Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

LulzSec Hacker Ryan Cleary To Be Released

Release comes despite being convicted of possessing child porn images and serving only a portion of his sentence, leading hackers to suggest he's working with authorities.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Convicted LulzSec hacker Ryan Cleary, 21, is set to be released "imminently" after appearing Wednesday in a London courtroom for sentencing relating to charges that he made and possessed 172 indecent images of children on his PC.

"Some of these images showed children aged as young as six months old in circumstances where they were completely vulnerable," Judge Deborah Taylor told Cleary, reported The Independent in Britain. "These images were such as would make any right-minded person concerned at you viewing such images."

Cleary, aka Viral, previously pleaded guilty to two charges of making indecent images of children and one charge of possessing indecent images of children. Taylor said Wednesday that although U.K. sentencing guidelines required incarceration for the offenses to which Cleary had plead guilty, "time has been served in any event."

[ For the latest on NSA whistle blower Edward Snowden, see Snowden Says U.S. Hacking Chinese Civilians Since 2009. ]

Based on time served, his pleading guilty to all charges filed against him and agreeing to wear an electronic device that will monitor his location, Cleary received a three-year community service order, which requires that he work in the community without pay. He also received a 36-month supervision order, which is akin to probation and requires that Cleary meet weekly with his probation officer. Finally, Cleary was ordered to sign the U.K.'s Violent and Sex Offender Register, which is a database used by police and prison officials to track people convicted of related offenses.

Cleary previously appeared in court last month, when he was sentenced to 32 months in prison, followed by a five-year serious crime prevention order that can be used to restrict where he's allowed to travel and which jobs he'll be allowed to work.

Also sentenced in May were fellow LulzSec participants Jake Davis (Topiary), Mustafa al-Bassam (Tflow) and Ryan Ackroyd (Kayla). Together with Cleary, they pleaded guilty to charges of hacking a number of sites, including the CIA, Britain's Serious Organized Crime Agency (SOCA) and National Health Service (NHS), and Sony Pictures Entertainment, as well as leaking the credit card data and personal information of hundreds of thousands of people. Cleary also pleaded guilty to launching numerous distributed denial of service (DDoS) attacks under the banners of Anonymous, Internet Feds and LulzSec.

British police said the attacks in which Cleary participated caused an estimated $31 million in damages.

British police said that when they arrested Cleary at his home on June 20, 2011, they found him in the middle of launching a DDoS attack against the website of SOCA, which was conducting a joint investigation with the FBI into the activities of LulzSec, Anonymous and AntiSec.

Clearly was first arrested in 2011 and released on bail, subject to his refraining from using the Internet. He was re-arrested on bail violation charges on March 5, 2012, for going online in December 2011 to contact LulzSec leader Sabu. The day after Cleary's arrest, federal officials revealed that in June 2011, Sabu -- real name Hector Xavier Monsegur -- had been arrested and turned confidential government informant, and was helping the FBI investigate hackers and information security attacks.

The news of Cleary's imminent release after serving less than his full jail sentence has led some members of Anonymous to accuse him of having cut a deal with authorities, although no evidence has been produced to back up that assertion. "Anyone who gets away with child porn charges is obviously collaborating with the feds," according to a post by "ro0ted" to the pro-Anonymous CyberGuerilla blog.

Cleary's legal troubles might not be over, as he was indicted last year by a Los Angeles federal grand jury on hacking charges. But his attorney, Karen Todner, said last year that U.S. prosecutors had indicated that they wouldn't be seeking his extradition. Furthermore, if that changed, she said her client would fight any such request. "Cleary suffers from Asperger's syndrome and is on the autistic spectrum and extradition to the United States is totally undesirable," she said.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...