Archive | May, 2013

4 Former LulzSec Members Sentenced To Prison Time In The UK

Use Netsparker


It’s been a while since we’ve talked about any hacking related arrests, or in this case, imprisonments. In this case, it’s some ‘ex’ members of LulzSec, for the attacks they perpetrated in 2011.

The longest of the sentences being 32 months, almost 3 years for the guy that operated and managed the botnet used in some of the LulzSec attacks.

I wonder if all these successful prosecutions can be attributed to the former LulzSec leader, Sabu, who flipped and informed for the FBI.

Four British men associated with the LulzSec hacker collective received prison sentences Thursday for their roles in cyberattacks launched by the group against corporate and government websites in 2011.

Ryan Cleary, 21, Jake Davis, 20, Ryan Ackroyd, 26, and Mustafa Al-Bassam, 18, were sentenced Thursday in London’s Southwark Crown Court after previously pleading guilty to charges of carrying out unauthorized acts with the intention of impairing the operation of computers.

Davis, who was known online as “Topiary,” received a two-year prison sentence. He acted as a spokesperson for LulzSec, writing some of the hacker group’s announcements and managing its website and Twitter account.

Ackroyd, who posed as a 16-year-old girl online and used the alias “Kayla,” received a 30-month prison sentence, while Mustafa al-Bassam, who used the online alias “T-Flow,” received a 20-month suspended prison sentence and was ordered to perform 200 hours of unpaid community work.

Cleary, who used the online alias “Viral,” received a 32-month prison sentence. He was not one of the LulzSec core members, but was associated with the group and operated a botnet that was used to launch DDoS (distributed denial-of-service) attacks against LulzSec’s targets.

LulzSec’s members went on a hacking spree between May and June 2011, targeting various companies and government agencies. They used hacking methods and tools to break into websites and leak the information found in their databases, including the personal details of thousands of users, and also launched DDoS attacks to make websites inaccessible.

The attacks carried out were fairly widespread and included major corporations as well as US and UK governmental organizations. Data was captured and leaked and large scale sustained DDoS sustained were used against prominent sites.

We are still in a fairly immature legal situation for cyberattacks, so we tend to see sentences vary a lot. I’m pretty sure these guys will end up in some cushy white collar prison rather than in with hardcore criminals.


Some of LulzSec’s targets included Sony, Nintendo, News Corp., Bethesda Game Studios, the CIA, the FBI, the Arizona State Police and the U.K.’s Serious Organised Crime Agency (SOCA).

Andrew Hadik, a lawyer with the Crown Prosecution Service (CPS) in the U.K., characterized the actions of LulzSec’s members as “cowardly and vindictive.”

“The harm they caused was foreseeable, extensive and intended,” Hadik said in a statement published on the CPS blog. “Indeed, they boasted of how clever they were with a complete disregard for the impact their actions had on real people’s lives.”

Companies suffered financial losses and serious damage to their reputations, while hundreds of thousands of innocent individuals had their private details exposed as a result of the group’s actions, he said.

Another LulzSec member named Cody Andrew Kretsinger, from Decatur, Illinois, who used the online alias “recursion,” was sentenced in April to one year in federal prison for his role in LulzSec’s attack against Sony Pictures.

Hector Xavier Monsegur, the former leader of LulzSec, known online as “Sabu,” was arrested in June 2011 and agreed to act as an informant for the FBI. Monsegur pleaded guilty to multiple hacking offenses in relation to the group’s activity and is scheduled to be sentenced in August.

It’ll be interesting to see what else turns up in the LulzSec case, today Jeremy “anarchaos” Hammond announced that he’s pleading guilty after being in prison for 15 months. He pleaded guilty because of the stacked damages figures, with the inflated figures he could face up to 30 years in prison.

Even with the plea bargain he still faces up to 10 years locked up and has agreed to pay $250,000 in restitution.

Source: Network World

Posted in: Legal Issues

Topic: Legal Issues


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


PentesterLab Review – How To Learn Penetration Testing

Use Netsparker


PentesterLab is an easy and straight forward resource on how to learn Penetration Testing with Pentesting Lab Exercises. It provides vulnerable systems in a virtual image and accompanying exercises that can be used to test and understand vulnerabilities.

PentesterLab Review - How To Learn Penetration Testing


Just decide what course you want to follow, download the course and start learning. You can easily run the course using VMware, no Internet access is required.

PentesterLab – Review

So what do they provide actually?

  • Hands-on – The only real way to learn web penetration testing is to get into it
  • Real vulnerabilities – These are not simulated theories, the exercises are based on real system flaws
  • Offline & Online – The system is available offline for both free and pro (downloadable ISO)
  • Enterprise Solution – For whole teams
  • Certificates of Completion – The online exercises support certification
  • Support – Fast replies

PentesterLab – How To Learn Penetration Testing

  • Basics of Web
  • Basics of HTTP
  • Detection of common web vulnerabilities:
    • Cross-Site Scripting
    • SQL injections
    • Directory traversal
    • Command injection
    • Code injection
    • XML attacks
    • LDAP attacks
    • File upload
  • Basics of fingerprinting

Requirements for PentesterLab

  • A computer with a virtualisation software
  • A basic understanding of HTTP
  • A basic understanding of PHP
  • Yes, that’s it!

There is also this to check out if you’re into learning more: eLearnSecurity – Online Penetration Testing Training

You can find all the Free modules here:

PentesterLab – Our Exercises – Only Free

Or read more here.

Posted in: Hacker Culture

Topic: Hacker Culture


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.