Attacks/Breaches
10/9/2013
11:23 AM
Connect Directly
RSS
E-Mail
50%
50%

LulzSec Hackers Evade Irish Jail Time

In Ireland's first-ever successful computer crime prosecution, two hackers with ties to LulzSec and Anonymous get probation and fines -- but so far no extradition to face charges in the U.S.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Two men charged by authorities in Ireland with hacking the website of one of the country's biggest political parties have been spared jail time and will have their criminal records cleared.

Darren Martyn (aka "Raepsauce"), 21, and Donncha O'Cearrbhail ("Palladium"), 20, pleaded guilty in July 2013 to hacking Irish center-right political party Fine Gael's website on January 9, 2011, stealing a copy of the site's subscriber database, publishing it on the Internet and sending it to a journalist.

According to Fine Gael, the hackers substituted the phrase "owned by Raepsauce and Palladium" for text on the website, which led to the site being down for 24 hours just seven weeks before the country's 2011 general election. Political party officials said that the resulting cleanup costs were €10,000 ($13,500), and that about 2,000 people had registered with the site, which was set up just for the election.

The two hackers were traced by the Garda -- Irish police -- fraud squad, working with the FBI. Attorneys for both men argued in court that the hack had been a stunt, and said their clients, who had no previous criminal convictions, had immediately confessed to the crime and begun working with police. The police concurred, with Detective Marion Brennan telling Judge Ann Ryan in July 2013, that it was "a stunt to embarrass a political party rather than to disclose data to the public at large," reported Ireland's Independent.

[ How far can the FBI go with suspected computer criminals? Read Stratfor Hacker: FBI Entrapment Shaped My Case. ]

Ireland's director of public prosecutions told the men they could be tried by "summary disposal," and at district court level -- where the maximum penalty would be a fine and up to 12 months in jail -- if they pleaded guilty. They did so in July, thus avoiding the prospect of facing a judge and jury, which could have led to a tougher sentence.

At their July hearing, Judge Ryan criticized the defendants for the hack, which she said was both criminal and "a terrible abuse of talent" -- though she also noted that the incident hadn't caused long-term damage, the Independent reported. Accordingly, she told the men that they would be spared a jail sentence providing they received favorable probation reports prior to their October 2013 sentencing and produced at that time the €5,000 they each owed in damages. She also said they would avoid having a criminal record.

That came to pass on Tuesday, when both men reappeared in court for their sentencing hearing with a favorable probation report and paid their portion of the fine. Half of the fine will go to a suicide prevention charity, reported Ireland's RTE News.

Both men are currently university students, with Martyn studying forensic science and analysis and O'Cearrbhail studying medicinal chemistry.

But will the two face more court appearances? Notably, both were indicted in U.S. federal court in March 2012, as part of the FBI's round-up of LulzSec and Anonymous leaders, which also included Ryan Ackroyd (aka Kayla) and Jake Davis (aka Topiary).

The indictment accused Martyn and O'Cearrbhail of having been behind hacks of a number of sites, including HBGary, Fox Broadcasting Company and Sony Pictures, as well as the Fine Gael site.

According to court documents, O'Cearrbhail also hacked into a Garda cybercrime investigator's iCloud account, which was linked to his Gmail account, from which O'Cearrbhail saw a message containing dial-in credentials for a January 17, 2012, conference call between the FBI and overseas cybercrime investigators as part of their ongoing investigations into LulzSec and Anonymous. According to the indictment, O'Cearrbhail surreptitiously recorded the conference call and distributed it to LulzSec leader "Sabu" (Hector Xavier Monsegur), who had secretly turned FBI informant after being arrested in June 2011.

That indictment was later expanded to include Jeremy Hammond, who subsequently pleaded guilty to hacking the site of private intelligence service Stratfor. He later claimed that some of his hacking activities had resulted from being entrapped by Sabu.

Is the U.S. case against Martyn and O'Cearrbhail continuing? Martyn's solicitor, Matthew Kenny, couldn't immediately be reached for comment, while O'Cearrbhail's solicitor, Eugene Dunne, declined to discuss any aspects of case when reached by phone.

The Garda likewise declined to comment. Asked about the status of the U.S. federal indictment against the Irish men, a Garda spokesman said via email, "We do not comment on named individuals."

A spokesman for the Department of Justice, meanwhile, couldn't be reached for comment. A phone call to the agency's Office of Public Affairs reached only an outgoing message stating that in the event of a "lapse in appropriations ... this message will be listened to and responded to upon a funding restoration."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2003-1598
Published: 2014-10-01
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVE-2011-4624
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVE-2012-0811
Published: 2014-10-01
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files gene...

CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.