Former LulzSec hackers, Ryan Cleary (ViraL), age 21, Jake Davis (Topiary), age 20, Ryan Ackroyd (Kayla), age 26, and Mustafa Al-Bassam (tFlow), age 18, appeared at Southwark Crown Court in London as the sentencing hearing began. Prosecutor Sandip Patel told the court that the men thought they were “latter day pirates” and were on the “cutting edge” of cybercrime.
The prosecutor said the four men “worked from their bedrooms in 2011” and were “as much about self-promotion as they were about hacking, describing them as adept at getting the attention of media and of hundreds of thousands of Twitter followers and motivated by ‘anarchic self-amusement’.”
“It’s clear from the evidence that they intended to achieve extensive national and international notoriety and publicity,” Patel stated. LulzSec “saw themselves as latter-day pirates." He added, “This is not about young immature men messing about. They are at the cutting edge of a contemporary and emerging species of criminal offender known as a cyber criminal.”
The men previously pled guilty to numerous cyberattacks, including hacking into the Pentagon’s computers, crashing the CIA’s website, taunting the FBI with F***Friday hacks on FBI contractor Infragaurd, IRC Federal, Unveillance and the Arizona State Police. Ticked about a WikiLeaks documentary that aired on PBS, LulzSec posted a fake story on the PBS website claiming Tupac was “alive and well.” Sony, Nintendo, Fox and News International also did not escape unscathed from the hacktivist collective’s “crime spree” for the lulz. The Westboro Baptist Church was also hacked after saying 'God hates fags and lousy hackers;' after Cleary was arrested, he told police, "Sure, it's a crime, obviously. But it is not as if it is that f***ing serious."
Davis aka Topiary was smirking as his hacking activities were outlined for the court. He previously “admitted to conspiring to carry out denial of service attacks on various websites.” He was also in charge of LulzSec’s media relations, running the Twitter account and website. 750,000 separate pieces of sensitive data were found on his computer after his arrest. Patel said, "The real-life identities of the hackers were aggressively concealed. Similar protection did not extend to their victims." Yet Davis told police that LulzSec broke into the NHS sexual health clinic, but informed the clinic “about its security flaws without publishing information they obtained because they ‘liked’ the NHS.”
Patel said that Ackroyd, masquerading as 16-year-old Kayla, was “probably the most sophisticated known conspirator. He was responsible for researching sites to target and was known as a 'highly sophisticated rooter'.” Al-Bassam (tFlow) was an “A-level student;” he was called “a technical mastermind who sought out vulnerable websites the gang could target.”
The court was told that “Davis, Al-Bassam and Ackroyd were core members of LulzSec” along with New York-based hacker Hector Xavier Monsegur aka Sabu. Cleary (ViraL) was described as “trigger-happy.” He was “not a core member of Lulzsec but pined to be accepted by the group. He let them use his botnet - a 'web robot' that he had spent six years building and which powered the denial of service attacks.” According to Patel, “At any one time he had up to 100,000 computers directly and actively under his control.”
Cleary reportedly had 10,000 pieces of sensitive data on his computer when arrested, and also “pleaded guilty to charges of downloading pornographic images of babies and children.”
In April, LulzSec member Cody Kretsinger (Recursion), 25, was sentenced to "one year in federal prison for his role in a May 2011 breach of a Sony Pictures website and database." Another former LulzSec member, Raynaldo Rivera (Neuron) "pleaded guilty in October 2012 to conspiracy charges in connection with the same attack. He is scheduled to be sentenced by Judge Kronstadt" tomorrow, May 16. Hector Xavier Monsegur (Sabu) turned snitch, helped the feds and is “scheduled to be sentenced in August 2013.”
At the end of April, Australian Federal Police arrested “the self-proclaimed leader” of LuzSec. The 24-year-old IT worker, Matthew Flannery, went by the alias of "Aush0k." Financial Review confirmed that Flannery worked for Content Security, which resells software from US-based Tenable Network Security.
Glen McEwen, manager of cybercrime operations at Australian Federal Police, said "There were no denials of his claims of being the leader. Let me make it extremely clear to everybody out there, this is not harmless fun, this is serious." He added, “This individual was operating from a position of trust who had access to sensitive information from clients including government agencies ... The AFP believe this man’s skills and access to this type of information present considerable risk to Australian society.” Flannery will appear before court today, May 15, and faces “a maximum 12 years in jail if found guilty of the charges.”
Suspected Sony hacker smashed PCs, hid hard drives, avoided 20 years in prison
Meanwhile, 23-year-old Todd Miller, one the hackers accused of attacking Sony gaming servers in 2008, was sentenced to house arrest for a year. The Columbus Dispatch reported that after Miller was questioned by the FBI, he went home, removed the hard drives and smashed his computers. The FBI then did not have the evidence to go after Miller for hacking, and instead opted for charging him with “obstructing a federal investigation.”
Miller, who has a ninth-grade education, told the judge that he’d learned his lesson and the court wouldn’t see him again. He added that “he was ‘immature and ignorant and caught up with the wrong people at the wrong time’ when he destroyed the computers.” In return, Miller was sentenced to 12 months of house arrest, three years of probation and ordered to get his high school certificate. He was very lucky, as he could have been “sentenced to 20 years in prison and fined $250,000.”