UK Census 2011 database hack by LulzSec under investigation

"We are aware of the suggestion that census data has been accessed. We are working with our security advisers and contractors to establish whether there is any substance to this", says a statement on the census website.

"The 2011 Census placed the highest priority on maintaining the security of personal data. At this stage we have no evidence to suggest that such a compromise has taken place," the statement concludes.

Hacker arrested

Scotland Yard has announced the arrest of a 19-year-old hacker in Essex, but would not confirm whether the arrest was connected to a distributed denial of service (DDoS) attack on the website of the Serious Organised Crime Agency (SOCA) or the alleged breach of the census website.

Officers from the Police Central e-Crime Unit (PCeU) arrested the alleged member of LulzSec last night on suspicion of breaching the Computer Misuse Act, and searched a house in Wickford, Essex, where they seized computer equipment which will undergo forensic examination. The FBI and local Essex police worked in co-operation with the PCeU to investigate the case.

Series of hacking attacks

"The controversial LulzSec group has been playing a dangerous game - its Twitter account, which has more than 220,000 followers, has become increasingly vocal - embarrassing computer crime authorities and large organisations around the world with its attacks," said Graham Cluley, senior technology consultant at security firm Sophos.

"There has been much speculation recently regarding who might be behind LulzSec. If the group has now been cracked, then it will send a strong message to others thinking about engaging in their own hacks or denial of service attacks," he said.

Census records stolen?

LulzSec, which has launched an anti-government campaign and claimed responsibility for the DDoS attack on the SOCA website, now claims in an online posting to have obtained the records of every single citizen who gave their information to the "security-illiterate UK government" in the 2011 census.

The posting says the database will be published through file-sharing website The Pirate Bay. "We're keeping them under lock and key though... so don't worry about your privacy (...until we finish re-formatting them for release)," the posting says.

LulzSec first emerged in May when it carried out a series of DDoS and hacking attacks on high-profile organisations, including Sony, the CIA, the US Senate, the NHS and SOCA.

This story was first published by Computer Weekly

What’s hot on Infosecurity Magazine?