A man suspected of hacking into computer systems belonging to Sony Pictures, and stealing the personal information and passwords of thousands of innocent internet users, has been arrested by the FBI.
20-year-old Raynaldo Rivera, of Tempe, Arizona, is said to have been involved in the Sony hack last year that exposed online the names, birth dates, addresses, emails, phone numbers and passwords of people who had entered Sony contests.
At the time LulzSec published what they called a “Pretentious Press Statement” about the hack which was said to have been done via an SQL injection attack against a vulnerable Sony website:
"SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"
The security breach is said to have cost Sony over $600,000.
According to the FBI, Rivera was an accomplice of 24-year-old LulzSec member Cody Kretsinger, who pleaded guilty in April to charges connected to the Sony Pictures hack, reversing an earlier not guilty plea.
Kretsinger used the HideMyAss.com proxy server website to disguise his IP address as he the Sony Pictures’ website was probed in May 2011, hunting for vulnerabilities.
HideMyAss.com’s terms and conditions stipulate that their service is not to be used for illegal activity, however, and they co-operated with the authorities when a court order was received requesting information.
Rivera, who is said to use the online handles “neuron,” “royal” and “wildicv”, is suspected of similarly using a anonymising proxy in an attempt to conceal his computer’s real IP address.
On Rivera’s Facebook page (which can be found at https://www.facebook.com/wildicv) he describes himself as “just your common computer geek”, and appears to have recently left a job at at the University of Advancing Technology in Tempe, Arizona.
Others considering committing crimes on the net might be wise to stop believing that using an anonymising proxy service will necessarily keep them out of the clutches of the law.
Rivera faces up to 15 years in prison if convicted of the charges against him.Follow @gcluley