd be easy to dismiss this log as of questionable authenticity or inconsequential, were it not for the fact that AnonymousDown reported Jake Davis's first name on Twitter before the London police revealed it to the rest of the world.

He/she writes on July 27 (following the arrest):
RT: "@CryptKper: Bye @atopiaryhttp://bit.ly/pdU6r8" rel="nofollow" - I hope Jakes not real mad. Next Up: @anonymouSabu ...wait... Isn't that ? #right
And yesterday, he posted what some claim to be a childhood picture of Mr. Davis with the text "When I grow Up I want To Be A Federal Penitentiary Inmate".  It is unclear where he/she got this picture, and whether it is authentic.

AnonymousDown appears to be an ally of The Jester.

While he/she wasn't necessarily "in on" the arrest of Topiary, at the very least AnonymousDown seems to have a lot of intimate knowledge of the situation, which the media did not.

IV. Did T-Flow "Snitch" on Fellow LulzSec Admins?

So how did Topiary -- seemingly a mastermind of deception and stealth -- get caught?  The answer may lie in an internal betrayal in the LulzSec ranks. 

"T-Flow" or "tflow" (real name unknown) was reportedly one of the four original founders of LulzSec, based on chat logs taken from the group by "backtracesecurity" several months ago.  Along with Topiary, Sabu, and "Kayla" (reportedly a man), T-Flow helped orchestrate some of the group's most daring and dastardly plots.

But T-Flow was arrested in South London a week prior to the arrest of Mr. Davis.  

The timing seems high coincidental.  T-Flow was released on bail on July 22 and has not yet been charged.

London authorities are quoted as saying, "In respect to his capability and alleged membership in this group that can cripple online entities, and the alleged act he accused of committing—carrying out coordinated DDoS attacks—yes, he's a significant subject of the investigation," FoxNews.com quoted the official as saying. He was significant enough to be arrested in an international, coordinated, law-enforcement takedown."

The question of how police tracked Mr. Davis to the remote Shetland Islands remains a compelling one, particularly when he had seemingly been doing such a solid job in avoiding being doxed.  

While its possible that AnonymousDown may have provided information to the authorities, it's also possible that some or all of the necessary info for the arrest could have come from tflow.

This possibility is interesting, as betrayal from friends is one of the most common ways savvy hackers have been caught in the past.  For all their hard work to obfuscate their true identity, it can all be for naught if a trusted colleague starts to sing as part of a plea deal.

We may not ever know if tflow committed such a betrayal, but watch for what kinds of punishment he receives, when and if he's charged as that may provide a clue.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

party van
By 85 on 8/1/2011 10:20:09 PM , Rating: 5
its all luls until the party van is at your door!




RE: party van
By Mitch101 on 8/1/2011 10:31:55 PM , Rating: 4
Check Twitter for something like this.

Helicopter hovering above ________ at 1AM (is a rare event).

Go away helicopter - before I take out my giant swatter :-/

A huge window shaking bang here in ________. I hope its not the start of something nasty :-S


RE: party van
By IcePickFreak on 8/2/2011 2:17:21 PM , Rating: 2
I bet mom & dad don't like it either when they stepped on the flowers.


"Well, there may be a reason why they call them 'Mac' trucks! Windows machines will not be trucks." -- Microsoft CEO Steve Ballmer














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki