News

10:35 AM
Connect Directly
RSS
E-Mail
50%
50%

Second LulzSec Sony Hacker Suspect Arrested

FBI files charges against a second man in hack that used SQL injection attack to access one million unencrypted Sony usernames and passwords.

A second alleged member of LulzSec has been arrested on charges of having hacked the Sony Pictures website last year.

The FBI Tuesday announced the arrest in Phoenix of Raynaldo Rivera, 20, after he was named in a federal grand jury indictment. The indictment, which was returned on August 22 but not unsealed until Tuesday, charged Rivera on two counts: unauthorized impairment of a protected computer and conspiracy. If convicted on all counts, Rivera faces up to 15 years in prison.

According to the indictment, LulzSec (a.k.a. Lulz Security) launched attacks against the Sony Pictures website between May 27 and June 2, 2011. The indictment noted that the group later anonymously took credit for the exploit, saying it had been accomplished via a SQL-injection attack.

Like other alleged members of LulzSec, Rivera appears to have more than a passing interest in computers. "On Rivera's Facebook page, he describes himself as 'just your common computer geek,' and appears to have recently left a job at the University of Advancing Technology in Tempe, Arizona," said Graham Cluley, senior technology consultant at Sophos, in a blog post.

[ Is your hotel lock secure? See Hotel Keycard Lock Hacker Questions Firmware Fix. ]

According to the indictment, Rivera's co-conspirator in the attack was Cody Kretsinger, then 23. A previous indictment relating to the Sony attack was handed down in September 2011, and it named Kretsinger. He was arrested in Phoenix, and pleaded guilty to the charges in April, reversing an earlier not-guilty plea. Kretsinger is due to be sentenced on October 25.

According to a Pastebin post in which LulzSec claimed credit for the Sony Pictures attacks, the group boasted that it had obtained one million Sony website users' passwords, and that they hadn't been encrypted. "From a single injection, we accessed everything," according to the LulzSec statement. "What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it." But the group said it had only had time to post 150,000 of the stolen usernames and passwords to the LulzSec website.

Authorities have accused Rivera of taking the information stolen from Sony and posting it online, including names, passwords, birthdates, email and postal addresses, and phone numbers of people who'd entered Sony contests.

Sony estimated that the attack led to $600,000 in clean-up costs. But Sony also faces at least one class-action lawsuit over the more than dozen breaches it suffered last year. In the wake of the exploit, embarrassing evidence emerged that Sony had recently laid off many of its information security personnel.

How did authorities track down Rivera? According to the indictment, which accused Rivera of using the aliases "Neuron," "Royal," and "Wildicv," he'd attempted to mask his IP address and remain anonymous by using a proxy server. That detail is telling, since the FBI busted Kretsinger (a.k.a. "Recursion") after VPN service provider HideMyAss.com was served with a court order seeking information related to several LulzSec exploits, including attacks against Sony, the U.K.'s Serious Organized Crime Agency, as well as NATO. While U.K.-based HideMyAss.com had promised that its service masks users' identities "behind one of our anonymous IP addresses," the company said it had no choice but to comply with the court order.

According to previously published LulzSec chat logs, Recursion, LulzSec spokesperson Topiary, and Neuron claimed to be using HideMyAss.com.

Authorities have now arrested multiple LulzSec suspects across Ireland, the United Kingdom, and the United States. Related law enforcement investigations have been aided by Hector Xavier Monsegur, better known as LulzSec leader and Anonymous mastermind Sabu. He was secretly arrested by the FBI in June 2011, after which he began working as a confidential informant, and later pleaded guilty to all charges against him. In recently filed court documents, the FBI requested a six-month delay in his sentencing, "in light of the defendant's ongoing cooperation with the government."

Vulnerability scanners can be used to help detect and fix systemic problems in an organization's security program and monitor the effectiveness of security controls. However, a vulnerability scanner can improve the organization?s security posture only when it is used as part of a vulnerability management program. In our Choosing The Right Vulnerability Scanner report, we give you tips on choosing and implementing vulnerability scanners in your enterprise. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Apprentice
8/31/2012 | 1:40:52 AM
re: Second LulzSec Sony Hacker Suspect Arrested
I find it very ironic that a company called hidemyass.com which is supposed to protect your anonymity, actually had to disclose just that. I am sure that the companies credibility and business has dropped completely down the tube form this ordeal. Just goes to show you the vast scope of people that these attacks affect. It is not just the targets but a shocking number of innocent people that it also affects in a major way. It doesnGÇÖt make sense to me that Hector Xavier Monsegur is cooperating with the government I imagine for a reduced sentence, but they are going to make a serious example of him I do not know why he would bother when the return is so minuscule. Funny about Sony firing their information security officers prior to the dozen or so attacks that followed.

Paul Sprague
InformationWeek Contributor
Cartoon
Slideshows
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Research: 2014 State of the Data Center
Research: 2014 State of the Data Center
Our latest survey shows growing demand, fixed budgets, and good reason why resellers and vendors must fight to remain relevant. One thing's for sure: The data center is poised for a wild ride, and no one wants to be left behind.
Video
Twitter Feed