Attacks/Breaches
6/13/2013
01:08 PM
50%
50%

LulzSec Hacker Ryan Cleary To Be Released

Release comes despite being convicted of possessing child porn images and serving only a portion of his sentence, leading hackers to suggest he's working with authorities.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Convicted LulzSec hacker Ryan Cleary, 21, is set to be released "imminently" after appearing Wednesday in a London courtroom for sentencing relating to charges that he made and possessed 172 indecent images of children on his PC.

"Some of these images showed children aged as young as six months old in circumstances where they were completely vulnerable," Judge Deborah Taylor told Cleary, reported The Independent in Britain. "These images were such as would make any right-minded person concerned at you viewing such images."

Cleary, aka Viral, previously pleaded guilty to two charges of making indecent images of children and one charge of possessing indecent images of children. Taylor said Wednesday that although U.K. sentencing guidelines required incarceration for the offenses to which Cleary had plead guilty, "time has been served in any event."

[ For the latest on NSA whistle blower Edward Snowden, see Snowden Says U.S. Hacking Chinese Civilians Since 2009. ]

Based on time served, his pleading guilty to all charges filed against him and agreeing to wear an electronic device that will monitor his location, Cleary received a three-year community service order, which requires that he work in the community without pay. He also received a 36-month supervision order, which is akin to probation and requires that Cleary meet weekly with his probation officer. Finally, Cleary was ordered to sign the U.K.'s Violent and Sex Offender Register, which is a database used by police and prison officials to track people convicted of related offenses.

Cleary previously appeared in court last month, when he was sentenced to 32 months in prison, followed by a five-year serious crime prevention order that can be used to restrict where he's allowed to travel and which jobs he'll be allowed to work.

Also sentenced in May were fellow LulzSec participants Jake Davis (Topiary), Mustafa al-Bassam (Tflow) and Ryan Ackroyd (Kayla). Together with Cleary, they pleaded guilty to charges of hacking a number of sites, including the CIA, Britain's Serious Organized Crime Agency (SOCA) and National Health Service (NHS), and Sony Pictures Entertainment, as well as leaking the credit card data and personal information of hundreds of thousands of people. Cleary also pleaded guilty to launching numerous distributed denial of service (DDoS) attacks under the banners of Anonymous, Internet Feds and LulzSec.

British police said the attacks in which Cleary participated caused an estimated $31 million in damages.

British police said that when they arrested Cleary at his home on June 20, 2011, they found him in the middle of launching a DDoS attack against the website of SOCA, which was conducting a joint investigation with the FBI into the activities of LulzSec, Anonymous and AntiSec.

Clearly was first arrested in 2011 and released on bail, subject to his refraining from using the Internet. He was re-arrested on bail violation charges on March 5, 2012, for going online in December 2011 to contact LulzSec leader Sabu. The day after Cleary's arrest, federal officials revealed that in June 2011, Sabu -- real name Hector Xavier Monsegur -- had been arrested and turned confidential government informant, and was helping the FBI investigate hackers and information security attacks.

The news of Cleary's imminent release after serving less than his full jail sentence has led some members of Anonymous to accuse him of having cut a deal with authorities, although no evidence has been produced to back up that assertion. "Anyone who gets away with child porn charges is obviously collaborating with the feds," according to a post by "ro0ted" to the pro-Anonymous CyberGuerilla blog.

Cleary's legal troubles might not be over, as he was indicted last year by a Los Angeles federal grand jury on hacking charges. But his attorney, Karen Todner, said last year that U.S. prosecutors had indicated that they wouldn't be seeking his extradition. Furthermore, if that changed, she said her client would fight any such request. "Cleary suffers from Asperger's syndrome and is on the autistic spectrum and extradition to the United States is totally undesirable," she said.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7402
Published: 2014-12-17
Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request.

CVE-2014-5437
Published: 2014-12-17
Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php,...

CVE-2014-5438
Published: 2014-12-17
Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php.

CVE-2014-7170
Published: 2014-12-17
Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

CVE-2014-7285
Published: 2014-12-17
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.