Sophos Cloud Optix
Four members of the notorious LulzSec hacking gang, who attacked websites belonging to the likes of the CIA, the NHS and the Serious Organised Crime Agency (SOCA) are due to be sentenced at Southwark Crown Court in London later today.
The Anonymous-affiliated hacking group didn’t limit itself to denial-of-service attacks which bombarded websites with so much internet traffic that they were inaccessible by the outside world. They also stole personal information from poorly-secured networks.
For instance, the group’s attack on Sony, took the PlayStation Network offline for several days, stole 24.6 million individual pieces of customer data and cost the firm a reported $20 million in revenue.
What’s obvious is that the motive of the LulzSec hacking gang wasn’t to make money. In that sense they were very different from many of the online criminals encountered today.
However, they were set on amusing themselves at the expense of embarrassed organisations, disrupting websites and – in the worst cases – exposing the personal information of innocent people.
Of course, those actions could have costly financial consequences for the companies and individuals who were unfortunate enough to be caught up in the attacks and data breaches.
Below you will find more details of the four hackers, who had previously pleaded guilty to various hacking offences:
- Jake Davis – “Topiary”
- Ryan Cleary – “Viral”
- Mustafa Al-Bassam – “T-Flow”
- Ryan Ackroyd – “Kayla”
- The reign of LulzSec
Further reading: Jail for the LulzSec hacking gang members
Jake Davis, also known as “Topiary”
20-year-old Jake Davis, who acted as LulzSec’s spokesman under the pseudonym of “Topiary” and was arrested at his home in the remote Shetland Islands, was one of the most high profile members of LulzSec, writing press releases for the group, conducting media interviews, and running the group’s Twitter account.
Jake Davis, who by all accounts was not having the greatest experience living so remotely from the British mainland, enjoyed co-ordinating LulzSec’s activities.
He was not the most technically skilled member of the LulzSec hacking gang, but was quick-witted and intelligent, making him an ideal spokesperson for the group.
Here’s a video I made at the time of Davis’s arrest, where “Topiary” is heard claiming that he and other hacktivists would always be one step ahead of the authorities:
(Enjoy this video? Check out more on the SophosLabs YouTube channel and subscribe if you like.)
When arrested, Jake Davis was caught red-handed with 750,000 pieces of stolen personal data in his possession, including names and addresses, passwords, and credit card details.
Famously, just before his arrest Jake Davis posted a simple message on Topiary’s Twitter account:
"You cannot arrest an idea"
Last month, Davis pleaded guilty to his part in bombarding various websites with so much internet traffic that they were inaccessible by the outside world
Last year, following his arrest, Davis wrote an article entitled “My life after Anonymous” where he claimed that he felt “more fulfilled without the internet”.
It’s possible that Jake Davis may be extradited to the United States in the future, to answer related hacking charges there.
Ryan Cleary, also known as “Viral”
Ryan Cleary was not a main member of the LulzSec hacking gang, but had access to something very valuable – control over a botnet of compromised computers.
Prosecutor Sandip Patel told the court that “at any one time [Cleary] had up to 100,000 computers directly and actively under his control.”
Cleary had made thousands of pounds every month, renting out access to his massive botnet of hijacked personal computers so criminals could launch denial-of-service attacks and send spam campaigns. But as he was sympathetic to the cause, he didn’t make such financial demands of the LulzSec gang.
After his arrest, in June 2011, at his home in Wickford, Essex, The Sun newspaper described Cleary as a “geek”, “nerd” and “oddball”.
The news report was clearly insensitive, as Cleary suffers from Asperger’s.
It is speculated that The Sun’s front page media report may have angered other members of LulzSec, and motivated the hacking group’s subsequent attack against the newspaper.
The attack against The Sun resulted in phone numbers, email address and passwords of News International employees being posted on the internet.
Meanwhile, website visitors were presented with a false news story claiming that News International founder Rupert Murdoch had died after ingesting a “large quantity of palladium”, and stumbled into his “famous topiary garden”.
Mustafa Al-Bassam, also known as “T-Flow”
Mustafa Al-Bassam, the youngest of the four men and technically a child at the time of the offences, specialised in finding vulnerabilities in websites that could be exploited by malicious hackers.
Calling himself “T-Flow”, Al-Bassam took issue with the homophobic stance of the controversial Westboro Baptist Church that entered an online argument with the Anonymous movement, before being hacked live on-air.
When the A-Level student – who is now 18 years old – was arrested, a note was found giving details of a security vulnerability on the FBI’s website.
Ryan Ackroyd, also known as “Kayla”
Ryan Ackroyd was considered the most skilled hacker in the LulzSec group, who claimed to have learned his computer skills by attempting to tinker with computer games.
After joining the British army when he was 19, Ackroyd had served in Iraq, Canada and the Falklands, before being discharged after five years.
Many, both inside and outside the underground world of hackers, were duped into believing that “Kayla” was a teenage girl – a deliberate attempt by Ackroyd to disguise his true identity.
The truth is that Kayla was a 26-year-old British man, from Doncaster. Ackroyd enjoyed the disguise, as it rubbed salt into the wounds of hacking victims who thought they had been “pwned” by a teenage girl.
The reign of LulzSec
Here’s just a short summary of just some of the hacks, internet attacks and indeed arrests associated with the LulzSec gang during 2011:
- LulzSec suspect pleads not guilty to Sony Pictures website hack. If convicted, Cody Kretsinger, from Phoenix, Arizona, could face up to 15 years in prison.
- LulzSec hacking suspect ‘Topiary’ arrested in the Shetland Islands. A court was later told that alleged hacker Jake Davis had 750,000 passwords in his possession.
- LulzSec and Anonymous hacker suspects arrested by US, UK and Dutch authorities.
- Britain’s leading tabloid, The Sun was hacked, and replaced with a bogus story announcing the death of Rupert Murdoch. In addition, readers who had participated in the newspapers’ competitions had their personal details exposed.
- FBI searches LulzSec suspect’s home in Hamilton, Ohio.
- EA Games resets users’ passwords following LulzSec hack.
- The end of LulzSec? Hacking group says it is disbanding, after 50 days of attacks.
- Ryan Cleary charged with DDoS attacks – SOCA (Britain’s Serious Organised Crime Agency) and other websites in the firing line.
- SOCA website scalp claimed by LulzSec in apparent DDoS attack.
- CIA website brought down by DDoS attack, LulzSec hackers claim responsibility.
- EVE Online and other gaming websites hit by LulzSec DDoS attack.
- LulzSec attacks US Senate and Bethesda Softworks.
- 26,000 sex website passwords exposed by LulzSec.
- Hackers steal Fox TV passwords, deface Twitter and LinkedIn pages.
Have your say – LulzSec: Helpful, harmless or hideous? [VOTE NOW]
Even the Titans were imprisoned ; and were greater then any god.
Your statement will surely give peace to these 4 while they are sitting in jail.
You cannot arrest an idea.
"had made earn" "hvae" You really need to proofread this.
Thanks.
Most of the “hacks” were done by prebuilt tools. It’s not like they were the most skilled hackers out there. But it is the hacker’s nature to enjoy attention and to boast I guess.
I agree. From what I've learned LulzSec is just an organized group of script kiddies. Standing on the shoulders of giants, as it were.
Idk if I'd say that about LulzSec but that's definitely the structure of anonymous as a whole. Upfront mostly "pawns" & script kiddies. Black Hats remain in the shadows and provide the tools…
indeed, let us wonder but the internet is a weird place, this persons anonymity was lost so he was a criminal but least that there's so much of it everywhere on the internet and what would be the solution for those whom have lost their privacy not just by this but even before so much of frauds and scams on the internet ? what are these so called capable people are able of doing the same to take action towards this sort of happenings that happen even while we speak, lesson learned but it would never come to thought of because a few minds out there would only truly realize to see another side of it which isn't the harm it has caused but the harm it has been and will be, it's not the tool of destruction that causes the true harm it's the dark side of the mans heart that truly does.