Attacks/Breaches
8/31/2012
10:51 AM
Connect Directly
RSS
E-Mail
50%
50%

Accused LulzSec Hackers Attended College Together

The two students accused of Sony Pictures hack participated in Cyber Defense Competition team exercises at the University of Advanced Technology in Arizona.

Who Is Anonymous: 10 Key Facts
Who Is Anonymous: 10 Key Facts
(click image for larger view and for slideshow)
Two men who've been arrested on charges that they hacked into the website of Sony Pictures Entertainment and posted stolen data studied together at the same university, and they also participated on the university's team for the Cyber Defense Competition held in March 2011, according to a former co-captain of the team.

The attack against the Sony Pictures Entertainment website and subsequent data leakage was carried out under the banner of LulzSec--a.k.a. Lulz Security--between May 27 and June 2, 2011, by hackers using the handles "Recursion" and "Neuron." According to court documents, the attackers used a VPN service in an attempt to mask their activities, and later boasted of having compromised the Sony website by using a single SQL-injection attack.

An indictment unsealed in September 2011 charged Cody Kretsinger, then 23, with being Recursion. After entering a not-guilty plea, Kretsinger pled guilty to all of the charges against him, and is due to be sentenced on October 25.

This week, meanwhile, the FBI announced the arrest of Raynaldo Rivera, 20, after he was recently indicted by a federal grand jury on charges of conspiracy and the unauthorized impairment of a protected computer. The indictment accused him of being Neuron, and singled him out for having posted part of the customer data stolen from the Sony website.

[ Want to hear top execs from Google, Ford, P&G, General Motors, and SAP discuss enterprise innovation? Join us at the IW 500 Conference Sept. 9 to 11. ]

Both men were arrested in Phoenix, and it turns out that at the time of the attacks against Sony, both men were students at University of Advancing Technology (UAT) in Tempe, Ariz., and either members of--or practiced with--the UAT team that competed in the three-day Western Regional Collegiate Cyber Defense Competition in March 2011.

UAT didn't immediately respond to a request for comment, emailed outside of working hours, on Rivera's connection with the university. But according to news reports, Kretsinger began pursuing a network-security degree at UAT in August 210, and in July 2011 was named as student of the month, saying that "a job with the NSA or Department of Defense is my ultimate dream."

According to Steve Durham--who uses the handle "Yawg"--and who co-captained the 2011 Collegiate Cyber Defense Competition team with the university, Kretsinger was the team's Cisco administrator, while Rivera volunteered as a member of the Red team against which the university's team practiced.

According to a news story about the 2011 Cyber Defense Competition published on the UAT website, the school's 11-strong team placed third out of six universities, and while at the conference students enjoyed "face-time with network security professionals from companies like Boeing, CIA and BlackBag Technologies for potential jobs and internships."

At the competition, team members "acted as a Blue team to restore services to a fictional, vulnerable enterprise--in this case, the United States Security and Exchange Commission," according to the UAT story. "Contestants had computers and network equipment at their disposal to create a backup data response center to protect data and reestablish communications and IT services."

Meanwhile, the Blue team was directly challenged by "network attacks from Red team cyber terrorists and theoretical physical threats," it said. "The students worked around the clock to counter hacker threats--including an undetected programmed script that changed passwords--and reintroduce components like email amenities via injections. Teams were judged based on their timeliness to solve problems."

To be clear, Durham said he has no idea that Kretsinger or Rivera might be committing any illegal activities. "I mean, I had a good idea that they did things like this for fun (I cannot confirm or deny that a majority of netsec students everywhere, not just [at] UAT, partake in activities like this on some level), but never imagined it would be something this big," he said via email.

(In a follow-up comment after this story was published, Durham wanted to be clear that he wasn't suggesting that such behavior was condoned or acceptable. "I am no way insinuating that netsec students perform illegal activities like this for fun," he said via email. "There are a plethora of legitimate places to practice and toy with SQL injections and other hacking methodologies in an open manner [such as] www.hackthissite.org.")

Between January and May 2011, Durham said he and Kretsinger "talked about things like SQL injection, proxies, exploits and social engineering when we took our smoke breaks (as far as I can recall it was just Cody and I smoking while the red team we practiced with would join us)."

Meanwhile, in a screen grab of a Facebook page shared by Durham, Rivera introduced himself to the UAT Network Security Students group on October 19, 2010, with the following message: "O hi im Royal and im a addict. Im probably going to be the first one arrested at uat for computer related crimes."

"Looks like he was off by one," said Durham.

InformationWeek has published a report on backing up VM disk files and building a resilient infrastructure that can tolerate hardware and software failures. After all, what's the point of constructing a virtualized infrastructure without a plan to keep systems up and running in case of a glitch--or outright disaster? Download our Virtually Protected report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
9/2/2012 | 3:39:24 PM
re: Accused LulzSec Hackers Attended College Together
I will say that I have had several professors in my information security courses tell the class on several occasions that we are to use our powers for good and not evil. I guess these guys didn't have the same professors as I did. They should have realized that once you out something out there in the web it can never be taken back, I am referring to comments and bragging. If you are by any means going to commit a crime and then brag and put it openly, expect to get caught and thrown in jail for breaking the law and lacking common sense.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

CVE-2012-5702
Published: 2014-10-21
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to i...

CVE-2013-7406
Published: 2014-10-21
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2531
Published: 2014-10-21
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) R...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.