Feeds

British LulzSec hackers hear jail doors slam shut for years

'Latter day pirates' cop hefty servings of porridge

3 Big data security analytics techniques

Three British members of the notorious LulzSec hacktivist crew and a hacker affiliate were sentenced today for a series of attacks against targets including Sony, News International, the CIA and the UK's Serious Organised Crime Agency. The youngest of the four accused avoided jail with a suspended sentence while the other three were jailed for terms ranging from 24 to 32 months.

Jake Davis, 19, of Lerwick, Shetland; Ryan Ackroyd, 26, of Mexborough, Doncaster; and Mustafa Al-Bassam, 18, from Peckham, south London all previously admitted involvement in computer hacking attacks. All three were core members of LulzSec while Ryan Cleary, 21, of Wickford, Essex, supplied a botnet of around 100,000 compromised computers that acted as a platform to blitz targeted websites with junk traffic, crashing many sites in the process.

The hackers ran distributed denial of service (DDoS) attacks against the Arizona State Police, 20th Century Fox, HBGary Federal, Bethesda, Eve Online, Nintendo, SOCA and others as part of operations run by various hacking groups including Anonymous and LulzSec.

Cleary (aka Viral) admitted hacking into systems at the Pentagon. He has been indicted in the US and faces possible extradition proceedings. Davis has also been indicted in the US.

Not all members of the group were involved in all the attacks, some of which went far beyond simple packet flooding. Judge Deborah Taylor sentenced the men after considering mitigating factors highlighted by their lawyers over the course of a two day hearing.

In sentencing, Judge Taylor said the group's offences were "planned and persistent".

"The losses were substantial even if your motivation was not financial," she said.

Ackroyd, a former soldier who adopted the online persona of a 16-year-old girl called Kayla to rub salt into the wounds of victims, admitted stealing data from Sony. He also confessed to playing a key role in a malicious prank back in July 2011 involving redirecting visitors to The Sun newspaper's website to a fictitious story about News Corp chairman Rupert Murdoch committing suicide.

Ackroyd taught himself computer programming as a means to gain an edge in the games he was playing online. Among his roles in LulzSec was to seek vulnerabilities on websites. He was jailed for 30 months.

Al-Bassam (aka T-Flow), who was still at school at the time of the attacks, also sought out vulnerable websites that the hacking crew could target. His barrister said that he wanted to go on to study computer science at university. Al-Bassam avoided jail with a 20 month sentence but will still be punished by having to complete a 300 hour community service order.

Davis (aka Topiary) acted as LulzSec's main publicist as well as playing a role in co-ordinating its activities. He was sentenced to 24 months in a prison for young offenders.

The court heard that Cleary made up to £2,500 a month selling access to his zombie computer network to hackers. The Asperger's Syndrome sufferer built up a botnet of 100,000 compromised PCs over a period of five years.

Cleary was jailed for 32 months for the computer hacking offences.

In some instances the group lifted sensitive personal data from compromised websites, London's Southwark Crown Court heard.

Data leaks, including personal details of 74,000 people who had registered to appear on X-Factor, were made available as torrents and publicised through file-sharing sites such as the Pirate Bay. The gang obtained the data after hacking into US network Fox in May 2011.

‪LulzSec‬ stole 24.6 million customers' private records during an attack on Sony. The entertainment giant was forced to take its PlayStation Network offline for weeks in the wake of the mega-breach, which ultimately cost it an estimated $20 million.

"This is not about young immature men messing about," prosecutor Sandip Patel told the court at the start of the mens' sentencing hearing, Reuters reports. "They are at the cutting edge of a contemporary and emerging species of international criminal offending known as cyber crime."

"LulzSec saw themselves as latter-day pirates," Patel said, adding that the group were motivated by "anarchic self-amusement".

LulzSec – or the Lulz Security hacking collective – started off as an offshoot from the Anonymous hacking collective in 2011. It went on claim a large number of attacks during a 50 day hacking spree in the summer of 2011. Most of its targets were entertainment firms opposing file sharing and law enforcement or intelligence agencies. ‪LulzSec‬ ran a Twitter hashtag called "Fuck FBI Friday" that boasted of its latest assaults.

The alleged ringleader of LulzSec, Hector Xavier Monsegur - known online as "Sabu" - turned FBI snitch following his arrest in June 2011 and helped to identify other members of the group. Monsegur's sentencing hearing has repeatedly been delayed. ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.