British police announced Monday that they had arrested a 19-year-old hacker in Scotland's remote Shetland Islands that they believed to be Topiary. The LulzSec spokesman and Anonymous veteran would be the most high profile arrest yet in authorities' recently reinvigorated campaign to bring the group's global hacking spree to an end. But according to Jason Mick, a blogger for Daily Tech, the cybercrime unit at Scotland Yard nabbed the wrong guy. In fact, says Mick, LulzSec themselves duped police into arresting one of their enemies.
It's worth pointing out right away that "doxing" (exposing a hacker's real identity) is an elaborate and often speculative process. Some hackers treat it like a past-time, a way to get attention or to scare their enemies into hiding. Anonymous and LulzSec have recently used doxing as a way to deter police. The FBI arrested an ex-Anonymous hacker named Robert Cavenaugh in early June, after the group published his real identity online as retaliation for his hacking into their chat rooms. Soon thereafter, LulzSec doxed Ryan Cleary who helped Cavenaugh hack the chat network. British police arrested him in late June.
Mick says that LulzSec sort of did the reverse in Topiary's case. Around the time that Cavenaugh and Cleary were doxed, a group calling themselves the Web Ninjas claimed that Topiary was a 22-year-old Zelda fan from Uppsala, Sweden named Daniel Ackerman Sandberg (pictured above). Mick corroborates these details with a leaked chat log in which Topiary anxiously tells a friend about how he's going to tell everyone that the real Topiary isn't Daniel Sandberg but rather a teenager in Scotland from whom he stole his nickname. "So now we troll him and hope he's getting raided," Topiary said of the Scottish teen. "Then I'll stop my Twitter and everything." Indeed, Topiary deleted all of his tweets a week ago, leaving just one: "You cannot arrest an idea."
Sound convincing? It's supposed to. Mick notes that the chat logs were published by an American-based hacker and LulzSec nemesis, The Jester. This name might sound familiar as he's the same hacker who claimed he doxed Anonymous frontman Sabu earlier this month as a tech security expert named Hugo Carvalho, who denied the accusation. Like Topiary, the supposed outing of Sabu relied on what appeared to be leaked chat logs as well as domain registry information pasted into a blog post. The very simple Watson-inspired skepticism to The Jester's claim to having solved the case is that someone could very easily fabricate every keystroke of his evidence. Plus hackers fabricate fake identities all the time and Topiary admitted recently that he was working on ways to put some distance between him and LulzSec.
Banking on precedent, we probably would have heard from LulzSec if British police arrested the wrong hacker. When police were quick to tout their arrests of "Anonymous members" Cleary and Cavenaugh, both LulzSec and Anonymous denied loudly that the hackers held any important roles. The response was different this time around. LulzSec, whose Twitter account is reportedly run by Topiary, didn't mention the arrest. Sabu addressed the Daniel Ackerman accusations.
"RIP Topiary Fuck the police And as for the 'doxers' you proved how clueless you ALL were when you posted he was from Sweden over 9000 times," tweeted Sabu. He added later, "So my brothers and sisters, thank those fallen Anons for taking the hits that will give the rest of you another day to fight. Thank you."
Of course, Sabu's statements would fit neatly into Topiary's conspiracy. We're going to wait for more details about the actual arrest, though, before buying into any speculative conclusions.