Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

LulzSec Hacker Ryan Cleary To Be Released

Release comes despite being convicted of possessing child porn images and serving only a portion of his sentence, leading hackers to suggest he's working with authorities.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Convicted LulzSec hacker Ryan Cleary, 21, is set to be released "imminently" after appearing Wednesday in a London courtroom for sentencing relating to charges that he made and possessed 172 indecent images of children on his PC.

"Some of these images showed children aged as young as six months old in circumstances where they were completely vulnerable," Judge Deborah Taylor told Cleary, reported The Independent in Britain. "These images were such as would make any right-minded person concerned at you viewing such images."

Cleary, aka Viral, previously pleaded guilty to two charges of making indecent images of children and one charge of possessing indecent images of children. Taylor said Wednesday that although U.K. sentencing guidelines required incarceration for the offenses to which Cleary had plead guilty, "time has been served in any event."

[ For the latest on NSA whistle blower Edward Snowden, see Snowden Says U.S. Hacking Chinese Civilians Since 2009. ]

Based on time served, his pleading guilty to all charges filed against him and agreeing to wear an electronic device that will monitor his location, Cleary received a three-year community service order, which requires that he work in the community without pay. He also received a 36-month supervision order, which is akin to probation and requires that Cleary meet weekly with his probation officer. Finally, Cleary was ordered to sign the U.K.'s Violent and Sex Offender Register, which is a database used by police and prison officials to track people convicted of related offenses.

Cleary previously appeared in court last month, when he was sentenced to 32 months in prison, followed by a five-year serious crime prevention order that can be used to restrict where he's allowed to travel and which jobs he'll be allowed to work.

Also sentenced in May were fellow LulzSec participants Jake Davis (Topiary), Mustafa al-Bassam (Tflow) and Ryan Ackroyd (Kayla). Together with Cleary, they pleaded guilty to charges of hacking a number of sites, including the CIA, Britain's Serious Organized Crime Agency (SOCA) and National Health Service (NHS), and Sony Pictures Entertainment, as well as leaking the credit card data and personal information of hundreds of thousands of people. Cleary also pleaded guilty to launching numerous distributed denial of service (DDoS) attacks under the banners of Anonymous, Internet Feds and LulzSec.

British police said the attacks in which Cleary participated caused an estimated $31 million in damages.

British police said that when they arrested Cleary at his home on June 20, 2011, they found him in the middle of launching a DDoS attack against the website of SOCA, which was conducting a joint investigation with the FBI into the activities of LulzSec, Anonymous and AntiSec.

Clearly was first arrested in 2011 and released on bail, subject to his refraining from using the Internet. He was re-arrested on bail violation charges on March 5, 2012, for going online in December 2011 to contact LulzSec leader Sabu. The day after Cleary's arrest, federal officials revealed that in June 2011, Sabu -- real name Hector Xavier Monsegur -- had been arrested and turned confidential government informant, and was helping the FBI investigate hackers and information security attacks.

The news of Cleary's imminent release after serving less than his full jail sentence has led some members of Anonymous to accuse him of having cut a deal with authorities, although no evidence has been produced to back up that assertion. "Anyone who gets away with child porn charges is obviously collaborating with the feds," according to a post by "ro0ted" to the pro-Anonymous CyberGuerilla blog.

Cleary's legal troubles might not be over, as he was indicted last year by a Los Angeles federal grand jury on hacking charges. But his attorney, Karen Todner, said last year that U.S. prosecutors had indicated that they wouldn't be seeking his extradition. Furthermore, if that changed, she said her client would fight any such request. "Cleary suffers from Asperger's syndrome and is on the autistic spectrum and extradition to the United States is totally undesirable," she said.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This is not what I meant by "I would like to share some desk space"
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-1067
PUBLISHED: 2021-01-20
NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges.
CVE-2021-1068
PUBLISHED: 2021-01-20
NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges.
CVE-2021-1069
PUBLISHED: 2021-01-20
NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss.
CVE-2020-26252
PUBLISHED: 2021-01-20
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server ...
CVE-2020-26278
PUBLISHED: 2021-01-20
Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is suppli...