Share

Related Links

Related Stories

  • FBI’s LulzSec informant Sabu gets second stay of execution
    Hector Monsegur – aka Sabu, the former LulzSec leader turned FBI informant – was expected to be sentenced on Friday following a six month reprieve. It didn’t happen; instead he got a further six months reprieve.
  • LulzSec hacker Hammond faces 30 years
    At a bail hearing last week, Chief U.S. District Judge Loretta Preska denied bail and warned LulzSec’s Hammond that he faces a custodial sentence of 30 years.
  • LulzSec Sony Pictures hackers were school chums
    The two hackers from the nefarious cybercriminal group LulzSec arrested in conjunction with the Sony Pictures data breach have turned out to be college friends, sharing a history of cyber-research and seemingly well-meaning training in the arts of security intrusion and detection.
  • Second LulzSec member arrested over Sony hacks
    Raynaldo Rivera (aged 20), aka neuron, royal and wildicv, has been taken into custody following his indictment last week charging him with conspiracy and unauthorized impairment of a protected computer; that is, last year’s Sony hacks.
  • Imperva analyzes LulzSec’s attack tool
    In its latest Hacker Intelligence Initiative report, Imperva analyzes remote and local file inclusion (RFI/LFI) attacks as favored by LulzSec.

Top 5 Stories

News

LulzSec hacker Kresinger gets a year in prison

19 April 2013

Cody Kresinger, who pleaded guilty in April 2012 to charges of conspiracy and unauthorized impairment of a protected computer – namely, Sony Pictures Entertainment – was yesterday sentenced to one year in prison and 1000 hours community service, and further ordered to pay $605,663 in restitution.

Kresinger, known online as Recursion, was a member of LulzSec, a prolific hacking group famous for 50 days of mayhem in 2011; but now mostly serving or awaiting sentence. He was arrested and charged in September 2011. He originally claimed innocence, but in April 2012 he accepted a plea bargain for a more lenient sentence. It is not known whether that bargain involves co-operating with FBI investigations in a manner similar to the LulzSec leader, Sabu.

On 2 June 2011, LulzSec announced on Pastebin, “We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 ‘music codes’ and 3.5 million ‘music coupons’.” It added, “What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it.”

The hack was achieved with a SQL injection attack. “SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING.”

Sony’s security at the time was sadly lacking. In January this year the UK’s data protection regulator fined Sony Computer Entertainment Europe Limited £250,000 for a serious breach of the Data Protection Act, following a hack of the Sony PlayStation Network Platform in April 2011. “There’s no disguising that this is a business that should have known better,” said David Smith, deputy commissioner and director of data protection. “It is a company that trades on its technical expertise, and there’s no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe... The case is one of the most serious ever reported to us.”

Kresinger’s partner in crime against Sony Pictures, Raynaldo Rivera, has also pleaded guilty to similar charges and is awaiting sentence set for 16 May.

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×