The Australian Federal Police's (AFP) initial claims that Matthew Flannery, an IT security employee that went under the name of Aush0k, was the "self-proclaimed leader" of defunct online hacking group Lulz Security (LulzSec) were based on one joke comment made online, it has been revealed.
"[On Tuesday,] the AFP arrested and charged a self-proclaimed Australian leader of the internationally renowned computer hacking collective known as LulzSec," said commander Glen McEwen, the Australian Federal Police's manager for cybercrime operations,.
Flannery was accused of accessing and defacing a government website with a known security exploit, but the AFP also alleged that Flannery had been involved with Anonymous, as well as LulzSec, the group that claimed to be behind attacks on Fox, Sony, and others.
"He is a well-respected person within the Anonymous community, within LulzSec and that side of the house, but he has also worked in the IT professional field," AFP national coordinator for cybercrime operations Brad Marden.
The then-24-year-old Gosford man, who was working at IT security firm Content Security at the time, faced up to 10 years in jail for the 19 offences he was charged with at the time.
Last week, however, Flannery — now 25 — had most of the charges dismissed, and was convicted of five charges and sentenced to 15 months' home detention, according to ABC's 7.30.
The news report revealed that the AFP's claim that Flannery was the leader of LulzSec was based on a boast about the attack on the government website, which Flannery had done with an unnamed 17-year-old, who was not charged.
"I pasted the link to someone and said in satire, 'Ha ha, I am the leader of LulzSec'," Flannery said.
"And I certainly did not proclaim to other LulzSec members, because I've never met any, that I was the leader of LulzSec."
The Australian Federal Police is standing by its initial claims, however.
"Only that individual can, you know, answer the question why you would make such declaration if that was not true. What was the end game?," McEwen told the ABC.
"I cannot categorically say that the individual was part of LulzSec, but I definitely cannot discount that."
McEwen said that Flannery had obtained access to banking details, but did not take any money.
"There's an element of breaking into the computer and then forcibly removing financial data. I align that to a robbery."
Flannery told the ABC that he has been consulting in IT security with US companies from home detention, and McEwen said that Flannery could have a future with the AFP.
"They have a particular skill set that could actually benefit society as opposed to acting against society," he said.
"Always happy to discuss, you know, the future of others and hoping to have some influence in their future."