Attacks/Breaches
10/9/2013
11:23 AM
Connect Directly
RSS
E-Mail
50%
50%

LulzSec Hackers Evade Irish Jail Time

In Ireland's first-ever successful computer crime prosecution, two hackers with ties to LulzSec and Anonymous get probation and fines -- but so far no extradition to face charges in the U.S.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Two men charged by authorities in Ireland with hacking the website of one of the country's biggest political parties have been spared jail time and will have their criminal records cleared.

Darren Martyn (aka "Raepsauce"), 21, and Donncha O'Cearrbhail ("Palladium"), 20, pleaded guilty in July 2013 to hacking Irish center-right political party Fine Gael's website on January 9, 2011, stealing a copy of the site's subscriber database, publishing it on the Internet and sending it to a journalist.

According to Fine Gael, the hackers substituted the phrase "owned by Raepsauce and Palladium" for text on the website, which led to the site being down for 24 hours just seven weeks before the country's 2011 general election. Political party officials said that the resulting cleanup costs were €10,000 ($13,500), and that about 2,000 people had registered with the site, which was set up just for the election.

The two hackers were traced by the Garda -- Irish police -- fraud squad, working with the FBI. Attorneys for both men argued in court that the hack had been a stunt, and said their clients, who had no previous criminal convictions, had immediately confessed to the crime and begun working with police. The police concurred, with Detective Marion Brennan telling Judge Ann Ryan in July 2013, that it was "a stunt to embarrass a political party rather than to disclose data to the public at large," reported Ireland's Independent.

[ How far can the FBI go with suspected computer criminals? Read Stratfor Hacker: FBI Entrapment Shaped My Case. ]

Ireland's director of public prosecutions told the men they could be tried by "summary disposal," and at district court level -- where the maximum penalty would be a fine and up to 12 months in jail -- if they pleaded guilty. They did so in July, thus avoiding the prospect of facing a judge and jury, which could have led to a tougher sentence.

At their July hearing, Judge Ryan criticized the defendants for the hack, which she said was both criminal and "a terrible abuse of talent" -- though she also noted that the incident hadn't caused long-term damage, the Independent reported. Accordingly, she told the men that they would be spared a jail sentence providing they received favorable probation reports prior to their October 2013 sentencing and produced at that time the €5,000 they each owed in damages. She also said they would avoid having a criminal record.

That came to pass on Tuesday, when both men reappeared in court for their sentencing hearing with a favorable probation report and paid their portion of the fine. Half of the fine will go to a suicide prevention charity, reported Ireland's RTE News.

Both men are currently university students, with Martyn studying forensic science and analysis and O'Cearrbhail studying medicinal chemistry.

But will the two face more court appearances? Notably, both were indicted in U.S. federal court in March 2012, as part of the FBI's round-up of LulzSec and Anonymous leaders, which also included Ryan Ackroyd (aka Kayla) and Jake Davis (aka Topiary).

The indictment accused Martyn and O'Cearrbhail of having been behind hacks of a number of sites, including HBGary, Fox Broadcasting Company and Sony Pictures, as well as the Fine Gael site.

According to court documents, O'Cearrbhail also hacked into a Garda cybercrime investigator's iCloud account, which was linked to his Gmail account, from which O'Cearrbhail saw a message containing dial-in credentials for a January 17, 2012, conference call between the FBI and overseas cybercrime investigators as part of their ongoing investigations into LulzSec and Anonymous. According to the indictment, O'Cearrbhail surreptitiously recorded the conference call and distributed it to LulzSec leader "Sabu" (Hector Xavier Monsegur), who had secretly turned FBI informant after being arrested in June 2011.

That indictment was later expanded to include Jeremy Hammond, who subsequently pleaded guilty to hacking the site of private intelligence service Stratfor. He later claimed that some of his hacking activities had resulted from being entrapped by Sabu.

Is the U.S. case against Martyn and O'Cearrbhail continuing? Martyn's solicitor, Matthew Kenny, couldn't immediately be reached for comment, while O'Cearrbhail's solicitor, Eugene Dunne, declined to discuss any aspects of case when reached by phone.

The Garda likewise declined to comment. Asked about the status of the U.S. federal indictment against the Irish men, a Garda spokesman said via email, "We do not comment on named individuals."

A spokesman for the Department of Justice, meanwhile, couldn't be reached for comment. A phone call to the agency's Office of Public Affairs reached only an outgoing message stating that in the event of a "lapse in appropriations ... this message will be listened to and responded to upon a funding restoration."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant