By Christopher Williams
21 Jun 2011 | The Telegraph
The entire 2011 UK census database has been stolen by hackers and will be published online, it has been claimed.
Ryan Cleary, an alleged member of the hacking group behind the claim, LulzSec, was arrested in Essex this morning by specialist cyber crime officers from Scotland Yard.
The 19-year-old was taken to a central London police station and remains in custody on suspicion of Computer Misuse Act and Fraud Act offences.
A “significant amount of material” was also seized from an address in Wickford, Essex.
The “pre-planned intelligence-led operation” in collaboration with the FBI followed claims online that the 2011 census database had been stolen and would be published in full.
“We have blissfully obtained records of every single citizen who gave their records to the security-illiterate UK government for the 2011 census,” a posting purportedly by LulzSec said.
“We’re keeping them under lock and key though… so don’t worry about your privacy (…until we finish re-formatting them for release),” it added.
The posting was uploaded to the website Pastebin.com, which has previously been used by LulzSec to publicise its attacks. It said the database will be published via The Pirate Bay, a file sharing website.
LulzSec first emerged in May and mounted a series of Distributed Denial of Service and hacking attacks on high profile organisations. Sony, the CIA, the US Senate, the NHS, the Serious Organised Crime Agency and security companies linked to the FBI have all been targeted.
The Office of National Statistics said it was investigating the latest claims.
“We are aware of the suggestion that census data has been accessed. We are working with our security advisers and contractors to establish whether there is any substance to this,” it said.
“The 2011 Census places the highest priority on maintaining the security of personal data. At this stage we have no evidence to suggest that any such compromise has occurred.”
The US defence contractor Lockheed Martin, which collected the 2011 census data, was also preparing a statement. The compulsory national survey was carried out in march and gathered data including full names, dates of birth and addresses for everyone in the UK.
Graham Cluley, of the British computer security firm Sophos, said more evidence of a breach was required.
“I don’t think we should believe someone has hacked UK census purely on basis of a post to PasteBin [the website used by LulzSec for its announcements],” he said.
The group claims to be acting purely for amusement.”Lulz” is a derivative of LOL, the abbreviation for “laugh out loud” commonly used online.
On Tuesday affternoon LulzSec appeared to deny a link to Ryan Cleary on its Twitter account.
“Seems the glorious leader of LulzSec got arrested, it’s all over now… wait… we’re all still here!,” it said.
It later also denied it had hacked into the census database.
“Not sure we claimed to hack the UK census or where that rumour started, but we assume it’s because people are stupider than you and I,” it said.
“Oh well, just because we want to waste government and local authority investigation time: we hacked every website in the world. Enjoy!”