Four members of the LulzSec hacker community have pleaded guilty in a British court to charges of hacking into the computer systems of various organizations, including Sony, PBS, the Arizona State Police, and HB Gary.
Ryan Ackroyd, whose LulzSec handle was “Kayla,” on Tuesday was the last to enter his guilty plea. He joins Jake Davis, whose handle was “Topiary,” Mustafa al-Bassam, also known as “tflow,” and Ryan Cleary.
LulzSec, which in June 2011 announced that it would target any government or agency that crossed its path in what became known as the AntiSec Manifesto, has been lying low since its top members were arrested in the U.S., the UK and Ireland in June 2012.
Charges Against the LulzSec Members
Ackroyd had admitted to participating in hacks against several companies, but the prosecution decided not to proceed with charges of conspiracy to perform distributed denial of service (DDOS) attacks against targets including Sony, Eve Online, the CIA and News International. However, these charges have been kept on file.
Davis and al-Bassam had previously pled guilty to both sets of charges. Cleary had been charged with these crimes as well as four others: constructing a botnet, making the botnet available for others, hacking into computers operated by the U.S. Air Force, and performing a distributed denial of service attack against DreamHost. He pleaded guilty to all four last year.
Two more charges against all four defendants of encouraging or assisting acts of fraud and computer misuse by publishing information on websites and The Pirate Bay were left on file after their guilty pleas.
The defendants will be sentenced May 14 at the Southwark Crown Court in London. They face a maximum sentence of 10 years, and are expected to be sentenced to 2-3 years.
Perhaps the best-known of LulzSec’s targets is Sony, whose PlayStation network and other sites were repeatedly hacked. User anger at the leaks and associated issues led to a demand for an explanation by former U.S. Representative Mary Bono Mack.
The CIA and News Corp. were among LulzSec’s other victims, but the hacker community focused more on governments and agencies in keeping with its 2011 manifesto.
Sympathy For The Devil
The security community is divided in its response to LulzSec.
“These attacks … were quite damaging both in terms of financial impact and in terms of damage caused, where personal data and accounts of individuals were made public,” Marty Meyer, president of Corero Network Security, told TechNewsWorld. That is why the UK pursued these convictions.
“LulzSec were by far the most damaging of any hacktivist group to date,” added Ken Baylor, a research vice president at NSS Labs.
While agreeing that most attacks “either made sites inaccessible via DDoS attacks, exfiltrated account information and/or defaced websites,” Dave Amsler, president and CIO of Foreground Securityargues that these effects are “much less damaging than destruction of data.”
The damage could have been “a lot worse,” Amsler told TechNewsWorld. “In a few cases, it seems LulzSec alerted the targeted companies to security vulnerabilities before details were made public.”
“The full extent of the damage will never be known,” Randy Abrams, a research director at NSS Labs, told TechNewsWorld. On the other hand, some of the security improvements that followed on as a result of the attack “were desperately needed, but probably would have been shirked for a very long time. In those cases the net may have been a savings if increased security prevented the loss of IP from a company such as Sony.”
Is LulzSec Dead, or Just Asleep?
The arrest and trial of its leading members “has sobered up hacktivism and caused many [hacktivists] to flee,” Baylor told TechNewsWorld.
However, the hacker problem will not go away, contends Dodi Glenn, director of AV labs at ThreatTrack Security. “Think of this as a large drug bust. Just because some kingpins were caught doesn’t mean the entire organization will fall.”
For example, LulzSec’s sister organization Anonymous recently attacked North Korea’s Twitter and Flickr accounts, and is currently attacking Israeli-based websites, Glenn noted.
“The Internet is such a large ecosystem,” he added, “that stopping one or two individuals will not cause a direct decline in the attacks being delivered.”