4 Former LulzSec Members Sentenced To Prison Time In The UK

Use Netsparker


It’s been a while since we’ve talked about any hacking related arrests, or in this case, imprisonments. In this case, it’s some ‘ex’ members of LulzSec, for the attacks they perpetrated in 2011.

The longest of the sentences being 32 months, almost 3 years for the guy that operated and managed the botnet used in some of the LulzSec attacks.

I wonder if all these successful prosecutions can be attributed to the former LulzSec leader, Sabu, who flipped and informed for the FBI.

Four British men associated with the LulzSec hacker collective received prison sentences Thursday for their roles in cyberattacks launched by the group against corporate and government websites in 2011.

Ryan Cleary, 21, Jake Davis, 20, Ryan Ackroyd, 26, and Mustafa Al-Bassam, 18, were sentenced Thursday in London’s Southwark Crown Court after previously pleading guilty to charges of carrying out unauthorized acts with the intention of impairing the operation of computers.

Davis, who was known online as “Topiary,” received a two-year prison sentence. He acted as a spokesperson for LulzSec, writing some of the hacker group’s announcements and managing its website and Twitter account.

Ackroyd, who posed as a 16-year-old girl online and used the alias “Kayla,” received a 30-month prison sentence, while Mustafa al-Bassam, who used the online alias “T-Flow,” received a 20-month suspended prison sentence and was ordered to perform 200 hours of unpaid community work.

Cleary, who used the online alias “Viral,” received a 32-month prison sentence. He was not one of the LulzSec core members, but was associated with the group and operated a botnet that was used to launch DDoS (distributed denial-of-service) attacks against LulzSec’s targets.

LulzSec’s members went on a hacking spree between May and June 2011, targeting various companies and government agencies. They used hacking methods and tools to break into websites and leak the information found in their databases, including the personal details of thousands of users, and also launched DDoS attacks to make websites inaccessible.

The attacks carried out were fairly widespread and included major corporations as well as US and UK governmental organizations. Data was captured and leaked and large scale sustained DDoS sustained were used against prominent sites.

We are still in a fairly immature legal situation for cyberattacks, so we tend to see sentences vary a lot. I’m pretty sure these guys will end up in some cushy white collar prison rather than in with hardcore criminals.


Some of LulzSec’s targets included Sony, Nintendo, News Corp., Bethesda Game Studios, the CIA, the FBI, the Arizona State Police and the U.K.’s Serious Organised Crime Agency (SOCA).

Andrew Hadik, a lawyer with the Crown Prosecution Service (CPS) in the U.K., characterized the actions of LulzSec’s members as “cowardly and vindictive.”

“The harm they caused was foreseeable, extensive and intended,” Hadik said in a statement published on the CPS blog. “Indeed, they boasted of how clever they were with a complete disregard for the impact their actions had on real people’s lives.”

Companies suffered financial losses and serious damage to their reputations, while hundreds of thousands of innocent individuals had their private details exposed as a result of the group’s actions, he said.

Another LulzSec member named Cody Andrew Kretsinger, from Decatur, Illinois, who used the online alias “recursion,” was sentenced in April to one year in federal prison for his role in LulzSec’s attack against Sony Pictures.

Hector Xavier Monsegur, the former leader of LulzSec, known online as “Sabu,” was arrested in June 2011 and agreed to act as an informant for the FBI. Monsegur pleaded guilty to multiple hacking offenses in relation to the group’s activity and is scheduled to be sentenced in August.

It’ll be interesting to see what else turns up in the LulzSec case, today Jeremy “anarchaos” Hammond announced that he’s pleading guilty after being in prison for 15 months. He pleaded guilty because of the stacked damages figures, with the inflated figures he could face up to 30 years in prison.

Even with the plea bargain he still faces up to 10 years locked up and has agreed to pay $250,000 in restitution.

Source: Network World

Posted in: Legal Issues


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


Comments are closed.