Attacks/Breaches
10/9/2013
11:23 AM
Connect Directly
RSS
E-Mail
50%
50%

LulzSec Hackers Evade Irish Jail Time

In Ireland's first-ever successful computer crime prosecution, two hackers with ties to LulzSec and Anonymous get probation and fines -- but so far no extradition to face charges in the U.S.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Two men charged by authorities in Ireland with hacking the website of one of the country's biggest political parties have been spared jail time and will have their criminal records cleared.

Darren Martyn (aka "Raepsauce"), 21, and Donncha O'Cearrbhail ("Palladium"), 20, pleaded guilty in July 2013 to hacking Irish center-right political party Fine Gael's website on January 9, 2011, stealing a copy of the site's subscriber database, publishing it on the Internet and sending it to a journalist.

According to Fine Gael, the hackers substituted the phrase "owned by Raepsauce and Palladium" for text on the website, which led to the site being down for 24 hours just seven weeks before the country's 2011 general election. Political party officials said that the resulting cleanup costs were €10,000 ($13,500), and that about 2,000 people had registered with the site, which was set up just for the election.

The two hackers were traced by the Garda -- Irish police -- fraud squad, working with the FBI. Attorneys for both men argued in court that the hack had been a stunt, and said their clients, who had no previous criminal convictions, had immediately confessed to the crime and begun working with police. The police concurred, with Detective Marion Brennan telling Judge Ann Ryan in July 2013, that it was "a stunt to embarrass a political party rather than to disclose data to the public at large," reported Ireland's Independent.

[ How far can the FBI go with suspected computer criminals? Read Stratfor Hacker: FBI Entrapment Shaped My Case. ]

Ireland's director of public prosecutions told the men they could be tried by "summary disposal," and at district court level -- where the maximum penalty would be a fine and up to 12 months in jail -- if they pleaded guilty. They did so in July, thus avoiding the prospect of facing a judge and jury, which could have led to a tougher sentence.

At their July hearing, Judge Ryan criticized the defendants for the hack, which she said was both criminal and "a terrible abuse of talent" -- though she also noted that the incident hadn't caused long-term damage, the Independent reported. Accordingly, she told the men that they would be spared a jail sentence providing they received favorable probation reports prior to their October 2013 sentencing and produced at that time the €5,000 they each owed in damages. She also said they would avoid having a criminal record.

That came to pass on Tuesday, when both men reappeared in court for their sentencing hearing with a favorable probation report and paid their portion of the fine. Half of the fine will go to a suicide prevention charity, reported Ireland's RTE News.

Both men are currently university students, with Martyn studying forensic science and analysis and O'Cearrbhail studying medicinal chemistry.

But will the two face more court appearances? Notably, both were indicted in U.S. federal court in March 2012, as part of the FBI's round-up of LulzSec and Anonymous leaders, which also included Ryan Ackroyd (aka Kayla) and Jake Davis (aka Topiary).

The indictment accused Martyn and O'Cearrbhail of having been behind hacks of a number of sites, including HBGary, Fox Broadcasting Company and Sony Pictures, as well as the Fine Gael site.

According to court documents, O'Cearrbhail also hacked into a Garda cybercrime investigator's iCloud account, which was linked to his Gmail account, from which O'Cearrbhail saw a message containing dial-in credentials for a January 17, 2012, conference call between the FBI and overseas cybercrime investigators as part of their ongoing investigations into LulzSec and Anonymous. According to the indictment, O'Cearrbhail surreptitiously recorded the conference call and distributed it to LulzSec leader "Sabu" (Hector Xavier Monsegur), who had secretly turned FBI informant after being arrested in June 2011.

That indictment was later expanded to include Jeremy Hammond, who subsequently pleaded guilty to hacking the site of private intelligence service Stratfor. He later claimed that some of his hacking activities had resulted from being entrapped by Sabu.

Is the U.S. case against Martyn and O'Cearrbhail continuing? Martyn's solicitor, Matthew Kenny, couldn't immediately be reached for comment, while O'Cearrbhail's solicitor, Eugene Dunne, declined to discuss any aspects of case when reached by phone.

The Garda likewise declined to comment. Asked about the status of the U.S. federal indictment against the Irish men, a Garda spokesman said via email, "We do not comment on named individuals."

A spokesman for the Department of Justice, meanwhile, couldn't be reached for comment. A phone call to the agency's Office of Public Affairs reached only an outgoing message stating that in the event of a "lapse in appropriations ... this message will be listened to and responded to upon a funding restoration."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7298
Published: 2014-10-24
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.

CVE-2014-8346
Published: 2014-10-24
The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.

CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.