Last month, 20-year-old Jake Davis, 26-year-old Ryan Ackroyd, and 18-year-old Mustafa al-Bassam plead guilty to charges of cyberattacking the NHS, News International, and Sony. On top of those, Ackroyd in particular also plead guilty to plotting attacks on other websites in addition to a computer hacking charge. Al-Bassam and Davis, in addition to the aforementioned, plead guilty to conspiring to attack various law enforcement agencies in both the US and UK.

While those three plead guilty last month, 21-year-old Ryan Cleary, who was also sentenced today, had already plead guilty in his own legal spat, which consisted of six various related charges. The guilty pleas were entered about two years after the attacks for which they were sentenced took place. Out of the four, Ackroyd had been the only to initially maintain his innocence.

Now that the sentencing is complete, we see that Cleary was given a 32-month prison sentence, Ackroyd a 30-month sentence, and Davis a 24-month sentence. Al-Bassam was the only one to side-step a prison sentence, instead receiving a 20-month suspended sentence because – though now an adult – he was only 16-years-old when he committed the cyberattacks, making him a minor. Instead, he will perform 300 hours of community service.

Crown Prosecution Service lawyer Andrew Hadik said: “The harm they caused was foreseeable, extensive and intended. Indeed, they boasted of how clever they were with a complete disregard for the impact their actions had on real people’s lives. This case should serve as a warning to other cybercriminals that they are not invincible.”

SOURCE: BBC News

The name of the company for which he worked has not been specified, nor has the exact position he held. Says the AFP’s Commander Glen McEwan, he is someone “known to international law enforcement,” and that he is the first LulzSec member to be arrested by them. His arrest took place after being under surveillance for less than two weeks, something that was prompted by a compromised government website.

As a result, the alleged leader has been arrested and charged with one count of unauthorized access to a restricted computer system, as well as two counts of unauthorized modification of data to cause impairment. Such charges have a maximum prison sentence of 12 years. Some of the Australian targets of the hacking collective are said to be departments of the Victorian and NSW governments, local councils, and AusAid. In addition, ten high schools and universities had their login information and email accounts leaked.

The claim that this individual is LulzSec’s leader comes from posts he allegedly made on forums, in which he claimed to be the leader. The AFP also says that they have talked about it with him, and that he has discussed it. He’s due back in court on May 15. Says Commander McEwen: “The AFP will not tolerate the attempts of hackers to damage or destroy the online property of Australian individuals, companies or national infrastructure resources.”

[via ABC News]

This sentence has been passed down after the defendant was arrested back in September of 2011. His original part in the crime took place in May of that same year, and he pled guilty to the crime in April of 2012. In other words, it’s not always a quick path from the crime to the final sentence!

In similar situations related to this Sony Picture hack, LulzSec members Raynaldo Rivera and Hector Xavier Monsegur have also gone into agreements with the authorities. Monsegur, also known as “Sabu”, has according to PC World agreed to work with the FBI as an informant and – again, according to this same source – played an important part in the identification of the other members of the LulzSec team.

Monsegur is currently set to face a maximum sentence of 124 years in prison, while Rivera (aka “neuron”) is set to be sentenced on May the 16th. You’ll be able to find more information on the hacking universe in our hacking tag portal as well as through a search for LulzSec in our archives!

LulzSec is a branch from the more popularly-known Anonymous hacker collective, and has claimed to have initiated quite a few high-profile cyberattacks against private and government websites alike. One such attack was against Sony, who’s website Kretsinger claims to have accessed, gathering information and spreading it to two other LulzSec hackers.

That information was then made public on the group’s Twitter account and on its website, resulting in what prosecutors say was in excess of $600,000 worth of damage to the corporation. Additional members of the hacking group are slated for sentencing, having plead guilty to various related charges earlier this month and back in the summer of 2012.

On April 9, LulzSec members Jake Davis, Mustafa al-Bassam, and Ryan Ackroyd all plead guilty in London to cyberattacks against Sony, in addition to other entities, such as the NHS and News International. Ackroyd, in particular, plead guilty to also plotting cyberattacks against many other websites, among them being 20th Century Fox. Davis and al-Bassam plead guilty to conspiracy to attack law enforcement agencies in both the UK and US. They will be sentenced on May 14.

[via Reuters]

According to The Guardian, Jake Davis (20-years-old), Mustafa al-Bassam (18-years-old), and Ryan Ackroyd (26-years-od), who had previously maintained his innocence, have plead guilty in London earlier today to attacking Sony, News International, and the NHS. For his part, Ackroyd plead guilty to plotting attacks on a variety of websites, among them being 20th Century Fox, as well as a single count of a computer hacking charge.

And for their parts, al-Bassam and Davis plead guilty to conspiracy to attack law enforcement agencies throughout the United Kingdom and the United States, as well as the cyberattacks against the aforementioned News International, 20th Century Fox, NHS, and Sony. This is al-Bassam’s (who is said to have gone by the name Tflow) first guilty plea in the cyberattacks.

Now the group is awaiting sentencing, which is slated to take place on May 14, about two-years after the attacks they plead guilty to took place. Also slated for sentencing on May 14 is another LulzSec hacker named Ryan Cleary (21-years-old), who had already plead guilty to six charges said to be related. Check out the timeline below for more info on the hacking group.

[via The Guardian]

Jake David, aka Topiary, and Ryan Cleary both admitted that they were part of the LulzSec group, but overall only pleaded guilty to two out of the four charges brought against them. Ryan Ackroyd, aka Kayla, pleaded not guilty to all four charges, while an unnamed 17 year old also pleaded not guilty to all charges.

The group performed numerous hacks on high profile targets such as the CIA and the Pentagon, and leaked the names of 73,000 X-Factor contestants. Other targets included the NHS, Sony, Nintendo, 20th Century Fox, and News International. The trial for the case will be held in April 2013.

[via BBC]

This means that if he does indeed find help to do so, Vader will be cracking down on the amount of time that posts with illicit content. This illicit content currently ranges from stolen source codes from closed-source applications, lists of emails and contact information of those who do not know it’s being shared, and rally calls to illegal action. As Vader notes, he doesn’t want this cutdown to affect those using the site for non-illegal matters:

“I think it is very important that people have access to sites like Pastebin, because it offers them total freedom of speech. … I am looking to hire some extra people soon to monitor more of the website content, not just the items reported. Hopefully this will increase the speed which we can remove sensitive information.” – Vader

Pastebin has been blocked by several countries due to its relatively complete lack of censorship, and is, believe it or not, not loved by all citizens of the web. In fact, Pastebin is the target of hackers wishing to break the site down with DDOS attacks quite constantly.

“In the last three months not a single day has gone by that we didn’t get some kind of DDOS [distributed denial of service] attack. I do hear from people in the hackers community that many hackers like to test their DDOS skills on Pastebin.” – Vader

Living in a world where hacking skills are held in high regard and providing a tool that can very well help those with those skills execute plans can be a tough cookie to crack. Vader remains confident that traffic and the usefulness of the site will remain high through this new round of control over its contents.

BONUS: Check out [Pastebin search results] to see how many times we’ve referred to the site in our entire history as news site!

[via BBC]

LulzSec posted download links on PasteBin, as well as trademark ASCII art depicting the Lulz Boat. They had this to say:

The website http://www.militarysingles.com/ was recently closed day ago or so, so we dumped email db
There are emails such as @us.army.mil ; @carney.navy.mil ; @greatlakes.cnet.navy.mil ; @microsoft.com ; etc..

Total Dump 170937 Accounts.

The company behind Military Singles, ESingles, haven’t released an official statement regarding the hack. An administrator for Military Singles did, however, post a comment on a Data Breaches article, which read:

We at ESingles Inc. are aware of the claim that someone has hacked MilitarySingles.com and are currently investigating the situation. At this time there is no actual evidence that MilitarySingles.com was hacked and it is possible that the Tweet from Operation Digiturk is simply a false claim.

We do however take the security and privacy of our members very seriously and will therefore treat this claim as if it were real and proceed with the required security steps in order to ensure the website and it’s database is secure. Admin, MilitarySingles.com

LulzSec then took to a new Twitter account to respond to the allegations of there being “no actual evidence”, posting the above image to Military Singles as proof of their access. Data Breaches also compared the information found in LulzSec’s dump to what was available on the website while it was still live, and found that the data did match.

[via ZDNet]

According to the report, 58% of all data stolen during 2011 was the result of hacktivists. Traditionally cybercriminals seek out and hack information and data for financial gain, while hacktivists have been using their tools for political gains, often defacing websites and sending out bold messages.

The level of difficulty of the attacks wasn’t very high, though: the report says that 96% of all attacks “were not highly difficult”, meaning they didn’t require advanced hacking skills or vast resources. 97% of attacks were also avoidable, typically involving stolen login credentials, or exploiting default or easily guessable passwords.

Hacking also seems to be on the rise globally: attacks emanated from 36 countries in 2011, up from 22 countries on the previous year. Eastern Europe seems to be a hotbed of activity too, with 70% of breaches originating from there, and less than 25% coming from the United States.

[via Verizon]

In response, those behind Anonymous OS took to their Tumblr page saying that the tweet was misleading:

The #anonops on their twitter account say “That Anonymous-OS is wrapped in trojans.”
Please people… in our world, in Linux and opensource world, there is not virus.

If any user believe that Anonymous-OS “is wrapped in trojans” or “backdoored OS by any Law enforcement Company or Hacker” please don’t download it!

But don’t mislead the world that Linux is dangerous and has trojans!

In the flurry of broken English and poor grammar, does it really matter who’s right or wrong? It seems odd that AnonOps would claim that a Linux distro is “wrapped with trojans” when the OS is typically free of the exploits that plague other operating systems like Windows. Having said that, you are downloading an unofficial build of Linux by an anonymous group of individuals without really knowing what has been written into the OS.

As always, we suggest you exercise caution if you are tempted to download the build, although you’re probably better off leaving it alone. Not too long ago several individuals from hacker group LulzSec were arrested by the FBI after the leader, Sabu, was caught and began providing the bureau with inside information to bring the group down.

[via The Verge]

In addition to this witness protection clause in the agreement to keep “family and certain loved ones” safe and “relocated under a new identity” if need be, today’s findings include additional charges filed against Sabu by the government in the first place. The first place being the full list of charges leveled against Sabu in mid 2011 when he originally agreed to work with the government to lessen his damages. Additional charges include selling marijuana on two separate occasions, running up $15,000 on a former employer’s credit card, purchasing stolen jewelry as well as electronics, and dealings with illegally purchased prescription drugs.

The counts leveled against Sabu at this very moment are still set for a minimum of 2 years jail time, with the full sentence originally adding up to 122 years. This sentence has obviously been lessened substantially by the deals Sabu has made with the FBI, but we expect some jail time will be served in the end. LulzSec-related hacker group Anonymous have been relatively quiet on the matter outside a couple of recent attacks which may or may not have been directly related to this chain of events.

Proclaiming themselves the “knights of the lulz”, AntiSec posted the following on the hacked website, directly aimed at the FBI:

TO FBI AND OTHER S**TS
YOU HAVE OUR LOGS, WE HAVE ALL THOSE PMs AND PRIVATE CHATs U DONT WANT TO MAKE PUBLIC
YOU REALLY F**KED IT UP TRYING TO TRAP PEOPLE

Earlier in the week AntiSec confirmed that Panda Security were activity participating in DoS attacks in an attempt to infiltrate the group, and this latest taunt at the FBI indicates that perhaps that organization was also engaging in illegal activities in order to get closer to those involved in AntiSec and Anonymous.

At the end of their message, AntiSec also released hundreds of usernames and passwords, as well as logs indicating the group had gained root access to the website, allowing them to deface the website. All of this was headed up by a video of the final moments of Fight Club, a nod perhaps towards Project Mayhem, a small group of individuals in the film also committed to performing sabotage.

All of this comes after the arrests earlier this week of five LulzSec members, along them the leader, Hector Xavier Monsegur, also known as “Sabu”. Monsegur was arrested in June 2011 and had been cooperating with the FBI in order to bring down the group from the inside.

Computerworld reports that Anonymous attacked and defaced the website in response to Panda Security’s involvement in the arrests of 25 members of Anonymous across the world. Luis Corrons, research director at Panda Labs, has previously said that “sometimes if you want to infiltrate and you have to be one of the criminals, you have to do things that you shouldn’t.”

Anonymous confirmed via the defaced website that the company was activity participating on IRC channels, as well as DoS attempts, trying to infiltrate the group. Anonymous also referred to yesterday’s LulzSec arrests, posting:

YEAH YEAH
WE KNOW…
SABU SNITCHED ON US
AS USUALLY HAPPENS FBI MENACED HIM TO TAKE HIS SONS AWAY
WE UNDERSTAND, BUT WE WERE YOUR FAMILY TOO (REMEMBER WHAT YOU LIKED TO SAY?)
IT’S SAD AND WE CANT IMAGINE HOW IT FEELS HAVING TO LOOK AT THE MIRROR EACH MORNING
AND SEE THERE THE GUY WHO SHOPPED THEIR FRIENDS TO POLICE.

Heading up the brazen message was an embedded YouTube video of various Anonymous hacks and conquests, set to the tune of “Santa Claus Is Coming To Town”. The hackers finally posted up dozens of email addresses and passwords of Panda Security employees, as well as various admin passwords and login credentials.

Currently the Panda Security website is offline, although a cached copy of the hack and Anonymous’ message can still be accessed.

Featured: Okay, so on the subject of the new iPad, which some reports now suggest will be called the iPad HD, we’ve compiled a guid for the detail-obsessed Apple enthusiast, covering everything we know so far. But the iPad isn’t the only thing in the news. Our Chris Burns sheds some light on major hacking news today with his column – Consider this: LulzSec’s Sabu didn’t snitch. And on a lighter note, we have a Sync by 50 SMS-WS Wireless Headphones Review.

Mobile: So, in the world of non-iPad mobile news, there were some pretty major developments today. First off, Verizon has revealed its list of devices that will be eligible for Android 4.0 Ice Cream Sandwich upgrades. And in other Android news, Google has just announced Google Play, which will be an official death knell in the Android Market’s coffin. And finally, here’s something interesting for iPhone owners – iPhone Polarizing Filter lens promises to reduce reflections in photos. Well that’s all for tonight. Check back tomorrow for the Wednesday evening wrap-up.

The actual document that says Sabu worked with the FBI rather than just having been questioned by them was released by an assistant U.S. attorney in Los Angeles by the name of Stephanie Christensen. The reason this should send up a flag for you is that the documents and the case in question here took place and were revealed in New York federal court, at the other end of the country. Of course we’re talking about an environment now where such communication is possible between courts, and the team being arrested now as a result of whatever actions took place recently to reveal these other members of LulzSec are being picked up from several places around the world – but the fact remains: two different documents exist.

None of this really has any baring on what’s happened unless you consider the effect its having on the trust the hacker community has in itself. If these compatriots were caught individually and independent of one another, it’d be a different subject entirely, and perhaps not quite as newsworthy. Instead we’ve got a situation on our hands that does not bode well for anyone hoping to continue the hacking fun times alive without caution.

According to Wired, one conversation with documentarian Brian Knappenberger, soon to be well known for his documentary on Anonymous by the name of We Are Legion had the following to say on the subject:

“When he went dark and tweeted the famous Usual Suspects line about the greatest trick the devil ever pulled was convincing the world he didn’t exist, I thought then he was snatched up by the FBI. Then he came back a month later and like nothing ever happened — like he took a break or just went on vacation. I had a conversation with someone who said ‘A little bird told me there is a reason they are not arresting Sabu’ but whenever anyone said that on Twitter, Sabu would respond with string of obscenities.” – Knappenberger

Stay tough, folks, and don’t read something as volatile as this just once and expect that the most intense story is the true one. The popular hacker saga continues!

Fox News reports that three suspects have been arrested, while two more have been charged with conspiracy. Those under suspicion hail from across the globe, with two men from Britain, two from Ireland, and one in Chicago. How exactly did this all come about? Hector Xavier Monsegur was secretly arrested by the FBI back in June, and has been a cooperating witness with them every since, feeding them information about LulzSec in order to bring them down from the inside.

Monsegur, whose alias was “Sabu”, pleaded guilty to 12 counts of hacking charges on August 15th, with his exact records due to be unsealed today at the Southern District Court of New York. The five members who were arrested today include Jeremy Hammond who resides in Chicago. He was arrested on charges of hacking and device access fraud. His actions reportedly led to the hacking of Stratfor Security Intelligence, leading to the leak of 200GB worth of emails.

LulzSec is an offshoot of Anonymous, infamous for DDoS attacks among other hacking activities. LulzSec hacks in the past have included the attack on Fox.com, where they leaked the names of 73,000 X-Factor contestants, as well as hacking the PBS website where they ran a fake news story claiming Tupac Shakur was still alive.