Accused LulzSec Hacker Fights Extradition To U.S.

Alleged LulzSec participant Ryan Cleary indicted by Los Angeles federal grand jury on charges of renting botnets and launching attacks against PBS, Sony, and others.

Mathew Schwartz

June 18, 2012

5 Min Read
Network Computing logo

A Los Angeles federal grand jury last week indicted accused LulzSec and Anonymous participant Ryan Cleary, 20, on hacking charges.

Cleary (a.k.a. "ryan," "Herschel.mcdoogenstein," "anakin," "ni," "vial," and "x"), both a resident and citizen of the United Kingdom, was arrested last year in England on charges of launching botnet-driven distributed denial-of-service (DDoS) attacks against the British Phonographic Industry website, as well as the United Kingdom's Serious Organized Crime Agency (SOCA) website. The latter attack occurred under the banner of the LulzSec and Anonymous spin-off known as AntiSec.

Last year, Cleary was freed on bail, on the condition that he refrain from using the Internet. But he allegedly attempted to contact LulzSec leader Hector Xavier Monsegur, a.k.a. Sabu, at Christmastime. On March 5, 2012--one day before U.S. authorities arrested and charged Monsegur with numerous hacking exploits--U.K. authorities rearrested Cleary for violating his bail conditions.

[ Consider these 7 Tips To Toughen Passwords. ]

Authorities were privy to Cleary's attempted communications because--unbeknownst to Cleary--Monsegur had already been arrested by the FBI in June 2011 and begun working nonstop as a government informer. Ultimately, Monsegur helped U.S. authorities lodge charges against six other accused hackers, though Cleary would now make seven.

The U.S. indictment charges Cleary with one count of conspiracy and two counts of unauthorized impairment of protected computers. The U.S. charges against Cleary collectively carry a maximum sentence of 25 years in prison, although of course Cleary already faces the threat of jail time in the United Kingdom, over the charges already filed there.

When Cleary was first busted, official LulzSec and Anonymous channels downplayed his arrest, saying he'd merely helped to run LulzSec chat servers. But the U.S. indictment also charges Cleary with having built a botnet for hire that supported LulzSec-branded and Anonymous attacks, and with supplying server space to LulzSec colleagues "to store and publish stolen data," amongst other accusations.

The indictment also accuses Cleary of stealing information relating to the X-Factor television show on the Fox network, hacking into the websites of the Public Broadcasting System (PBS) and Sony Pictures, publishing stolen information on the website, as well as launching a DDoS attack against Britain's SOCA website.

According to the indictment, "Cleary developed software for, and maintained and controlled a large botnet comprised of tens of thousands, and potentially hundreds of thousands of bots ... [then] used his botnet to conduct DDoS attacks against various corporate and government entities, including DreamHost." DreamHost is a service provider that's a subsidiary of New Dream Network, which is based in California--hence the prosecution of Cleary in U.S. District Court in California.

"Cleary also rented out his botnet for others to use, that is, individuals paid defendant Cleary money in exchange for being able to conduct DDoS attacks against targets of their choosing using defendant Cleary's botnet for a certain period of time," according to the indictment.

From April 2011 to June 2011, according to court documents, "Cleary assisted LulzSec in its hacking activities, including by identifying security vulnerabilities on victim computers, exploiting such vulnerabilities, conducting DDoS attacks, and also establishing and providing access to servers and other computer resources for LulzSec members to use, including to communicate against each other and to store and publish confidential information stolen from LulzSec's victims."

The indictment also accuses Cleary of instructing one of his associates to lie to investigators. "Cleary instructed an associate who had been contacted by law enforcement regarding LulzSec to provide 'disinformation' that 'leads away from' LulzSec members; specifically, defendant Cleary instructed the associate to falsely accuse M.D.M. of LulzSec's activities and offered to provide the associate with fake access logs pointing to M.D.M. to give to law enforcement," according to the indictment, which doesn't identify M.D.M.'s identity.

"However much fun he thought he was having at the time, one thing is obvious: Cleary faces a world of hurt ahead, especially if the U.S. authorities decide to seek his extradition," said Paul Ducklin, head of technology for Sophos in the Asia Pacific region, in a blog post.

But U.S. prosecutors have signaled that they won't be seeking extradition, and Cleary's solicitors said they would vigorously fight any such request, reported The Telegraph. "Cleary suffers from Asperger's syndrome and is on the autistic spectrum and extradition to the United States is totally undesirable," his attorney, Karen Todner, told The Telegraph.

Asperger's syndrome is a form of autism characterized by having difficulties with social interaction, and oftentimes also an affinity for obsessive or repetitive routines. Many researchers suspect that a disproportionate number of people who get arrested for hacking have Asperger's syndrome, although such a link hasn't been conclusively proven.

Politically speaking, it's likely that British leaders would want to avoid an American extradition request for Cleary, as the U.K. government has faced withering criticism for its handling of the case of another hacker, Gary McKinnon. He's been on bail in Britain since he was indicted by a U.S. federal grand jury in Virginia in 2002 on seven counts of computer-related crime for illegally accessing--although not damaging--servers owned by NASA and the Department of Defense. While McKinnon has appealed that extradition at multiple levels, including the European Court of Human Rights, he's lost all such appeals.

Under the most recent extradition treaty Britain signed with the United States, Britain retained little ability to challenge U.S. extradition requests. "In the U.K., the extradition treaty was amended recently and actually prevents a judge from reviewing the basis for extradition--you basically have to ship them off, and can't argue the facts in the U.K.," said Jeff Ifrah, an attorney who co-chairs the American Bar Association's criminal justice section and committee on white collar crime, speaking recently via phone.

Accordingly, many British commentators have accused their government of failing its citizens by signing away their right to locally contest any charges leveled against them, as well as subjecting them to potential iniquities under the U.S. justice system. In the case of McKinnon, for example, "had he been prosecuted in the U.K., as he should have been at the time, the whole matter would have been forgotten," former crime correspondent Duncan Campbell recently argued in the Guardian. "McKinnon, who has since been diagnosed with Asperger's syndrome, would have served a mild, possibly suspended, sentence."

Employees and their browsers might be the weak link in your security plan. The new, all-digital Endpoint Insecurity Dark Reading supplement shows how to strengthen them. (Free registration required.)

About the Author(s)

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights