British police have arrested two men accused of conspiring to commit computer crimes under cover of the online identity Kayla associated with the hacktivist groups Anonymous and LulzSec. Computer equipment belonging to one of the accused men was seized for forensic examination.

Among other things, Kayla has been linked to the security breaches that occurred at HBGary Federal last February in the wake of the security firm's boast that it was about to reveal the true identities of some members of Anonymous and LulzSec.

"The arrests relate to our enquiries into a series of serious computer intrusions and online denial-of-service attacks recently suffered by a number of multinational companies, public institutions, and government and law-enforcement agencies in Great Britain and the United States," said Mark Raymond, a detective inspector with the e-crime unit of the Metropolitan Police Service.

Thursday's arrests are part of an ongoing investigation by the e-crimes unit in collaboration with the FBI and other law-enforcement agencies overseas. "We are working to detect and bring before the courts those responsible for these offenses, to disrupt such groups, and to deter others thinking of participating in this type of criminal activity," Raymond said.

Switching Hats

The latest round of U.K. arrests demonstrates that hacktivists aren't as anonymous as they would like to believe. In an interview published earlier this week as part of a Cisco Systems security blog, a former Anonymous member known by the online identity Sparkyblaze advised other hackers to stay away from black-hat hacking.

"White-hat hacking is a lot more fun, you get paid for it, it is legal," Sparkyblaze observed. "A conviction for hacking and leaking a database will affect you for the rest of your life."

The former hacktivist said he was initially attracted to Anonymous because he loves hacking and believes in free speech. However, he eventually became disillusioned with some of the group's activities.

Story continues

"I feel that it is OK if you are attacking the governments [for the purpose of] getting files and giving them to WikiLeaks, that sort of thing," the former member noted. "But putting usernames and passwords on a pastebin doesn't [impact governments], and posting the info of the people you fight for is just wrong."

A Lack Of Understanding

The biggest problem companies face today is a lack of understanding concerning the importance of computer security [and having] a good information security policy, Sparkyblaze noted.

Companies don't want to spend time and money on computer security because they don't think it matters, Sparkyblaze observed. "They don't encrypt the data, nor do they get the right software, hardware and people required to stay secure," he explained. "[And] they don't train their staff not to open attachments from people they don't know."

Earlier this week, British police arrested three men between the ages of 20 and 26 and two teenagers for conspiring to commit unlawful computer acts. Four of the defendants are scheduled to be arraigned in the City of Westminster Magistrates' Court on Sept. 7. Additionally, a 16-year-old male has been referred to the Surrey Youth Justice Board.