[+] Wayc0de's Blog[+]

23/09/11

FBI arrests Sony LulzSec hacking suspect

Sony executives Shiro Kambe, Kazuo Hirai  and Shinji Hasejima
 
At a May press conference in Tokyo, Sony executives bow to apologise for thefts of personal data from Sony's computer networks. An alleged member of LulzSec has been arrested in Arizona by the FBI. Photograph: Toru Yamanaka/AFP/Getty
A suspected member of the clandestine hacking group LulzSec has been arrested in Arizona by the FBI on charges of taking part in an extensive breach of the Sony Pictures computer system.

A federal grand jury indictment charges Cody Kretsinger, 23, with conspiracy and the unauthorised impairment of a protected computer in connection with the attack in May and June.

Kretsinger is alleged to have used the online name, or handle, of "recursion" as part of the hacking crew.

LulzSec, an underground group also known as Lulz Security, at the time published the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony.

"From a single injection we accessed EVERYTHING," the hacking group said in a statement at the time. "Why do you put such faith in a company that allows itself to become open to these simple attacks?"
Hackers previously had accessed personal information on 77m PlayStation Network and Qriocity accounts, 90% of which belonged to users in North America and Europe, in what was then the biggest such security breach in history.
The nine-page indictment said Kretsinger and co-conspirators obtained confidential information from Sony Pictures' computer systems using an "SQL injection" attack against its website, a technique commonly used by hackers to exploit vulnerabilities and steal information.

The indictment said that Kretsinger, as "recursion", helped post information he and his co-conspirators stole from Sony on LulzSec's website and announced the intrusion via the hacking group's Twitter account.

The extent of damage caused by the breach of the studio's computer network remained under investigation, the FBI said.

Chat logs obtained by the Guardian reveal that two members of LulzSec, "recursion" and "devrandom", decided to leave the group after 3 June after it attacked an FBI-affiliated site.

There have been four arrests in the UK of people alleged to be associated with LulzSec. Trials of three of them are expected to begin in 2012.

LulzSec, an underground group also known as Lulz Security, at the time published the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony.

"From a single injection we accessed EVERYTHING," the hacking group said in a statement at the time. "Why do you put such faith in a company that allows itself to become open to these simple attacks."

Hackers previously had accessed personal information on 77m PlayStation Network and Qriocity accounts, 90% of which belonged to users in North America and Europe, in what was then the biggest such security breach in history.
Other high-profile companies targeted by cyber attacks included Lockheed Martin and Google.

Sony officials did not comment on Thursday's arrest.

LulzSec is reputed to be affiliated with the international hackers collective called Anonymous, which has claimed responsibility for cyber attacks on government and private institutions around the world.

Kretsinger faces a maximum sentence of 15 years in prison if convicted. The government is trying to extradite him to Los Angeles, where Sony Pictures' computer system is located and where the case against him has been filed.

nb : guardian

1 komentar: