Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

VPN Service Snitched on Alleged LulzSec Member

Yesterday, Cody Kretsinger, a 23-year-old from Phoenix, Arizona was arrested and charged with conspiracy and the unauthorized impairment of a protected computer, according a federal indictment.

How did the Feds track down the alleged LulzSec member? It turns out that a VPN service reportedly used to mask his online identify and location was the one who handed over data to the FBI.

Yesterday, Cody Kretsinger, a 23-year-old from Phoenix, Arizona was arrested and charged with conspiracy and the unauthorized impairment of a protected computer, according a federal indictment.

How did the Feds track down the alleged LulzSec member? It turns out that a VPN service reportedly used to mask his online identify and location was the one who handed over data to the FBI.

According to the federal indictment (embedded below), Kretsinger registered for a VPN account at HideMyAss.Com under the user name “recursion”. Following that, the indictment said that Kretsinger and other unknown conspirators conducted SQL injection attacks against Sony Pictures in attempt to extract confidential data.

According to a blog post from HideMyAss, they realized that LulzSec members had been utilizing its service after seeing leaked IRC chat logs. The company said it took no action after discovering the hackers had been using its services to hide, saying, there was no evidence to suggest wrongdoing and nothing to identify which accounts they were using.

“At a later date it came as no surprise to have received a court order asking for information relating to an account associated with some or all of the above cases,” they wrote in the post this morning. “As stated in our terms of service and privacy policy our service is not to be used for illegal activity, and as a legitimate company we will cooperate with law enforcement if we receive a court order (equivalent of a subpoena in the US).”

The blog post, titled “Lulzsec fiasco” also added the following: “Our VPN service and VPN services in general are not designed to be used to commit illegal activity. It is very naive to think that by paying a subscription fee to a VPN service you are free to break the law without any consequences. This includes certain hardcore privacy services which claim you will never be identified, these types of services that do not cooperate are more likely to have their entire VPN network monitored and tapped by law enforcement, thus affecting all legitimate customers.”

You can be sure that HideMyAss is not the only provider to be hit with subpoenas and essentially being forced to hand over user data. It’s likely the FBI and other officials are digging deep and requesting similar information from other VPN providers and online services such as Pastebin, Twitter, and other tools and web services commonly used by hackers.

Full indictment is below:

Advertisement. Scroll to continue reading.

Cody Andrew Kretsinger Indictment

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.