Attacks/Breaches
10/9/2013
11:23 AM
50%
50%

LulzSec Hackers Evade Irish Jail Time

In Ireland's first-ever successful computer crime prosecution, two hackers with ties to LulzSec and Anonymous get probation and fines -- but so far no extradition to face charges in the U.S.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Two men charged by authorities in Ireland with hacking the website of one of the country's biggest political parties have been spared jail time and will have their criminal records cleared.

Darren Martyn (aka "Raepsauce"), 21, and Donncha O'Cearrbhail ("Palladium"), 20, pleaded guilty in July 2013 to hacking Irish center-right political party Fine Gael's website on January 9, 2011, stealing a copy of the site's subscriber database, publishing it on the Internet and sending it to a journalist.

According to Fine Gael, the hackers substituted the phrase "owned by Raepsauce and Palladium" for text on the website, which led to the site being down for 24 hours just seven weeks before the country's 2011 general election. Political party officials said that the resulting cleanup costs were €10,000 ($13,500), and that about 2,000 people had registered with the site, which was set up just for the election.

The two hackers were traced by the Garda -- Irish police -- fraud squad, working with the FBI. Attorneys for both men argued in court that the hack had been a stunt, and said their clients, who had no previous criminal convictions, had immediately confessed to the crime and begun working with police. The police concurred, with Detective Marion Brennan telling Judge Ann Ryan in July 2013, that it was "a stunt to embarrass a political party rather than to disclose data to the public at large," reported Ireland's Independent.

[ How far can the FBI go with suspected computer criminals? Read Stratfor Hacker: FBI Entrapment Shaped My Case. ]

Ireland's director of public prosecutions told the men they could be tried by "summary disposal," and at district court level -- where the maximum penalty would be a fine and up to 12 months in jail -- if they pleaded guilty. They did so in July, thus avoiding the prospect of facing a judge and jury, which could have led to a tougher sentence.

At their July hearing, Judge Ryan criticized the defendants for the hack, which she said was both criminal and "a terrible abuse of talent" -- though she also noted that the incident hadn't caused long-term damage, the Independent reported. Accordingly, she told the men that they would be spared a jail sentence providing they received favorable probation reports prior to their October 2013 sentencing and produced at that time the €5,000 they each owed in damages. She also said they would avoid having a criminal record.

That came to pass on Tuesday, when both men reappeared in court for their sentencing hearing with a favorable probation report and paid their portion of the fine. Half of the fine will go to a suicide prevention charity, reported Ireland's RTE News.

Both men are currently university students, with Martyn studying forensic science and analysis and O'Cearrbhail studying medicinal chemistry.

But will the two face more court appearances? Notably, both were indicted in U.S. federal court in March 2012, as part of the FBI's round-up of LulzSec and Anonymous leaders, which also included Ryan Ackroyd (aka Kayla) and Jake Davis (aka Topiary).

The indictment accused Martyn and O'Cearrbhail of having been behind hacks of a number of sites, including HBGary, Fox Broadcasting Company and Sony Pictures, as well as the Fine Gael site.

According to court documents, O'Cearrbhail also hacked into a Garda cybercrime investigator's iCloud account, which was linked to his Gmail account, from which O'Cearrbhail saw a message containing dial-in credentials for a January 17, 2012, conference call between the FBI and overseas cybercrime investigators as part of their ongoing investigations into LulzSec and Anonymous. According to the indictment, O'Cearrbhail surreptitiously recorded the conference call and distributed it to LulzSec leader "Sabu" (Hector Xavier Monsegur), who had secretly turned FBI informant after being arrested in June 2011.

That indictment was later expanded to include Jeremy Hammond, who subsequently pleaded guilty to hacking the site of private intelligence service Stratfor. He later claimed that some of his hacking activities had resulted from being entrapped by Sabu.

Is the U.S. case against Martyn and O'Cearrbhail continuing? Martyn's solicitor, Matthew Kenny, couldn't immediately be reached for comment, while O'Cearrbhail's solicitor, Eugene Dunne, declined to discuss any aspects of case when reached by phone.

The Garda likewise declined to comment. Asked about the status of the U.S. federal indictment against the Irish men, a Garda spokesman said via email, "We do not comment on named individuals."

A spokesman for the Department of Justice, meanwhile, couldn't be reached for comment. A phone call to the agency's Office of Public Affairs reached only an outgoing message stating that in the event of a "lapse in appropriations ... this message will be listened to and responded to upon a funding restoration."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-4720
Published: 2014-12-27
Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a denial of service (daemon crash) via a long filename in a (1) RRQ or (2) WRQ operation.

CVE-2012-1203
Published: 2014-12-27
Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts via a save_user action.

CVE-2013-4663
Published: 2014-12-27
git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function.

CVE-2013-4793
Published: 2014-12-27
The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request.

CVE-2013-5958
Published: 2014-12-27
The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a si...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.