Attacks/Breaches
8/31/2012
10:51 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Accused LulzSec Hackers Attended College Together

The two students accused of Sony Pictures hack participated in Cyber Defense Competition team exercises at the University of Advanced Technology in Arizona.

Who Is Anonymous: 10 Key Facts
Who Is Anonymous: 10 Key Facts
(click image for larger view and for slideshow)
Two men who've been arrested on charges that they hacked into the website of Sony Pictures Entertainment and posted stolen data studied together at the same university, and they also participated on the university's team for the Cyber Defense Competition held in March 2011, according to a former co-captain of the team.

The attack against the Sony Pictures Entertainment website and subsequent data leakage was carried out under the banner of LulzSec--a.k.a. Lulz Security--between May 27 and June 2, 2011, by hackers using the handles "Recursion" and "Neuron." According to court documents, the attackers used a VPN service in an attempt to mask their activities, and later boasted of having compromised the Sony website by using a single SQL-injection attack.

An indictment unsealed in September 2011 charged Cody Kretsinger, then 23, with being Recursion. After entering a not-guilty plea, Kretsinger pled guilty to all of the charges against him, and is due to be sentenced on October 25.

This week, meanwhile, the FBI announced the arrest of Raynaldo Rivera, 20, after he was recently indicted by a federal grand jury on charges of conspiracy and the unauthorized impairment of a protected computer. The indictment accused him of being Neuron, and singled him out for having posted part of the customer data stolen from the Sony website.

[ Want to hear top execs from Google, Ford, P&G, General Motors, and SAP discuss enterprise innovation? Join us at the IW 500 Conference Sept. 9 to 11. ]

Both men were arrested in Phoenix, and it turns out that at the time of the attacks against Sony, both men were students at University of Advancing Technology (UAT) in Tempe, Ariz., and either members of--or practiced with--the UAT team that competed in the three-day Western Regional Collegiate Cyber Defense Competition in March 2011.

UAT didn't immediately respond to a request for comment, emailed outside of working hours, on Rivera's connection with the university. But according to news reports, Kretsinger began pursuing a network-security degree at UAT in August 210, and in July 2011 was named as student of the month, saying that "a job with the NSA or Department of Defense is my ultimate dream."

According to Steve Durham--who uses the handle "Yawg"--and who co-captained the 2011 Collegiate Cyber Defense Competition team with the university, Kretsinger was the team's Cisco administrator, while Rivera volunteered as a member of the Red team against which the university's team practiced.

According to a news story about the 2011 Cyber Defense Competition published on the UAT website, the school's 11-strong team placed third out of six universities, and while at the conference students enjoyed "face-time with network security professionals from companies like Boeing, CIA and BlackBag Technologies for potential jobs and internships."

At the competition, team members "acted as a Blue team to restore services to a fictional, vulnerable enterprise--in this case, the United States Security and Exchange Commission," according to the UAT story. "Contestants had computers and network equipment at their disposal to create a backup data response center to protect data and reestablish communications and IT services."

Meanwhile, the Blue team was directly challenged by "network attacks from Red team cyber terrorists and theoretical physical threats," it said. "The students worked around the clock to counter hacker threats--including an undetected programmed script that changed passwords--and reintroduce components like email amenities via injections. Teams were judged based on their timeliness to solve problems."

To be clear, Durham said he has no idea that Kretsinger or Rivera might be committing any illegal activities. "I mean, I had a good idea that they did things like this for fun (I cannot confirm or deny that a majority of netsec students everywhere, not just [at] UAT, partake in activities like this on some level), but never imagined it would be something this big," he said via email.

(In a follow-up comment after this story was published, Durham wanted to be clear that he wasn't suggesting that such behavior was condoned or acceptable. "I am no way insinuating that netsec students perform illegal activities like this for fun," he said via email. "There are a plethora of legitimate places to practice and toy with SQL injections and other hacking methodologies in an open manner [such as] www.hackthissite.org.")

Between January and May 2011, Durham said he and Kretsinger "talked about things like SQL injection, proxies, exploits and social engineering when we took our smoke breaks (as far as I can recall it was just Cody and I smoking while the red team we practiced with would join us)."

Meanwhile, in a screen grab of a Facebook page shared by Durham, Rivera introduced himself to the UAT Network Security Students group on October 19, 2010, with the following message: "O hi im Royal and im a addict. Im probably going to be the first one arrested at uat for computer related crimes."

"Looks like he was off by one," said Durham.

InformationWeek has published a report on backing up VM disk files and building a resilient infrastructure that can tolerate hardware and software failures. After all, what's the point of constructing a virtualized infrastructure without a plan to keep systems up and running in case of a glitch--or outright disaster? Download our Virtually Protected report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Apprentice
9/2/2012 | 3:39:24 PM
re: Accused LulzSec Hackers Attended College Together
I will say that I have had several professors in my information security courses tell the class on several occasions that we are to use our powers for good and not evil. I guess these guys didn't have the same professors as I did. They should have realized that once you out something out there in the web it can never be taken back, I am referring to comments and bragging. If you are by any means going to commit a crime and then brag and put it openly, expect to get caught and thrown in jail for breaking the law and lacking common sense.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6212
Published: 2014-04-19
Unspecified vulnerability in HP Database and Middleware Automation 10.0, 10.01, 10.10, and 10.20 before 10.20.100 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2013-6215
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 10.01 and 10.10 allows remote authenticated users to execute arbitrary code via unknown vectors, aka ZDI-CAN-1977.

CVE-2013-6218
Published: 2014-04-19
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors.

Best of the Web