LONDON – Four members of the LulzSec international hacking group were sentenced to prison terms in Britain on Thursday for masterminding cyber attacks on major global institutions, including Sony Pictures and the CIA.
Ryan Cleary, 21, Jake Davis, 20, Mustafa Al-Bassam, 18, and Ryan Ackroyd, 26, saw themselves as “latter-day pirates” when they carried out the attacks on organizations which also included Rupert Murdoch’s top-selling British newspaper The Sun.
Cleary was jailed for 32 months, Ackroyd for 30 months and Davis for two years, while Al-Bassam was given a 20-month suspended sentence.
All four had admitted offences under the 1990 Computer Misuse Act.
The group were “hacktivists” with the LulzSec collective behind attacks that stole sensitive personal data such as emails, online passwords and credit card details.
LulzSec, an offshoot of the larger group Anonymous, existed from February to July 2011 and built up a huge international following, reaching 355,000 Twitter followers within two months.
They used social media and leaked details of attacks to journalists to further their quest of publicity, mainly through their chief publicist Davis.
The international group’s most high profile attack involved the extensive breach of Sony Pictures’ computer systems, which led to the personal data of thousands of Sony customers being posted online.
Sony lost details relating to 26.4 million customers in the attack which cost it £13 million (20 million dollars, 15 million euros), the court heard.
In June 2011 LulzSec took down the CIA.gov website in an attack masterminded by Al-Bassam, and the following month visitors to The Sun’s website were redirected to a spoof story about Murdoch committing suicide.
Britain’s National Health Service and Serious Organised Crime Agency were also victims of the group, who lived as far apart as London and the Shetland Islands, Britain’s most northerly outpost, and never met in person.
Stolen information was posted unencrypted on their website and file-sharing sites like Pirate Bay in 2011, the court had previously heard.
They also carried out distributed denial of service (DDoS) attacks, using linked networks of up to one million computers to overpower and crash websites.
The group’s activity collectively cost their targets millions of dollars and potentially left millions of people at risk from criminals.
Andrew Hadik, lawyer for the Crown Prosecution Service, said the group’s actions had been “cowardly and vindictive”.
“Co-ordinating and carrying out these attacks from the safety of their own bedrooms may have made the group feel detached from the consequences of their actions,” he said.
“They were in fact committing serious criminal offences for which they have been successfully prosecuted.”
Sentencing the men at Southwark Crown Court in London, judge Deborah Taylor said some of their taunting of their victims made “chilling reading”.
“You cared nothing for the privacy of others but did everything you could through your computer activities to hide your own identities while seeking publicity,” she said.
