Fluffi bunni - Sans hacker busted @ InfoSec Event in the UK.

British authorities arrest hacker wanted as `Fluffi Bunni'

By Ted Bridis, The Associated Press Apr 29 2003 2:08PM

British authorities arrested a man Tuesday believed to head a group of hackers known as "Fluffi Bunni," which used a stuffed pink rabbit to mark attacks that humiliated some of the world's premier computer security organizations.

Fluffi Bunni captured the attention of the FBI just days after the Sept. 11 terror attacks, when thousands of commercial Web sites were vandalized with a single break-in that included the message, "Fluffi Bunni Goes Jihad."

The FBI characterized the act in a November 2001 report as an anti-American cyberprotest against the war on terrorism.

Lynn Htun, 24, was arrested by Scotland Yard detectives on outstanding forgery charges while attending a prominent trade show in London for computer security professionals, InfoSecurity Europe 2003, authorities said.

British authorities did not mention of Htun's alleged hacking. A U.S. official, speaking on condition of anonymity, said Htun is wanted in America in connection with a series of high-profile hacking cases blamed on Fluffi Bunni. Investigators believe Htun was the group's leader and referred to himself as Fluffi Bunni, the official said.

Authorities in London indicated they would release more information Wednesday about Htun's arrest, although the continuing investigation into Fluffi Bunni hackers was sensitive and other arrests could be possible.

Fluffi Bunni embarrassed leading Internet security organizations by breaking into their own computers and replacing Web pages with a message that "Fluffi Bunni ownz you" and a digital photograph of a pink rabbit at a keyboard. The attacks, which began in June 2000, lasted about 18 months, then stopped mysteriously and created one of the Internet's most significant hacker whodunits in years.

"I thought he'd never be caught," said Jay Dyson, a consultant who formerly helped run one of the victim Web sites. "He was clever and had the patience of a saint. The targets he chose were ones that were really high profile, and ones you'd think would be above reproach when it comes to issues of security."

Victims have included the Washington-based SANS Institute, which offers security training for technology professionals; Security Focus, now owned by Symantec Corp.; and Attrition.org, a site run by experts who formerly tracked computer break-ins. Other victims included McDonald's Corp. and the online security department for Exodus Communications Inc., now part of London-based Cable & Wireless plc.

"The guy was playing a game of `gotcha.' He wanted to prove that even firms that specialize in security can be hacked," said Mark Rasch, chief security counsel for Solutionary Inc. and a former Justice Department cybercrime prosecutor. "It's like someone who robs banks to prove that banks can be robbed."

Brian Martin, who ran the Attrition site with Dyson and others, said Fluffi Bunni quickly generated a fearsome reputation across the underground because of the group's choice of targets. Martin determined that a hacker broke into another user's computer, allowing him to assume that person's digital identity and briefly take over the Attrition site with a Fluffi Bunni message.

"He would break into companies that are there to secure you," said Martin, who never reported the crime to the FBI. "It's a challenge, and there's some irony behind it."

Targets frequently were attacked indirectly. Instead of trying to break into the heavily protected Security Focus Web site, someone hacked an outside computer that displayed advertisements on the site. The ads were replaced with taunting messages and images of the pink rabbit at the keyboard.