The suspected LulzSec member Ryan Cleary, if found to have taken part in LulzSec's attacks on the U.S., could face up to ten years in jail.

Cleary's arrest

London's Metropolitan Police Central e-Crime Unit arrested 19-year-old Cleary for suspected involvement in a number of LulzSec's recent cyber attacks.

None of the law enforcement agencies involved in the investigation have revealed which specific attacks Cleary is being charged for.

Cleary's arrest was apparently the result of "a pre-planned intelligence-led operation" that was carried out by both the Metropolitan and Essex police forces, as well as the FBI.

Details about what evidence was discovered during the police's search of Cleary's Wickford, Essex address remain vague.

"Searches at a residential address in Wickford, Essex, following the arrest last night have led to the examination of a significant amount of material. These forensic examinations remain ongoing", read the police's statement.

The new American laws

According to a report earlier this week from Reuters, the Obama administration has urged Congress to pass new laws that would double the maximum sentence hackers could receive.

The new laws would mean that any hacker or group caught accessing the U.S. Government's networks could potentially face up to 20 years in prison.

Under the U.S.'s current laws, first-time hacking offenders can only receive up to ten year sentences. This is the highest sentence possible and can only be given by a judge if the hacker's attack put the country's national security at risk. The maximum sentence for simple data theft is currently only five years.

The amended laws proposed by the Obama administration would extend this.

The new maximum sentence for an attack that endangered national security would be 20 years. Hacks that stole data worth more than $5000 would face a 10 year maximum sentence.

Additionally, the amended laws would mean that any hacker that "defaces" or vandalizes a government's website or network could receive a three year jail sentence.

It is unlikely that any of LulzSec's attacks could be seen as "a threat to national security". Even the collective's attacks on the U.S. Senate and CIA's websites did little more than force them offline for a few hours.

But, LulzSec has posted stolen data from several other American companies and agencies. This means that if Cleary was involved in any of LulzSec's attacks on the U.S., he could face up to five-years in jail -- 10 if the new laws pass.

This would require Cleary to be extradited, but as evidenced by the U.S.'s response to Gary McKinnon's hacks on the Pentagon and NASA, this is not a request the U.S. would shy away from.


Since Cleary's arrest LulzSec has publically denied Cleary's involvement in any of its attacks.

The group first tweeted on the 19-year-old's arrest, "Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here! Which poor bastard did they take down?"

Upon learning that it was Cleary that had been arrested the group followed up its initial tweet with a slew of posts commenting that he was at best an associate of a few LulzSec members.

"Clearly the UK police are so desperate to catch us that they've gone and arrested someone who is, at best, mildly associated with us. Lame."

Followed by, "Oh well - less tweet spam now. Best watch out, they can't get us, so they're going after people they think might know us. Defend yourselves."

LulzSec went on to clarify that the only connection Cleary has with the group was through certain chatrooms hosted on one of his IRC servers.

"Ryan Cleary is not part of LulzSec; we house one of our many legitimate chatrooms on his IRC server, but that's it.

"@superbus We use Ryan's server, we also use Efnet, 2600, Rizon and AnonOps IRC servers. That doesn't mean they're all part of our group."

Since its posts about Cleary, LulzSec has reported successful attacks on two of the Brazilian Government's websites.