Sophos Cloud Optix
Members of the notorious LulzSec hacking gang have been sent to jail.
Here are the sentences that each of them have received:
- Jake Davis – “Topiary”
Two years in a young offenders’ institution. - Ryan Cleary – “Viral”
- Mustafa Al-Bassam – “T-Flow”
- Ryan Ackroyd – “Kayla”
Imprisoned for 32 months, of which he will serve half.
20 months prison sentence suspended for two years, and 300 hours community service.
30 months prison sentence, of which he will serve half.
The judge apparently took Mustafa Al-Bassam’s age at the time of the offences into consideration when choosing to give him a suspended sentence.
If you have an opinion on these sentences, leave a comment below or take part in our poll: Have your say – LulzSec: Helpful, harmless or hideous?
Read more: The men behind LulzSec
Here’s just a short summary of just some of the hacks, internet attacks and indeed arrests associated with the LulzSec gang during 2011:
- LulzSec suspect pleads not guilty to Sony Pictures website hack. If convicted, Cody Kretsinger, from Phoenix, Arizona, could face up to 15 years in prison.
- LulzSec hacking suspect ‘Topiary’ arrested in the Shetland Islands. A court was later told that alleged hacker Jake Davis had 750,000 passwords in his possession.
- LulzSec and Anonymous hacker suspects arrested by US, UK and Dutch authorities.
- Britain’s leading tabloid, The Sun was hacked, and replaced with a bogus story announcing the death of Rupert Murdoch. In addition, readers who had participated in the newspapers’ competitions had their personal details exposed.
- FBI searches LulzSec suspect’s home in Hamilton, Ohio.
- EA Games resets users’ passwords following LulzSec hack.
- The end of LulzSec? Hacking group says it is disbanding, after 50 days of attacks.
- Ryan Cleary charged with DDoS attacks – SOCA (Britain’s Serious Organised Crime Agency) and other websites in the firing line.
- SOCA website scalp claimed by LulzSec in apparent DDoS attack.
- CIA website brought down by DDoS attack, LulzSec hackers claim responsibility.
- EVE Online and other gaming websites hit by LulzSec DDoS attack.
- LulzSec attacks US Senate and Bethesda Softworks.
- 26,000 sex website passwords exposed by LulzSec.
- Hackers steal Fox TV passwords, deface Twitter and LinkedIn pages.
The sentence isn't as bad as it could of been, considering some are being sentenced to up to 15 yrs for a simple ddos.
Going to jail for exposing thieves and killers, this is a shame.
It seems a bit excessive. If anything, they're exposing sloppy security measures by large corporations and institutions that really should do better with customer data. Defacing a site or a DDOS attack is nothing more than a prank. Annoying, possibly, but is it criminal enough to justify the cost of jail time?
It's a sorry state of affairs when you could mug someone and get a slap on the wrist, but soon as you go after property (physical or not), the full weight of law is involved.
Not only are you likely to get a slap on the wrist for mugging somebody in the street (if the police even bother to try to catch you), but if you are wealthy and influential enough to destabilise the world economy and cause a crash that results in millions being tossed out of their jobs or not able to find sufficient employment, you’ll get off scot free. Lie to Parliament to start a war that kills a hundred thousand people, and you get a cushy job as a peace envoy.
Obviously hacking and DDoS attacks aren’t ok, but jail time is a grossly disproportionate punishment, particularly being handed down by the old boys club that let their friends get away with far greater crimes.
You clearly don't understand information security in the slightest. Protecting from those types of DDoS attacks is not only unnecessarily costly based on most organizations' risk management analysis, but is at times an impossible task. Also, they are messing with the business, losing them money and exposing innocent people's passwords and property. Screw them they deserve a longer sentence.
Spot on! The argument you refute is akin to saying unless brick and mortar business secure their premises with Fort Knox level security they deserve to be broken into and have their property stolen or rifled through. It's a ridiculous argument that's posited for the sole purpose of justifying an obvious wrongdoing.
They got off lightly considering the amount of damage they had done not just to computer systems but to actual people. Thankfully these guys will probably never be employed in the future to work anywhere near computers.
@Glenn they didnt expose anyone, they acted like idiots and should have gotten a few more years for being dead beats.
@Matt there are professional companies that provide pentesting. Companies dont need a bunch of kids to expose security. As for a DDOS being a prank, yeah a very expensive one at that but hey I'm guessing here you or Glenn can't even begin to comprehend the damage these attacks can do, it goes far beyond denying a service.
I quite agree that we shouldn't need a 'bunch of kids' to expose weak/bad security practices and that there are pen testing companies to do this professionally.
However and this is a big but, at the moment it is only the pain that these companies feel (usually on their balance sheet or reputation) that eventually gets them to take security seriously. The pain is usually caused by groups such as this. Not legal nor morally right but it does get the shoddy security practices of these companies highlighted.
In the ideal world security would be one of the key design phases along with features/function rather than just an afterthought once the buggy but feature rich software is released.
How else do you suggest that these profit motivated companies are going to pay attention to a 'detail' that they just regard as an extra cost thereby reducing their profit?
So you are saying that LuzSec (and other hackers) are operating on the greater good?
C.S. Lewis has something to say about that:
“Of all tyrannies a tyranny sincerely exercised for the good of its victim may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron’s cruelty may sometimes sleep, his cupidity may at some point be satiated, but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience.”
The final line is telling – “… they do so with the approval of their own concience”. Sound familiar?
Ironically, in having gotten modest sentences today, Topiary and the rest of LulzSec may have increased their chances of extradition to US.
http://eduncovered.com/so-long-and-thanks-for-the…
Public flogging would be an appropriate addition to their sentences.Rob a bank, and you do hard time. Hack into (a.k.a., steal) other peoples information and expect to get a pat on the head? I think not. If more of these morons faced some grim reality fro their criminal activity, maybe they would find less destructive methods for idling away their ample spare time.
There were other ways of doing this. The fact that innocent people's details were disclosed; putting them at risk – just shows what dangerous idiots these people were. No doubt we'll be hearing of new exploits they're responsible for within the next couple of weeks – as they all sign up to prison IT classes.
Hopefully the conditions of their sentence prevent them access to any computer systems. Maybe by the time they get into their late twenties they will figure out a more positive way to use their gifts.
these people do unlimited damage which starts off as 'I can do it' fun but almost always turns into serial meddling or crime. My own web site was trashed off by low level morons such as these so fill the cells up and get rid of them fo rthe next 20 years. There is loads of room for the do-gooders to keep them company !!