Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

FBI Busts Suspected LulzSec Hacker In Sony Breach

Authorities have charged three men as part of ongoing investigations into LulzSec and Anonymous attacks against government servers and Sony websites.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
An alleged member of hacking group LulzSec, 23-year-old Cody Kretsinger, was arrested in Phoenix on Thursday by the FBI. The same day, the bureau arrested a man in San Francisco who's suspected of participating in Anonymous-related attacks, and announced similar charges against a third man, based in Ohio.

Related search warrants were also executed in Minnesota, Montana, and New Jersey, according to Fox News, which broke the story.

A federal indictment, unsealed Thursday morning, alleges that Kretsinger is the LulzSec member known as "recursion." He's accused of participating in online attacks against Sony Pictures from May 27, 2011, until June 2, 2011, the full extent of which Sony is still investigating, said authorities. The indictment also alleges that Kretsinger used a proxy server to try and mask his IP address, and that he and his co-attackers used SQL injection attacks to compromise the Sony Pictures website, after which they posted 150,000 stolen usernames and passwords on the LulzSec website, and then announced the exploit on Twitter.

[ Protect yourself and your systems. Read 14 Enterprise Security Tips From Anonymous Hacker ]

Another federal indictment, also unsealed Thursday, alleges that Christopher Doyon, 47, of Mountain View, Calif., and Joshua Covelli, 26, of Fairborn, Ohio, participated in a 2010 distributed-denial-of-service attack against servers run by the Santa Cruz County government in California. According to the indictment, the attack was conducted under the banner of the People's Liberation Front, which works with Anonymous.

Unconfirmed news reports said that the man arrested by authorities on Thursday in San Francisco was Doyon. Reports also said he was homeless.

"The arrests, if legit, could have a significant impact on hacking," said Rob Rachwald, director of security strategy at Imperva, in a blog post. "Hackers may not be as willing to trumpet their activities--a major driver of hacktivism. Further, it may impede recruitment of new hackers who could now be a little more gun-shy."

LulzSec, also known as Lulz Security or the Lulz Boat, said it was ending its self-publicized 50-day hacking spree in June. But according to chat logs obtained by the Guardian, some members exited LulzSec early, over fears that the group had gone too far. Notably, recursion appeared to quit the group on June 3, together with "devrandom," after LulzSec members hacked the Atlanta chapter of FBI affiliate InfraGard. The leader of LulzSec, "Sabu," dismissed their exit, saying they were "not up for the heat."

Sabu, among other known LulzSec members, remains at large, and apparently at work. This week, a post to his Twitter account threatened reprisals if Troy Davis--then on death row in Georgia--was executed. "Word is the Supreme Court gave a 7 day reprieve for the execution. He still can be executed within this week. DON'T YOU DARE," said the post. Davis was executed by lethal injection on Wednesday.

Arrests of accused members of LulzSec and Anonymous have been intensifying in recent months, both in the United States and abroad. In July, the FBI arrested 14 people on charges of having participated in Anonymous attacks against PayPal. The same month, Italian authorities arrested 15 people over Anonymous attacks. British authorities, meanwhile, have made multiple related arrests. Notably, they arrested teenager Jake Davis in July, alleging that he served as the LulzSec spokesman known as "Topiary."

According to Rachwald, many LulzSec and Anonymous hackers have made two significant errors: they attracted significant attention, and they didn't properly cover their tracks. "If you look at hacking historically, over the past 20 years many of the high-profile attacks or those that involve serious losses to governments or commercial companies have ended up with law enforcement finding the perpetrators eventually, such as Albert Gonzalez," he said, referring to the mastermind behind the hack of TJX.

Interestingly, the hack of TJX--resulting in the theft of 45.6 million credit and debit card numbers--continued for a year and a half before being discovered, and it took authorities another year and a half to indict and arrest Gonzalez. But LulzSec and Anonymous members, by trumpeting their own exploits, appear to have handed investigators numerous, timely leads, enabling authorities to identify and arrest suspects much more quickly.

Attend Enterprise 2.0 Santa Clara, Nov. 14-17, 2011, and learn how to drive business value with collaboration, with an emphasis on how real customers are using social software to enable more productive workforces and to be more responsive and engaged with customers and business partners. Register today and save 30% off conference passes, or get a free expo pass with priority code CPHCES02. Find out more and register.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.