Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

LulzSec hacker Kresinger gets a year in prison

Kresinger, known online as Recursion, was a member of LulzSec, a prolific hacking group famous for 50 days of mayhem in 2011; but now mostly serving or awaiting sentence. He was arrested and charged in September 2011. He originally claimed innocence, but in April 2012 he accepted a plea bargain for a more lenient sentence. It is not known whether that bargain involves co-operating with FBI investigations in a manner similar to the LulzSec leader, Sabu.

On 2 June 2011, LulzSec announced on Pastebin, “We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 ‘music codes’ and 3.5 million ‘music coupons’.” It added, “What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it.”

The hack was achieved with a SQL injection attack. “SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING.”

Sony’s security at the time was sadly lacking. In January this year the UK’s data protection regulator fined Sony Computer Entertainment Europe Limited £250,000 for a serious breach of the Data Protection Act, following a hack of the Sony PlayStation Network Platform in April 2011. “There’s no disguising that this is a business that should have known better,” said David Smith, deputy commissioner and director of data protection. “It is a company that trades on its technical expertise, and there’s no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe... The case is one of the most serious ever reported to us.”

Kresinger’s partner in crime against Sony Pictures, Raynaldo Rivera, has also pleaded guilty to similar charges and is awaiting sentence set for 16 May.

What’s Hot on Infosecurity Magazine?