Four men who took part in a significant number of cyber attacks on the likes of the NHS, Sony and the CIA received stern sentences today, following a lengthy trial into the activities of hacktivist crew LulzSec.
News International and the UK Serious Organised Crime Agency (SOCA) were also hit by the hackers, who thought they were “latter-day pirates”, according to prosecutors speaking yesterday.
Tough sentences for LulzSec
Ryan Cleary, who was affiliated with LulzSec but not believed to be a leader, received the toughest sentence, with 32 months in prison. He let LulzSec members use his botnet to carry out distributed denial of service (DDoS) attacks.
Cleary is also due to be sentenced over indecent images of children found on his computer at a later date.
Ryan Ackroyd received a 30-month sentence for his part in researching and executing many attacks.
Jake Davis, the spokesperson of LulzSec, is to serve 24 months in young offenders’ institution, whilst Mustafa Al-Bassamwas, who researched vulnerabilities for the attacks, was handed a 20-month suspended sentence of two years and 300 hours unpaid work.
It is believed US law enforcement are keen to have some of the men extradited to face charges on US soil. However, Cleary’s legal team issued the following statement: “We believe the pleas that were entered today do cover all aspects of Mr Cleary’s criminality and therefore we do not anticipate that he will be in receipt of an application for extradition from the United States of America.”
The notice, from Karen Todner Solicitors, also noted Cleary suffered from Aspergers Syndrome, but added he “does not seek to excuse his behaviour”.
No laughing matter
Charlie McMurdie, head of the Police Central e-Crime Unit, which carried out the investigation into the hackers alongside the FBI, said LulzSec had been “running riot, causing significant harm to businesses and people”.
“Theirs was an unusual campaign in that it was more about promoting their own criminal behaviour than any form of personal financial profit,” added McMurdie, who is soon to retire from the force.
“In essence, they were the worst sort of vandal – acting without care of cost or harm to those they affected, whether that was to cause a company to fold and so costing people their jobs, or to put at threat the thousands of innocent Internet users whose logins and passwords they made public.
“They claimed to be doing it for ‘a laugh’ but real people were affected by their actions. Today’s convictions should serve as a deterrent to others who use the Internet to commit cyber attacks.”
This might not be the denouement to the LulzSec saga, however, as hackers are threatening to take revenge. According to Sophos’ Graham Cluley, before the sentences were announced today, a group using the Twitter handle @LulzSecWiki said courts “could be in for ‘fun’” depending on their decision.