Topiary: did police arrest the wrong man in LulzSec investigation?

Fortune tellerSince the British police arrested a teenager yesterday in connection with the hacktivist activities of LulzSec and Anonymous, I’ve been asked, time and time again, the same question:

Have the cops got the right man?
Have they arrested the “real” Topiary?

It seems that the reason why they’re asking is that folks are supicious that LulzSec could have pulled a fast one – and deliberately tricked the computer crime authorities into believing that someone entirely different is the real “Topiary”.

In other words, the man arrested in Shetland could be a fall guy.

Sign up to our free newsletter.
Security news, advice, and tips.

The main proponent of this theory is a blog article published on The DailyTech website by a chap called Jason Mick.

The article promotes the theory that the real “Topiary” is a 23-year-old Swedish hacker, not a teenager in Shetland, and it offers as evidence a chat log – originally published by th3j35t3r (“The Jester”) – where a plan is described to incriminate someone else as “Topiary”:

<Topiary> yeah well, this is my plan:
<Topiary> (as you know I stole this nickname from a troll last December, didn’t work out so well)
<Topiary> I’ll just keep denying it until they try to go after the troll
<Topiary> then they’ll think that’s me and harass him
<removed> then he harasses back?
<Topiary> yeah but if I deny my real dox enough, people will go looking for other dox
<Topiary> then nobody will believe I’m me
<Topiary> and all you bastards told me my Brit voice was good, damnit
<Topiary> did they get voice recognition?
<removed> well when you talk the Swedish accent comes out a bit
<removed> but not for a couple of minutes
<Topiary> these f*ggots aren’t hitting the UK n*gger Topiary
<Topiary> why aren’t they?
<Topiary> I’m hoping someone will go after him and think it’s me, then I’ll act all scared etc
<Topiary> hope it blows over and they start doxing Ireland f*g or Scotland f*g or wherever the f*ck UK part he’s from
<Topiary> anyway I trust you so yeah
<Topiary> we can keep this between us
<removed> Wont say a word bro
<removed> just take care
<Topiary> okay gotta go
<Topiary> thanks for advic
<removed> bye!

Hmm. I love a convoluted conspiracy as much as the next man. And it would be easy to start one, just by asking questions like:

“Why haven’t the police told us the arrested man’s real name? What are they hiding?”

“If it isn’t Topiary who was arrested, why hasn’t he or LulzSec posted any updates about the arrest on Twitter?”

“Is it a bluff or a double-bluff?”

“Why are the police not mentioning any link with phone hacking? Is it because it’s completely irrelevant, or because it *is* relevant?”

“Does the arrested man have a Scottish or a Swedish accent?”

“If he’s not got a Scottish accent, but was arrested in Shetland, when did he move there?”

“Does he have the same accent as the Anonymous spokesman who conducted all those TV interviews?”

For goodness sake people, let’s pause to breathe for a minute.

Here’s what we do know so far:

  1. The police issued a press release saying they had arrested a 19-year-old man (later changed to say he was aged 18 – let’s not start a conspiracy about that one, okay?) at a residential address in the Shetland Islands.
  2. The police didn’t release the man’s name, or details of where in the Shetland Islands he had been arrested, but did say that they believed him to be the LulzSec and Anonymous spokesman who went by the online nickname of “Topiary”.
  3. LulzSec and Topiary’s Twitter feed have gone uncharacteristically quiet.

If you ask me, is the man they arrested in the Shetland Islands is Topiary, another hacker (either working in league with Anonymous/LulzSec or opposing them), or entirely innocent.. my simple answer is I don’t know.

We have to presume he’s innocent until proven otherwise. He hasn’t been charged with any offences yet, and at the moment is just being questioned by the authorities.

I’m pretty sure that the police must have been pretty confident that they had evidence that the man they arrested was “Topiary” if they were prepared to name him as such in their press release.

If the man is connected in any way with criminal hacking activities and denial-of-service attacks I would expect him to start singing like a canary pretty quickly. You may be idealistic when young, but when the hard truth of the seriousness of the situation hits you, anyone with half a brain will realise that the only sensible course of action is to co-operate with the authorities.

So, if you ask me if I think that an unnamed man, arrested in an unnamed street, is guilty of crimes which I wasn’t present at then I’m going to have to say “pass”. Your guess is as good as mine.

I can’t look into a crystal ball and magic up the proof for you, one way or another.

So there! :)

If you do have a feeling in your bones or a strong conviction, however, feel free to choose a side in our poll.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.