A second LulzSec hacker could be found and arrested due to his use of the proxy server, HideMyAss.
The hacker, known as "Neuron", may be arrested if he can be traced by their use of an anonymous VPN.
Fellow hacker Cody Kretsinger was arrested by the FBI last Thursday after hacking into the Sony pictures website. The LulzSec hacker was discovered because of his use of the HideMyAss proxy server to disguise his IP.
His online username, "Recursion" is seen in chatlogs uploaded by the hacking group to PasteBin where he boasted about hacking into Sony Pictures and "boosting more accounts".
HideMyAss said that should there be a misuse on the site, they would hand over the browsing history of any user as long as the request is accompanied by a UK court order.
They released a long defence to their actions after refusing to hand over the logs without a court order:
Being able to locate abusive users is imperative for the survival of operating a VPN service, if you can not take action to prevent abuse you risk losing server contracts with the underlying upstream providers that empower your network. Common abuse can be anything from spam to fraud, and more serious cases involve terrorism and child porn. The main type of logging is session logging - this is simply logging when a customer connects and disconnects from the server, this identifies who was connected to X IP address at X time, this is what we do and all we do. Some providers choose not to do session logging and instead try to locate the abusive customer by using the intelligence from the complaint, for example if someone hacks XYZ.com they may monitor traffic to XYZ.com and log which customers have a connection to this website. Ask yourself this: if a provider claims not to do any form of logging, but is able to locate abusive customers, how are they able to do this without any form of logging?
The fact that HideMyAss retains such a log history has caused quite a stir in the online community with many users promising never to use the service again. Its competitors, such as AirVPN have been quick to reassure its users that no information is withheld, nor do they recognise any USA jurisdiction.