Head hacker at Fluffi Bunni arrested
Washington: British authorities have arrested a man
believed to the head a group of hackers known as "Fluffi Bunni," which
used a stuffed pink rabbit to mark attacks that humiliated some of the
world's premier computer security organisations.
Fluffi Bunni captured the attention of the FBI just days after
the September 11 terror attacks, when thousands of commercial websites
were vandalised with a single break-in that included the message,
"Fluffi Bunni Goes Jihad".
The FBI characterised the act in a November 2001 report as an anti-American cyberprotest against the war on terrorism.
Lynn Htun, 24, was arrested by Scotland Yard detectives today
on outstanding forgery charges while attending a prominent trade show
in London for computer security professionals, InfoSecurity Europe
2003, authorities said.
British authorities did not mention Htun's alleged hacking.
A US official however, said Htun is wanted in America in
connection with a series of high-profile hacking cases blamed on Fluffi
Bunni.
Investigators believe Htun was the group's leader and referred to himself as Fluffi Bunni, the official said.
Authorities in London indicated they would release more
information tomorrow about Htun's arrest, although the continuing
investigation into Fluffi Bunni hackers was sensitive and other arrests
could be possible.
Fluffi Bunni embarrassed leading Internet security
organisations by breaking into their own computers and replacing
webpages with a message that "Fluffi Bunni ownz you" and a digital
photograph of a pink rabbit at a keyboard.
The attacks, which began in June 2000, lasted about 18 months,
then stopped mysteriously and created one of the Internet's most
significant hacker whodunits in years.
Victims have included the Washington-based SANS Institute,
which offers security training for technology professionals; Security
Focus, now owned by Symantec Corp.; and Attrition.org, a site run by
experts who formerly tracked computer break-ins.
Other victims included McDonald's Corp. and the online
security department for Exodus Communications Inc., now part of
London-based Cable & Wireless plc.
"The guy was playing a game of 'gotcha.' He wanted to prove
that even firms that specialise in security can be hacked," said Mark
Rasch, chief security counsel for Solutionary Inc. and a former Justice
Department cybercrime prosecutor.
"It's like someone who robs banks to prove that banks can be robbed."
Brian Martin, who ran the Attrition site with Dyson and others,
said Fluffi Bunni quickly generated a fearsome reputation across the
underground because of the group's choice of targets. Martin determined
that a hacker broke into another user's computer, allowing him to
assume that person's digital identity and briefly take over the
Attrition site with a Fluffi Bunni message.
Source: www.smh.com.au
Cybercrime News Archive