Second LulzSec suspect arrested in Sony Pictures breach

LulzSec

A second suspected member of the clandestine hacking group LulzSec was arrested yesterday on charges he took part in an extensive computer breach of Sony Pictures Entertainment.

Raynaldo Rivera, 20, of Tempe, Arizona, surrendered to US authorities in Phoenix six days after a federal grand jury in Los Angeles returned an indictment charging him with conspiracy and unauthorised impairment of a protected computer.

If convicted, Rivera faces up to 15 years in prison.

Why do you put such faith in a company that allows itself to become open to these simple attacks?

The indictment, unsealed on Tuesday, accuses Rivera and co-conspirators of stealing information from Sony Pictures' computer systems in May and June 2011 using an SQL injection attack against the studio's website.

The indictment said Rivera then helped to post the confidential information onto LulzSec's website and announced the intrusion via the hacking group's Twitter account.

While Rivera was the only person named in the indictment, the FBI said his co-conspirators included Cody Kretsinger, 24, a confessed LulzSec member who pleaded guilty in April to federal charges stemming from his role in the Sony attack.

Following the breach, LulzSec published the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony, and publicly boasted of its exploits.

"From a single injection we accessed EVERYTHING," the hackers said in a statement at the time. "Why do you put such faith in a company that allows itself to become open to these simple attacks?"

Authorities have said the Sony breach ultimately cost the company more than $600,000.

LulzSec, an underground group also known as Lulz Security, is an offshoot of the international hacking collective Anonymous and has taken credit for such cyber incursions on a number of government and private sector websites.

The latest indictment says Rivera, who went by the online nicknames of "neuron," "royal" and "wildicv," is suspected of using a proxy server in a bid to conceal his Internet Protocol, or IP, address, and avoid detection.

Court documents revealed in March that an Anonymous leader known as Sabu, whose real name is Hector Monsegur, had pleaded guilty to hacking-related charges and provided information on his cohorts to the FBI.

That same month, five other suspected leaders of Anonymous, all them alleged to be LulzSec members as well, were charged by federal authorities with computer hacking and other offenses.

An accused British hacker, Ryan Cleary, 20, was indicted by a federal grand jury in June on charges related to LulzSec attacks on several media companies, including Sony Pictures.

Kretsinger, who pleaded guilty to the same two charges now facing Rivera, is slated to be sentenced on October 25. A federal prosecutor said he would likely receive substantially less than the 15-year maximum prison term carried by those offenses.

Anonymous and its offshoots focused initially on fighting attempts at Internet regulation and the blocking of free illegal downloads but have since taken aim at the Church of Scientology, global banking and other targets.

Anonymous, and LulzSec in particular, became notorious in late 2010 when they launched what they called the "first cyber war" in retaliation for attempts to shut down Wikileaks.

ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.