lulzsec

LulzSec hackers got off easy for their damaging attacks

Four members of the infamous and largely British LulzSec hacking group that carried a string of high-profile distributed denial of DDoS attacks in 2011 have been handed relatively lenient prison terms of up to 32 months by the judge at Southwark Crown Court in the UK.

The bare facts are that Ryan Cleary, 21, and Ryan Ackroyd, 26, were given prison terms of 32 and 30 months respectively, while Jake Davis ('Topiary'), 20, will spend 24 months in a young offender's institution; Mustafa Al-Bassam, 18, was handed a 20 month suspended sentence.

All will be watched by the authorities for up to five years after their eventual release.

US laws are tougher

Although these sentences count as relatively severe by UK standards for hacking offenses, they are probably mild compared to the terms that might have been handed out in the U.S. where collaborator and former LulzSec leader Hector Xavier Monsegur ('Sabu') has so far won sentencing delays only after turning police informer.

Information supplied by Monsegur was instrumental in the arrests of the four UK men on different dates in 2011, which caused LulzSec's sudden and spectacular destruction.

Despite their self-assured public statements, police evidence revealed them to be a less imposing in the flesh.

Cleary managed the botnet used in DDoS attacks while Ackroyd chose the targets for attack and carried them out, hence their more severe sentences. Al-Bassam's role was to supply information on possible vulnerabilities while Davis operated as a sort of witty, sarcastic PR man, running the public Twitter account that announced their latest successes using the call sign "tango down."

Police claim the attacks caused $32 million in damage, including reputational harm, to the clutch of organizations they honed in on, including the website of the UK Serious Organized Crime Agency (SOCA) itself.

It gets darker. On 20 June 2011, police raided Cleary's home address where they found him in the middle of the SOCA DDoS attack; they also said that forensic analysis found child porn images on his PC.

'Vandals' oblivious to damage

"Theirs was an unusual campaign in that it was more about promoting their own criminal behavior than any form of personal financial profit," said the Police Central e-crime Unit head Charlie McMurdie. "In essence, they were the worst sort of vandal—acting without care of cost or harm to those they affected."

"They claimed to be doing it for 'a laugh' but real people were affected by their actions. Today's convictions should serve as a deterrent to others who use the internet to commit cyber-attacks," McMurdie added.

The inside track on LulzSec has always been something of a mystery beyond the few details made public during their trials.

However, in a new BBC interview, Jake Davis—Topiary—has now offered some fascinating insights that will probably surprise nobody.

""It [the Topiary character] was an exaggerated version of the things I couldn't be," he said. "He was a lot more confident that I am certainly."

"It [the Internet] is a very limited world. It's a world devoid of empathy."

Subscribe to the Security Watch Newsletter

Comments