Head hacker at Fluffi Bunni arrested
Washington: British authorities have arrested a man
believed to the head a group of hackers known as "Fluffi Bunni," which
used a stuffed pink rabbit to mark attacks that humiliated some of the
world's premier computer security organisations.
Fluffi Bunni captured the attention of the FBI just days after the September 11 terror attacks, when thousands of commercial websites were vandalised with a single break-in that included the message, "Fluffi Bunni Goes Jihad".
The FBI characterised the act in a November 2001 report as an anti-American cyberprotest against the war on terrorism.
Lynn Htun, 24, was arrested by Scotland Yard detectives today on outstanding forgery charges while attending a prominent trade show in London for computer security professionals, InfoSecurity Europe 2003, authorities said.
British authorities did not mention Htun's alleged hacking.
A US official however, said Htun is wanted in America in connection with a series of high-profile hacking cases blamed on Fluffi Bunni.
Investigators believe Htun was the group's leader and referred to himself as Fluffi Bunni, the official said.
Authorities in London indicated they would release more information tomorrow about Htun's arrest, although the continuing investigation into Fluffi Bunni hackers was sensitive and other arrests could be possible.
Fluffi Bunni embarrassed leading Internet security organisations by breaking into their own computers and replacing webpages with a message that "Fluffi Bunni ownz you" and a digital photograph of a pink rabbit at a keyboard.
The attacks, which began in June 2000, lasted about 18 months, then stopped mysteriously and created one of the Internet's most significant hacker whodunits in years.
Victims have included the Washington-based SANS Institute, which offers security training for technology professionals; Security Focus, now owned by Symantec Corp.; and Attrition.org, a site run by experts who formerly tracked computer break-ins.
Other victims included McDonald's Corp. and the online security department for Exodus Communications Inc., now part of London-based Cable & Wireless plc.
"The guy was playing a game of 'gotcha.' He wanted to prove that even firms that specialise in security can be hacked," said Mark Rasch, chief security counsel for Solutionary Inc. and a former Justice Department cybercrime prosecutor.
"It's like someone who robs banks to prove that banks can be robbed."
Brian Martin, who ran the Attrition site with Dyson and others, said Fluffi Bunni quickly generated a fearsome reputation across the underground because of the group's choice of targets. Martin determined that a hacker broke into another user's computer, allowing him to assume that person's digital identity and briefly take over the Attrition site with a Fluffi Bunni message.
Cybercrime News Archive