Archive | May, 2013

4 Former LulzSec Members Sentenced To Prison Time In The UK

Keep on Guard!


It’s been a while since we’ve talked about any hacking related arrests, or in this case, imprisonments. In this case, it’s some ‘ex’ members of LulzSec, for the attacks they perpetrated in 2011.

The longest of the sentences being 32 months, almost 3 years for the guy that operated and managed the botnet used in some of the LulzSec attacks.

I wonder if all these successful prosecutions can be attributed to the former LulzSec leader, Sabu, who flipped and informed for the FBI.

Four British men associated with the LulzSec hacker collective received prison sentences Thursday for their roles in cyberattacks launched by the group against corporate and government websites in 2011.

Ryan Cleary, 21, Jake Davis, 20, Ryan Ackroyd, 26, and Mustafa Al-Bassam, 18, were sentenced Thursday in London’s Southwark Crown Court after previously pleading guilty to charges of carrying out unauthorized acts with the intention of impairing the operation of computers.

Davis, who was known online as “Topiary,” received a two-year prison sentence. He acted as a spokesperson for LulzSec, writing some of the hacker group’s announcements and managing its website and Twitter account.

Ackroyd, who posed as a 16-year-old girl online and used the alias “Kayla,” received a 30-month prison sentence, while Mustafa al-Bassam, who used the online alias “T-Flow,” received a 20-month suspended prison sentence and was ordered to perform 200 hours of unpaid community work.

Cleary, who used the online alias “Viral,” received a 32-month prison sentence. He was not one of the LulzSec core members, but was associated with the group and operated a botnet that was used to launch DDoS (distributed denial-of-service) attacks against LulzSec’s targets.

LulzSec’s members went on a hacking spree between May and June 2011, targeting various companies and government agencies. They used hacking methods and tools to break into websites and leak the information found in their databases, including the personal details of thousands of users, and also launched DDoS attacks to make websites inaccessible.

The attacks carried out were fairly widespread and included major corporations as well as US and UK governmental organizations. Data was captured and leaked and large scale sustained DDoS sustained were used against prominent sites.

We are still in a fairly immature legal situation for cyberattacks, so we tend to see sentences vary a lot. I’m pretty sure these guys will end up in some cushy white collar prison rather than in with hardcore criminals.


Some of LulzSec’s targets included Sony, Nintendo, News Corp., Bethesda Game Studios, the CIA, the FBI, the Arizona State Police and the U.K.’s Serious Organised Crime Agency (SOCA).

Andrew Hadik, a lawyer with the Crown Prosecution Service (CPS) in the U.K., characterized the actions of LulzSec’s members as “cowardly and vindictive.”

“The harm they caused was foreseeable, extensive and intended,” Hadik said in a statement published on the CPS blog. “Indeed, they boasted of how clever they were with a complete disregard for the impact their actions had on real people’s lives.”

Companies suffered financial losses and serious damage to their reputations, while hundreds of thousands of innocent individuals had their private details exposed as a result of the group’s actions, he said.

Another LulzSec member named Cody Andrew Kretsinger, from Decatur, Illinois, who used the online alias “recursion,” was sentenced in April to one year in federal prison for his role in LulzSec’s attack against Sony Pictures.

Hector Xavier Monsegur, the former leader of LulzSec, known online as “Sabu,” was arrested in June 2011 and agreed to act as an informant for the FBI. Monsegur pleaded guilty to multiple hacking offenses in relation to the group’s activity and is scheduled to be sentenced in August.

It’ll be interesting to see what else turns up in the LulzSec case, today Jeremy “anarchaos” Hammond announced that he’s pleading guilty after being in prison for 15 months. He pleaded guilty because of the stacked damages figures, with the inflated figures he could face up to 30 years in prison.

Even with the plea bargain he still faces up to 10 years locked up and has agreed to pay $250,000 in restitution.

Source: Network World


Posted in: Legal Issues

Tags: , , , , , , , , , , , , , ,

Posted in: Legal Issues | Add a Comment
Recent in Legal Issues:
- UK Teen Earned More Than US$385,000 From DDoS Service
- Massive Yahoo Hack – 500 Million Accounts Compromised
- Two Israeli Men Arrested For Running VDoS-s.com DDoS Service

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,757 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,707 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,642 views


PentesterLab.com – Excercises To Learn Penetration Testing

Outsmart Malicious Hackers


PentesterLab is an easy and straight forwards way to learn the basics of penetration testing. It provides vulnerable systems in a virtual image, and accompanying exercises that can be used to test and understand vulnerabilities.

Just decide what course you want to follow, download the course and start learning. You can easily run the course using VMware, no Internet access is required.

PentesterLab.com

What will you learn?

  • Basics of Web
  • Basics of HTTP
  • Detection of common web vulnerabilities:
    • Cross-Site Scripting
    • SQL injections
    • Directory traversal
    • Command injection
    • Code injection
    • XML attacks
    • LDAP attacks
    • File upload
  • Basics of fingerprinting

Requirements

  • A computer with a virtualisation software
  • A basic understanding of HTTP
  • A basic understanding of PHP
  • Yes, that’s it!

You can download the materials and ISO images here:

web_for_pentester.pdf (2.4M)
web_for_pentester.iso (64-bit, 175M, MD5: f6e0df10de6d410293ba7a838d31f917)
web_for_pentester_i386.iso (32-bit, 172M, MD5: 5e6cdf5fa3356a4c08b34ccd076a63ae)

Or read more here.


Posted in: General Hacking

Tags: , , , , , , ,

Posted in: General Hacking | Add a Comment
Recent in General Hacking:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,173,719 views
- Hack Tools/Exploits - 634,476 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 438,693 views