Feeds

British LulzSec hackers hear jail doors slam shut for years

'Latter day pirates' cop hefty servings of porridge

Protecting against web application threats using SSL

Three British members of the notorious LulzSec hacktivist crew and a hacker affiliate were sentenced today for a series of attacks against targets including Sony, News International, the CIA and the UK's Serious Organised Crime Agency. The youngest of the four accused avoided jail with a suspended sentence while the other three were jailed for terms ranging from 24 to 32 months.

Jake Davis, 19, of Lerwick, Shetland; Ryan Ackroyd, 26, of Mexborough, Doncaster; and Mustafa Al-Bassam, 18, from Peckham, south London all previously admitted involvement in computer hacking attacks. All three were core members of LulzSec while Ryan Cleary, 21, of Wickford, Essex, supplied a botnet of around 100,000 compromised computers that acted as a platform to blitz targeted websites with junk traffic, crashing many sites in the process.

The hackers ran distributed denial of service (DDoS) attacks against the Arizona State Police, 20th Century Fox, HBGary Federal, Bethesda, Eve Online, Nintendo, SOCA and others as part of operations run by various hacking groups including Anonymous and LulzSec.

Cleary (aka Viral) admitted hacking into systems at the Pentagon. He has been indicted in the US and faces possible extradition proceedings. Davis has also been indicted in the US.

Not all members of the group were involved in all the attacks, some of which went far beyond simple packet flooding. Judge Deborah Taylor sentenced the men after considering mitigating factors highlighted by their lawyers over the course of a two day hearing.

In sentencing, Judge Taylor said the group's offences were "planned and persistent".

"The losses were substantial even if your motivation was not financial," she said.

Ackroyd, a former soldier who adopted the online persona of a 16-year-old girl called Kayla to rub salt into the wounds of victims, admitted stealing data from Sony. He also confessed to playing a key role in a malicious prank back in July 2011 involving redirecting visitors to The Sun newspaper's website to a fictitious story about News Corp chairman Rupert Murdoch committing suicide.

Ackroyd taught himself computer programming as a means to gain an edge in the games he was playing online. Among his roles in LulzSec was to seek vulnerabilities on websites. He was jailed for 30 months.

Al-Bassam (aka T-Flow), who was still at school at the time of the attacks, also sought out vulnerable websites that the hacking crew could target. His barrister said that he wanted to go on to study computer science at university. Al-Bassam avoided jail with a 20 month sentence but will still be punished by having to complete a 300 hour community service order.

Davis (aka Topiary) acted as LulzSec's main publicist as well as playing a role in co-ordinating its activities. He was sentenced to 24 months in a prison for young offenders.

The court heard that Cleary made up to £2,500 a month selling access to his zombie computer network to hackers. The Asperger's Syndrome sufferer built up a botnet of 100,000 compromised PCs over a period of five years.

Cleary was jailed for 32 months for the computer hacking offences.

In some instances the group lifted sensitive personal data from compromised websites, London's Southwark Crown Court heard.

Data leaks, including personal details of 74,000 people who had registered to appear on X-Factor, were made available as torrents and publicised through file-sharing sites such as the Pirate Bay. The gang obtained the data after hacking into US network Fox in May 2011.

‪LulzSec‬ stole 24.6 million customers' private records during an attack on Sony. The entertainment giant was forced to take its PlayStation Network offline for weeks in the wake of the mega-breach, which ultimately cost it an estimated $20 million.

"This is not about young immature men messing about," prosecutor Sandip Patel told the court at the start of the mens' sentencing hearing, Reuters reports. "They are at the cutting edge of a contemporary and emerging species of international criminal offending known as cyber crime."

"LulzSec saw themselves as latter-day pirates," Patel said, adding that the group were motivated by "anarchic self-amusement".

LulzSec – or the Lulz Security hacking collective – started off as an offshoot from the Anonymous hacking collective in 2011. It went on claim a large number of attacks during a 50 day hacking spree in the summer of 2011. Most of its targets were entertainment firms opposing file sharing and law enforcement or intelligence agencies. ‪LulzSec‬ ran a Twitter hashtag called "Fuck FBI Friday" that boasted of its latest assaults.

The alleged ringleader of LulzSec, Hector Xavier Monsegur - known online as "Sabu" - turned FBI snitch following his arrest in June 2011 and helped to identify other members of the group. Monsegur's sentencing hearing has repeatedly been delayed. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.