Lulzsec hacker group handed jail sentences

  • Published
Media caption,

LulzSec hacker Jake Davis: 'The internet is a world devoid of empathy'

British hackers who were behind a series of high profile cyber-attacks in 2011 have been sentenced.

The four men, Ryan Cleary, Jake Davis, Mustafa al-Bassam and Ryan Ackroyd, were part of the Lulzsec hacking group.

Cleary was jailed for 32 months, Davis for two years and Ackroyd for 30 months. Al Bassam was given a 20-month suspended sentence.

Targets included Sony Pictures, games maker EA, News International and the UK's Serious Organised Crime Agency.

Group effort

The actions of the group were "cowardly and vindictive", said Andrew Hadik, a lawyer for the Crown Prosecution Service.

"The harm they caused was foreseeable, extensive and intended," he said. "Indeed, they boasted of how clever they were with a complete disregard for the impact their actions had on real people's lives.

"This case should serve as a warning to other cybercriminals that they are not invincible," he said.

Each man filled a different role during their cyber-attack spree. Ackroyd was the ring leader of the small group choosing targets and directing the efforts of the others. Davis acted as its press secretary, Cleary provided the software to carry out attacks and al-Bassam posted stolen data online.

Some of the four could face extradition to the US as US law enforcement agencies have lodged indictments against them.

Cleary has also pleaded guilty to possession of images showing child abuse, which were found by police on his hard drive. The sentence for this offence will be given at another hearing.

During the trial Ackroyd, 26, from Mexborough, South Yorkshire, admitted stealing data from Sony.

The former soldier was also responsible for redirecting visitors trying to visit the Sun newspaper's site to a fake story about News Corp chairman Rupert Murdoch committing suicide.

He has pleaded guilty to carrying out an unauthorised act to impair the operation of a computer.

Bassam, 18, from south London, Davis, 20, from Lerwick, Shetland, and Cleary, 21, from Wickford, Essex, all pleaded guilty to two charges - hacking and launching cyber-attacks against organisations including the CIA and Soca.

In addition, Cleary pleaded guilty to a further four charges, including hacking into the US Air Force's computers and possession of indecent images of babies and children.

Prosecutor Sandip Patel said that unlike the others, Cleary was not a core member of Lulzsec although he had wanted to be.

"It's clear from the evidence that they intended to achieve extensive national and international notoriety and publicity," he said.

"This is not about young immature men messing about. They are at the cutting edge of a contemporary and emerging species of criminal offender known as a cybercriminal."

Botnet attack

Lulzsec's name is combination of the acronym Lol - meaning laugh out loud - and security.

It emerged as a splinter group from the hacking collective Anonymous two years ago.

Image caption,
Lulzsec carried out a 50-day series of cyber-attacks in 2011

Mr Patel said the spin-off lacked the "libertarian" political agenda of the larger group. Instead, its stated goal was to laugh at others' flawed security measures "just because we could".

This involved stealing emails, credit card details and passwords from their targets' computer servers and crashing victims' websites with distributed denial of service (DDoS) attacks. This involved flooding organisations' web servers with requests sent from hijacked computers used as part of a botnet.

Lulzsec's original ringleader is alleged to be another man - US-based Hector Monsegur, also known as Sabu. He was arrested in June 2011 and later co-operated with the FBI to help it identify other members of Lulzsec. Monsegur has yet to be sentenced.

A 24-year-old Australian has also been arrested and accused of attacking and defacing a government website as part of Lulzsec's campaign.