Homeless hacker arrested by FBI in LulzSec/Anonymous investigation

Filed Under: Featured, Law & order, Vulnerability

Homeless manAccording to media reports, the FBI has arrested two alleged hackers in San Francisco and Phoenix, believed to be associated with the LulzSec and Anonymous hacktivist groups.

And one of them is homeless.

FoxNews reports that search warrants have also been executed in the states of Minnesota, Montana and New Jersey as part of a wider FBI investigation into the groups who have launched attacks against government websites as well as corporations such as Sony.

23-year-old Cody Kretsinger, from Phoenix, Arizona, has been charged with computer offences, and is alleged to be the LulzSec member known as "Recursion". Kretsinger is accused of being involved in an SQL injection attack that stole information from Sony Pictures in June, exposing users email addresses and passwords.

According to the indictment against Kretsinger, he is accused of using the hidemyass.com proxy service to cloak probes he made of Sony Pictures' computer systems in May 2011, hunting for vulnerabilities.

Sony passwords leakedApproximately 150,000 confidential records were subsequently published online by LulzSec who criticised Sony's weak security.

Authorities allege that Kretsinger wiped the hard drives used to carry out the attack on Sony in an attempt to hide forensic evidence.

"Recursion" is one of many handles used by members of the LulzSec hacking gang, and features in internet chat logs that have previously been published of the group having what they believed to be private conversations.

Chat log between LulzSec members Topiary and Recursion

Meanwhile, the FBI arrested an alleged Anonymous member in San Francisco. The man, who is reported to be homeless, is said to have been involved in internet attacks against Santa Cruz County government websites.

Just because a man is homeless, of course, doesn't mean that he can't get an internet connection. Coffee houses, cafes, libraries, etc can all offer cheap or free internet access - and because the computer being used can be a shared device, it may be harder to identify who might have been responsible for an attack compared to a PC at a home.

At the same time, public places are often watched with CCTV cameras which means that if the authorities were able to identify a time and place, they may also be able to gather evidence as to who was at the location when an attack was begun from a particular computer.

Both LulzSec and the larger Anonymous hacktivist collective have had a tough time of late, with a series of arrests in the USA, UK and elsewhere around the globe.

Wannabe hackers might be wise to read the FBI's press release about the Kretsinger arrest, which points out that if convicted of the hacking offences he could face up to 15 years in prison.

, , , , , , ,

You might like

17 Responses to Homeless hacker arrested by FBI in LulzSec/Anonymous investigation

  1. don · 1442 days ago

    The wheels of Justice grind slow but sure.

  2. thatgermanmathguy · 1442 days ago

    Interesting article, but is Fox News such a reliable source? from what I hear overseas many people consider them as bad journalists.

    • Well, I do link to the FBI's press release too..

      • thatgermanmathguy · 1441 days ago

        True, but the first thing mentioned is Fox News. Nevertheless, I admit that's a little bit nitpicking. Keep up the great work!



  4. Nick Shields · 1442 days ago

    I, for one, am extremely grateful that these guys are championing these most worthy of causes and offer every encouragement to them and others considering the same course of action. The English Police and the FBI have shown their class in arresting aspergic teenagers and have, in doing so, rendered it completely impossible to have any respect for their organisations whatsoever.

    • Steve · 1441 days ago

      Data theft is a serious matter no matter how you look at it.

      If I was to break into your house find copies of all your bank statements and credit card details and then posted them on the internet "for teh lulz" so every fraudster out there can have a field day ony our accounts, wouldn't you want me to be arrested?

      These script kiddies get off on the excitement of doing the crime, they know they are doing wrong but the risk is part of the buzz.

      Personally I have no respect for someone who posts the data of innocent people onto Bit Torrent so they can be victims of fraud. Aspergers isn't an excuse to justify that.

      • David · 1441 days ago

        I AGREE Steve! 100% LOCK them up! For LIFE if need be... I have NO SIMPATHY for them at ALL.

  5. Elle Woods, Esq. · 1442 days ago

    I actually think the FBI has been doing a rather admirable job lately in extremely uncharted legal and technical waters while the private sector looks on.

    This post and the next gives me an idea for a quasi-deterrent to US State and Federal cyber-criminals. Instead of concurrent and/or consecutive sentences for multiple convictions; they get recursive ones- that should sink in. ;)

    • noyyu · 1117 days ago

      It might sound a little more reliable if they hadn't said it was a homeless guy. K? Sounds like a stooley to make someone look like they're doing their jobs. Where is a homeless guy going to keep a laptop and where is he going to keep it safe? Sounds fishy to me.

  6. test · 1441 days ago

    they gotta arrest someone doesn't matter who they need to show who's boss seriously if that's the right hacker or not the confident of the public will drop if they feel like not even FBI can catch cyber criminals....what ever helps people sleep at night :)

  7. 234r · 1441 days ago

    Slightly confusing title. I clicked through wondering what Adrian Lamo had to do with LulzSec.

  8. sh4rkbyt3 · 1441 days ago

    I wonder if they will hold these accused in jail for 3 years without a trial or a lawyer like the did with Kevin Mitnick? It's amazing how rights now get violated in this country and the aholes who applaud it on a daily basis.

  9. George Labonté · 1440 days ago

    DIfferent point of view.

    You people make me laugh calling them criminals and hoping for justice to be served.
    Do you really understand the issue at stake here? these people , whoever they are, are just people pointing out HUGE security flaws that most people are unaware of, and that companies rather keep 'em secret & ignore than fix ...**cough** Sony **cough**

    Sony was aware of that flaw for a long time, and decided that it wasnt a priority to keep their customers private details safe. If this flaw wouldnt have been neglected, we would have never got there.

    Its like if you leave the door of a vault opened and blame people for wanting to go see whats inside...

    Seriously, think about it...

    • Gary · 1438 days ago

      I agree that pointing out security holes is a good thing to do, especially where the relevant company has been dragging its heels in closing the holes. But do you really think they were right in posting the personal details of hundreds of thousands of innocent people onto the web? Really?

      Two irresponsibles don't make a right.

      Seriously, think about it...

      • George Labonté · 1438 days ago

        Did you take a look at those so-called personal details?! I did, and seriously, between that and looking up a phone book or Facebook, not much of a difference....

        That breach didnt do any harm to any people as far as I know.

        The whole thing with Sony, I call it Karma.

        They got what they deserved for what they did to George Hotz....

        End of the story.

        • OxBlood · 1437 days ago

          Dude on facebook you can surely stalk people, but not qacess to their credit card accounts. You argument trying to backup CRIMINALS fails once again.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley