Thursday, September 22, 2011

Alleged LulzSec member arrested in Sony breach

The FBI arrested a 23-year-old Arizona man today on charges of stealing data from Sony Pictures Entertainment earlier this year.

Cody Andrew Kretsinger of Phoenix was indicted September 2 by a federal grand jury on charges of conspiracy and unauthorized impairment of a protected computer, the FBI said in a statement. Kretsinger could not be reached for comment.

Meanwhile, Fox News reported that a hacker who is believed to be homeless was arrested in San Francisco on charges of participating in attacks allegedly carried out by activist group Anonymous on Santa Cruz County government Web sites, and that search warrants were being executed in New Jersey, Minnesota, and Montana. An FBI spokesman told CNET that the agency does not typically comment on search warrants. FBI officials in San Francisco did not immediately return a call seeking comment.

Kretsinger is accused of using proxy services via the site, designed to offer anonymous Internet access, to probe Sony Pictures Entertainment's computer systems in May, according to the indictment, which was unsealed in U.S. District Court in Los Angeles today.

He and others co-conspirators looked for vulnerabilities and exploited them by means of a SQL injection attack between May 27 and June 2, the indictment says. They then allegedly compromised the Sony system, making "tens of thousands of requests for confidential data," and released the information from Sony on a public Web site and on Twitter.

Kretsinger permanently erased the hard drive of the computer he used to conduct the attack, the indictment alleges. He is due to make an initial appearance in federal court in Phoenix today. The U.S. government will request that he be transferred to Los Angeles to face prosecution. He faces up to 15 years in prison if convicted.

He is alleged to have used the hacker handle "recursion" and is believed to be a member of the LulzSec hacker group.

The LulzSec group, believed to be a spin-off of the Anonymous group of online activists, had bragged about breaking into Sony Pictures' system, posting a statement on the Pastebin on June 2 and proof of their attack. "We recently broke into and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts," the statement said. "Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 'music codes' and 3.5 million 'music coupons.'"

A week later, Sony said that actually personally identifable information of 37,500 customers had been exposed in the breach. The breach was one of a series of attacks targeting Sony and its affiliate sites globally that started in May following a legal spat Sony had with a hacker who had modified his Sony PlayStation 3.

Read more: here

No comments:

Post a Comment