ste williams

The Financial Times website and its Twitter accounts were this afternoon hijacked by pro-government hackers from the “Syrian Electronic Army”.

The posh broadsheet’s Tech Blog – at http://blogs.FT.com/beyond-brics – was compromised to run stories headlined “Syrian Electronic Army Was Here” and “Hacked by the Syrian Electronic Army”.

Meanwhile, the Technology News (@FTtechnews), FT Media and FT Markets Twitter feeds were seized by miscreants, who posted web links to disturbing YouTube videos of jihadis executing men by firing squad.

The blog has been cleaned up, but the Twitter accounts remain compromised.

Breaking news, literally … the compromised Pink ‘Un‘s tweets

The takeover is the latest in a series of high-profile attacks against media organisations by hackers apparently in favour of Syrian president Bashar al-Assad. The so-called electronic army has knackered the online operations of the The Guardian, Associated Press, the BBC and even satirical newspaper The Onion.

Techies at The Onion published an informative postmortem after the attack, revealing its email accounts were infiltrated following a multistage phishing expedition – a raid that gave the hackers control of the magazine’s social networking pages. The techniques used against the FT are unclear at the time of writing.

Computer security biz Arbor Networks said Twitter’s anticipated introduction of two-factor authentication ought to curtail, if not eliminate, this sort of account hijacking. Dan Holden, director of research at Arbor, commented: “Twitter recently announced plans to introduce two factor authentication, which is a big step forward from a security perspective. As this particular event shows the human element is often the weakest link in any security solution.”

“Given similar attacks in recent weeks against the Guardian in the UK and The Onion in US these attacks seem to be very targeted. Organisations should put processes in place to ensure that their staff are trained on best practices and have the support and training needed to allow them to follow these practices easily during their normal working routine. Ideally network monitoring solutions should also be put in place to alert an organisation when a user system connects to a known bad actor on the internet as this may indicate a compromise, allowing remedial action to be taken before there is any business impact,” he added. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/17/ft_twitter_hijacked_by_sea/

A Romanian man serving a five-year jail sentence for bank-machine fraud says he’s come up with a device that can be attached to any ATM to make the machine invulnerable to card skimmers.

Valentin Boanta was arrested in 2009 and charged with supplying ATM skimmers – devices that can be attached to ATMs to surreptitiously copy the data from unwitting users’ cards – to a local organized crime gang.

It was during his subsequent trial and sentencing that Boanta saw the light and traded in his black hat for a white one, Reuters reports.

“Crime was like a drug for me. After I was caught, I was happy I escaped from this adrenaline addiction,” Boanta told reporters from his jail cell in Vaslui, Romania. “So that the other part, in which I started to develop security solutions, started to emerge.”

Boanta’s solution, known as the Secure Revolving System (SRS), is an ingenious one that uses mechanical rather than digital security.

ATM skimmers work by installing a second, concealed card reader over the one that’s built into the ATM. When an unsuspecting bank customer inserts a card into the slot, the card’s magnetic stripe first runs past the read head of the skimmer, allowing it to copy all of the card’s data. The transaction then proceeds as normal and the ATM returns the card to the customer, who is none the wiser.

With Boanta’s device installed on the ATM, however, that all changes. Customers insert their cards into the slot long side first, so that the magnetic stripe is parallel to the face of the machine. The device then rotates the card 90 degrees into the ATM, where the legitimate card reader scans the magnetic stripe, then rotates it back out again to return it to the customer.

That rotation makes it impossible for an add-on skimmer to read the card, because the magnetic stripe never moves in a straight line until it is secure inside the ATM.

Obvious, yet ingenious: You don’t need to understand Romanian to get the idea

While awaiting the outcome of his trial, Valentin pitched his idea to Mircea Tudor and Adrian Bizgar of Bucharest-based technology firm MB Telecom, who helped him to patent his idea and funded development of the SRS device.

The design would go on to win the International Press Prize at the 41st International Exhibition of Inventions in Geneva, Switzerland, in April. Boanta, however, wasn’t available to accept the award. He’s currently just six months into his sentence and won’t see freedom for another four and a half years. Still, his partners at MB Telecom say all credit for the SRS design should go to him.

“He fully deserves such recognition,” Tudor told Reuters. “He’s taking part in improving Romania’s image abroad and he’ll surely join our team when released.”

MB Telecom is currently finalizing details of the commercial version of the device and expects to bring it to market in the second half of the year. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/17/romanian_hacker_atm_security/

The US Department of Defense has welcomed Apple’s iDevices into its secure networks, and has announced that that it is “taking bold steps to provide sound information and proper analysis as it fortifies its cloud computing, acquisition and data processes.”

On Firday, the DoD set the stage for a three-way smackdown among Apple, Samsung, and BlackBerry for some military love by approving the security technical implementation guide (STIG) for iOS 6 devices, thus allowing them to be used when connecting to DoD networks.

BlackBerry passed muster earlier this month, and Samsung’s KNOX hardware-software security combo is expected to gain approval soon.

For Apple and Samsung, DoD approval is important to their bottom lines, but hardly critical. BlackBerry, on the other hand, is struggling to remain relevant in what was once an enormous market for it. BlackBerry can ill-afford the competition when attempting to sell the DoD on the advantages of its Z10 and Q10 handsets.

According to Reuters, the DoD currently has 470,000 BlackBerrys, 41,000 of Apple’s mobile devices, and a mere 8,700 Android-based items in its arsenal. Those numbers, however, are relatively inconsequential, seeing as how the DoD plans to open its own mobile store and build its own system to handle as many as eight million devices.

There’s a lot of purchasing to be going on, and with Apple and Samsung as its competitors, BlackBerry’s sales team will have its work cut out for it.

In a separate but related announcement, Mark Krzysko, the DoD’s deputy director for acquisition resource analysis and enterprise information – who may very well be referred to as ARAAEI in military-minded acronym-speak – said that the Pentagon is taking “bold steps” in its adoption of cloudy infrastructure.

“The technology, architecture framework and data management constructs the cloud can bring to us create ‘app-like’ thinking that [enables us to] move faster and forward more data sources out,” Krzysko said, apparently using “forward” as a verb.

The challenges that the DoD faces is not unknown among the less-armed general public: not only figuring out how to get cloudy tech and data working together, but also accomplishing the move from desktop to mobile while ensuring security.

“It is pretty much a known … intractable problem, so it gives us the opportunity to experiment … [and] create an organization to manage data and delivery in support of the decision-makers,” Krzysko said.

The Reg knows of three major manufacturers who would love to help in the mobile-device part of Krzsko’s chore – but only one of them is an American company. It will be interesting to see whether the DoD’s relationship with our close neighbor Canada or its active security partnership with South Korea play a political role in the upcoming business tussle among Apple, BlackBerry, and Samsung. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/17/department_of_defense_approves_apple_discusses_cloud/

The crooks behind the Pushdo botnet agent have developed variants of the malware that are more resistant to take-down attempts or hijacking by rival hackers.

Dell SecureWorks and Damballa warned (PDF) on Wednesday that the latest variant of Pushdo comes packed with a fallback mechanism for cases where zombie clients are unable to contact the main command-and-control server for whatever reason.

The malware starts by using a Domain Generation Algorithm (DGA) to come up with a list of 1,380 unique domains to poll on any particular day. Bot-herders can thus restore control of compromised hosts by leaving updated malware and instructions available for download at any of these domains.

However after the first DGA involved was exposed, security researchers began to work hard at developing countermeasures that block communication to the generated .COM domains. But it seems the nimble cybercrooks behind Pushdo were alive to that possibility and have already adapted, according to Aviv Raff, CTO of Seculert.

“The group behind Pushdo probably figured out that they are being investigated by the security vendors, because it didn’t take them too long to adapt to this new reality and change their Domain Generation Algorithm,” Raff explains in a blog post.

“This new DGA now generates .KZ domains instead of .COM domains. Not only that but there are now at least two new variants of Pushdo that are being pushed to victims from several different hijacked websites.”

This latest development is likely to kick off a further round of cat-and-mouse games between Pushdo’s cybercrooks and security researchers.

Pushdo has been used to distribute other malware such as ZeuS and SpyEye, as well as conduct spam/phishing campaigns with its Cutwail module. Despite four takedowns in five years of Pushdo command-and-control servers, the botnet (believed to be run by a single Eastern European hacker group) endures.

The malware is responsible between 175,000 and 500,000 active bots on any given day. The botnet is typically used to deliver malicious emails with links to websites that foist banking Trojans upon unsuspecting victims. Sometimes, the messages are made to look like credit card statements or they contain an attachment disguised as an order confirmation.

As well as applying new secondary recovery techniques, the unknown crooks behind Pushdo have begun masking command and controller traffic using a fake JPEG image file, said the researchers. They have also made greater use of encryption.

A blog post by Damballa giving more background on Pushdo and how the latest variants were uncovered can be found here. David Dagon of the Georgia Institute of Technology worked together with three researchers from Damballa and one from Dell SecureWorks Counter Threat Unit in researching the latest form of the malware. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/17/pushdo_extra_stealth/

Analysis Thursday’s sentencing of three core members of hacktivist crew LulzSec and an accomplice hacker who gave them access to a botnet closes an important chapter in the history of activism. But it also leaves a number of important questions unanswered.

One of the most interesting of these puzzlers is the identity of the mysterious sixth member of the group.

LulzSec was a constant feature of the information security headlines in May-June 2011 during its “50 days of Lulz” when it attacked Fox, PBS, Sony, Nintendo, Sega, FBI-affiliated security outfits such as Infragard and HB Gary Federal, the US Senate, the Arizona State Police, the CIA and the UK’s Serious Organised Crime Agency.

Most of its targets were entertainment firms opposing file-sharing, information security outfit, or law enforcement agencies. Tactics ran from basic website-flooding attacks to defacement and site redirection. In several cases the group published stolen data from compromised websites.

The motive of the group was described by prosecutors during a London sentencing hearing this week as “anarchic self-amusement” rather than anything profit-motivated. In truth filthy lucre does play a part in the story of LulzSec, even though the overriding driver appeared in several cases to be the chance for the accused to play rock-star black-hat hackers on a global stage, sticking two fingers up to The Man.

Consequences

LulzSec had six core members: The first four were Topiary aka Jake Davis (@aTopiary), UK; T-Flow, aka Mustafa Al-Bassam (@let_it_tflow), UK; Kayla, aka Ryan Ackroyd (@lolspoon), UK; Sabu, aka Hector Monsegur (@anonymouSabu), US.

The final two, at least according to the US Attorney’s Office and the FBI indictment, were Pwnsauce, named as Darren Martyn (@_pwnsauce), Ireland; and finally the mysterious AVunit (@AvunitAnon), whose identity is unknown.

The first three of these suspects were sentenced in London’s Southwark Crown Court on Thursday. Jake Davis, 19, of Lerwick, Shetland received a 24-month sentence in a young offenders’ institute, of which he’ll serve half.

Ryan Ackroyd, 26, of Mexborough, Doncaster, received a 30-month sentence. Providing he behaves himself, he’ll serve only 15 months. Mustafa Al-Bassam, 18, from Peckham, south London, got a 20-month sentence, suspended for two years, as well as 300 hours of community work. Al-Bassam avoided jail because of he was underage and still at school at the times of his offences.

Ryan Cleary (AKA Viral), 21, of Wickford, Essex, was found to have supplied a botnet of around 100,000 compromised computers that acted as a platform for LulzSec to blitz targeted websites. He was not a core member of the group but was prosecuted in the same case and ultimately received the most severe punishment of all the accused: a 32-month prison sentence.

Extradition ‘not anticipated’

The quartet were investigated in a joint operation by the Metropolitan Police’s Central e-Crime Unit and the FBI. In a statement welcoming the sentencing, Scotland Yard explained that each member of the group had a clearly defined role.

Ackroyd was responsible for researching and executing many of their hacks, Cleary assisted by allowing the use of his botnet – a system of malware-infected computers he controlled – to coordinate DDoS attacks. Al-Bassam assisted in discovering and exploiting online vulnerabilities, and also created and controlled LulzSec’s website. Davis was their spokesperson, managing their Twitter account and press releases.

Karen Todner, Cleary’s solicitor (and the law firm who represented McKinnon, issued a statement on Thursday saying they “do not anticipate” that he will become the subject of a US extradition request. Davis has also been indicted in the US but early reports suggest its unlikely that US authorities will seek his extradition.

The alleged ringleader of LulzSec, US-based Hector Xavier Monsegur – known online as “Sabu” – agreed to act as an informant following his arrest in June 2011, according to the FBI. The Feds said that Monsegur had helped them to identify other members of the group and other hackers.

Monsegur frequently acted as the group’s ideologue as well as directing attack campaigns. He was the midfield play-maker in a group that was at least nominally leaderless. He has already pleaded guilty to 12 counts of hacking, bank fraud, and identity theft and will be sentenced in August.

Darren Martyn (Pwnsauce) 26, of Galway, Ireland, was indicted in March 2012 for conspiring with other LulzSec members to attack Fox Broadcasting Company, Sony Pictures Entertainment, and the Public Broadcasting Service. He also allegedly hacked into the website of Fine Gael, a political party in Ireland. He’s yet to be tried.

That all means that while four of the six core members of LulzSec have been caught, and police have indicted a fifth man whom they suspect of being number five, the identity of Avunit remains a mystery, presumably even to Sabu or other members of the group who might have given him up in the hope of receiving a lesser sentence.

“We have no idea who Avunit is,” writes Mikko Hypponen, CRO at Finnish anti-virus firm F-Secure. “We have no identity. We don’t even know which continent he is from.”

Next page: Tradecraft

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/17/lulzsec_analysis/

The Financial Times website and its Twitter accounts were this afternoon hijacked by pro-government hackers from the “Syrian Electronic Army”.

The posh broadsheet’s Tech Blog – at http://blogs.FT.com/beyond-brics – was compromised to run stories headlined “Syrian Electronic Army Was Here” and “Hacked by the Syrian Electronic Army”.

Meanwhile, the Technology News (@FTtechnews), FT Media and FT Markets Twitter feeds were seized by miscreants, who posted web links to disturbing YouTube videos of jihadis executing men by firing squad.

The blog has been cleaned up, but the Twitter accounts remain compromised.

Breaking news, literally … the compromised Pink ‘Un‘s tweets

The takeover is the latest in a series of high-profile attacks against media organisations by hackers apparently in favour of Syrian president Bashar al-Assad. The so-called electronic army has knackered the online operations of the The Guardian, Associated Press, the BBC and even satirical newspaper The Onion.

Techies at The Onion published an informative postmortem after the attack, revealing its email accounts were infiltrated following a multistage phishing expedition – a raid that gave the hackers control of the magazine’s social networking pages. The techniques used against the FT are unclear at the time of writing.

Computer security biz Arbor Networks said Twitter’s anticipated introduction of two-factor authentication ought to curtail, if not eliminate, this sort of account hijacking. Dan Holden, director of research at Arbor, commented: “Twitter recently announced plans to introduce two factor authentication, which is a big step forward from a security perspective. As this particular event shows the human element is often the weakest link in any security solution.”

“Given similar attacks in recent weeks against the Guardian in the UK and The Onion in US these attacks seem to be very targeted. Organisations should put processes in place to ensure that their staff are trained on best practices and have the support and training needed to allow them to follow these practices easily during their normal working routine. Ideally network monitoring solutions should also be put in place to alert an organisation when a user system connects to a known bad actor on the internet as this may indicate a compromise, allowing remedial action to be taken before there is any business impact,” he added. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/17/ft_twitter_hijacked_by_sea/

David Strickland, Administrator of the USA’s National Highway Traffic Safety Administration (NHTSA), has told that nation’s Senate Committee on Commerce, Science, and Transportation that he plans to research the security requirements of automated cars and vehicle-to-vehicle (V2V) networks.

Strickland appeared before the committee this week and gaped with appropriate metaphorical awe at the likes of Google’s self-driving vehicles and V2V network proposals that would see one car radio another to tell it when heavy braking is required. Such systems, Strickland said, could “potentially address about 80 percent of crashes involving non-impaired drivers once the entire vehicle fleet is equipped with V2V technology.”

He’s also worried about what he called “vehicle cybersecurity”, because he believes more technology in cars creates ”growing potential for remotely compromising vehicle security through software and the increased onboard communications services”

NHTSA has asked for an extra $US2m to research the problem, with the aim of “of developing a preliminary baseline set of threats and how those threats could be addressed in the vehicle environment”. Standards for car-makers are also on the agenda.

Strickland detailed other objectives as follows:

For the V2V program, our research is evaluating a layered approach to cybersecurity. Such an approach, if deployed, would provide defense-in-depth, managing threats to ensure that the driver cannot lose control and that the overall system cannot be corrupted to send faulty data. In partnership with the auto companies and other stakeholders we have developed a conceptual framework for V2V security. We are also developing countermeasures to prevent these security credentials from being stolen or duplicated. Additionally, we are developing protocols to support a V2V security system that is designed to share data about nefarious behavior and take appropriate action.”

Just what that last sentence means is anyone’s guess. Here in Vulture South we imagine privacy groups might imagine liberty-challenging driver tracking, or at the very least cars letting it be known when someone’s tickling their digital innards in suspicious ways.

Strickland’s testimony (PDF) also signalled his agency has started work on a policy framework to allow self-driving cars. He offered the Committee an interesting hierarchy of vehicle automation that’s too long to re

• Level 0—No Automation. At the initial Level 0, the driver is in complete control of the primary vehicle controls (steering, brake, and throttle) at all times, and is solely responsible for monitoring the roadway and for safe operation of all vehicle controls.
• Level 1—Function Specific Automation. Level 1 automation involves one specific control function that is automated. The driver still maintains overall control, and is solely responsible for safe operation, but can choose to cede limited authority over a primary control.
• Level 2—Combined Function Automation. Level 2 automation means that under some circumstances “the driver can disengage from physically operating the vehicle by taking hands off the steering wheel and feet off the pedals at the same time.”
• Level 3—Limited Self-Driving Automation. Level 3 automation enables the driver to cede full control of all steering, brake, and throttle functions to the vehicle while remaining “available for occasional control, but with a comfortable transition time that will enable the driver to regain situational awareness.”
• Level 4—Full Self-Driving Automation. The vehicle is designed to perform all safety-critical driving functions and monitor roadway conditions for an entire trip.

Strickland also said the agency is looking into whether guidelines are needed for how voice-activated in-car technology is designed, with an eye to possible future guidelines. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/17/usa_car_network_security_research/

A blogger claiming to have superpowers has exposed a flaw in a parking company’s vehicle recognition system which could see innocent drivers wrongly hit with fines.

Going under the name Parking Prankster, the activist set out to discover whether he could trick automated systems used by private parking companies into issuing him with a penalty notice.

He visited his local shopping centre’s car parks twice in one day and found that the Automatic Number Plate Recognition (ANPR) systems would fail to notice the car leaving, resulting in a parking ticket being issued for a lengthy overstay.

After making a two visits to a carpark in Yate Shopping Centre, Bristol, and buying a correct ticket for each visit, the Prankster was sent a parking fine by London-based private parking company Highview Parking, which describes itself as the “leading provider of ANPR products and solutions to the industry”.

The blogger’s letter appealing against the fine said: “As my car was not parked at this location between the times stated, I can only assume that you have made a mistake.”

He added:

Fortunately for the last few years I have begun to suspect that I am cultivating superpowers. I believe this is because I may have been bitten by a radioactive spider when I was a child. The particular superpower I possess is to cancel any parking charge notice issued to me.

Incredulous parking staff promptly wrote back, dismissing the appeal: “We are unable to accept your claim that you have superpowers and your claim bears no relevance to this matter whatsoever.”

The parking blogger then launched a further dispute with the independent body Parking On Private Land Appeals (POPLA), who have the power to revoke tickets.

Writing to the appeals body to defend their decision to issue a fine for overstaying, Highview Parking said: “We received an appeal, in the loosest possible sense of the word, from The Parking Prankster on the basis that he was bitten by a radioactive spider and, as such, has superpowers which include cancelling any Parking Charge Notice issued to him. His appeal was rejected on the grounds that we are unable to accept his claim, which bears no relevance to a serious appeals process.”

“You are therefore essentially being asked to assess and comment on the case of a deliberately evasive and deceitful driver who wishes to make a mockery of the issue of Parking Charge Notices and the appeals process thereafter,” the letter continued.

But the Prankster had both of his valid parking tickets, as well as time-stamped photographs proving his car was elsewhere during the period in question.

After seeing his evidence, POPLA accepted the appeal and cancelled the ticket. Highview Parking’s CCTV footage of the car was also dismissed as evidence because it was in a format that could not be read by POPLA’s appeal staff.

The Parking Prankster told The Register that people who are given parking tickets should learn from his example.

“The Parking Operator refused to believe that my car was elsewhere, even when presented with the full POPLA evidence pack,” he said, “including photographs with GPS location and date, CCTV evidence, receipts, emails and everything but the kitchen sink.

“That strengthens my belief that the Parking Operator appeal phase is nothing but a sham. However, a properly worded POPLA appeal is currently being upheld almost 100% of the time. That means almost all tickets can be cancelled.”

The activist also defended his rather peculiar approach to challenging the parking industry:

I have a mental view of the typical parking company office being overseen by a Basil Fawlty-like manager, while poor underpaid Manuel and Polly hurry around trying to clean up his mess.

He added: “As well as the serious part of my appeal, I always include some light-hearted fun to brighten up their day. I assume that most people are rude and horrible to the people reading the appeals, so a bit of humour helps them through their thankless work.”

We tried to contact Highview Parking for comment but were told it was “company policy” to refuse to answer questions from journalists.

“We don’t accept calls of this kind,” they told The Register. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/17/carpark_superhero_numberplate/

The annual Oslo Freedom Conference, where activists meet to share tips on advancing human rights, has thrown up an unusual piece of Apple OS X malware.

At a workshop covering how to secure your hardware against government intrusion, security researcher Jacob Applebaum discovered the code on a laptop owned by an Angolan human rights campaigner. The malware was stealing screenshots from the infected system and uploading them to two command and control servers.

The malware is a hidden program called macs.app which installs itself among the computer’s log-in items so that it fires up once the machine is booted. It had been signed off by a legitimate Apple developer ID, enabling it to get past Cupertino’s Gatekeeper security software.

Once activated, the software takes a regular series of screenshots from the infected computer and sends them off to two servers – one of which has been found to be inactive and the other is private. Since the initial discovery, a second sample of the malware has also been discovered on another system, but this isn’t thought to be a large-scale attack.

“The Angolan activist was pwned via a spear phishing attack – I have the original emails, the original payload and an updated payload,” Applebaum tweeted. He also said that Apple has now revoked the developer ID used by the code.

Thankfully, removing the malware is relatively simple. F-Secure already has a signature file for it included in its security software, and users can delete it themselves by removing the macs.app application from the log-in queue and applications folder.

The use of a developer ID is unusual in the world of malware for OS X, and this fact, along with its highly targeted distribution method, suggests it’s a custom job done specifically for spying on specific individuals.

Malware is increasingly being used to spy on activists in China and other countries (here in the Land of the Free the government doesn’t need to, since the phone companies are happy to help) and those who think they might be under surveillance should take extra precautions with their systems and communications. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/17/mac_malware_steals_screenshots/

Three British members of the notorious LulzSec hacktivist crew and a hacker affiliate were sentenced today for a series of attacks against targets including Sony, News International, the CIA and the UK’s Serious Organised Crime Agency. The youngest of the four accused avoided jail with a suspended sentence while the other three were jailed for terms ranging from 24 to 32 months.

Jake Davis, 19, of Lerwick, Shetland; Ryan Ackroyd, 26, of Mexborough, Doncaster; and Mustafa Al-Bassam, 18, from Peckham, south London all previously admitted involvement in computer hacking attacks. All three were core members of LulzSec while Ryan Cleary, 21, of Wickford, Essex, supplied a botnet of around 100,000 compromised computers that acted as a platform to blitz targeted websites with junk traffic, crashing many sites in the process.

The hackers ran distributed denial of service (DDoS) attacks against the Arizona State Police, 20th Century Fox, HBGary Federal, Bethesda, Eve Online, Nintendo, SOCA and others as part of operations run by various hacking groups including Anonymous and LulzSec.

Cleary (aka Viral) admitted hacking into systems at the Pentagon. He has been indicted in the US and faces possible extradition proceedings. Davis has also been indicted in the US.

Not all members of the group were involved in all the attacks, some of which went far beyond simple packet flooding. Judge Deborah Taylor sentenced the men after considering mitigating factors highlighted by their lawyers over the course of a two day hearing.

In sentencing, Judge Taylor said the group’s offences were “planned and persistent”.

“The losses were substantial even if your motivation was not financial,” she said.

Ackroyd, a former soldier who adopted the online persona of a 16-year-old girl called Kayla to rub salt into the wounds of victims, admitted stealing data from Sony. He also confessed to playing a key role in a malicious prank back in July 2011 involving redirecting visitors to The Sun newspaper’s website to a fictitious story about News Corp chairman Rupert Murdoch committing suicide.

Ackroyd taught himself computer programming as a means to gain an edge in the games he was playing online. Among his roles in LulzSec was to seek vulnerabilities on websites. He was jailed for 30 months.

Al-Bassam (aka T-Flow), who was still at school at the time of the attacks, also sought out vulnerable websites that the hacking crew could target. His barrister said that he wanted to go on to study computer science at university. Al-Bassam avoided jail with a 20 month sentence but will still be punished by having to complete a 300 hour community service order.

Davis (aka Topiary) acted as LulzSec’s main publicist as well as playing a role in co-ordinating its activities. He was sentenced to 24 months in a prison for young offenders.

The court heard that Cleary made up to £2,500 a month selling access to his zombie computer network to hackers. The Asperger’s Syndrome sufferer built up a botnet of 100,000 compromised PCs over a period of five years.

Cleary was jailed for 32 months for the computer hacking offences.

In some instances the group lifted sensitive personal data from compromised websites, London’s Southwark Crown Court heard.

Data leaks, including personal details of 74,000 people who had registered to appear on X-Factor, were made available as torrents and publicised through file-sharing sites such as the Pirate Bay. The gang obtained the data after hacking into US network Fox in May 2011.

‪LulzSec‬ stole 24.6 million customers’ private records during an attack on Sony. The entertainment giant was forced to take its PlayStation Network offline for weeks in the wake of the mega-breach, which ultimately cost it an estimated $20 million.

“This is not about young immature men messing about,” prosecutor Sandip Patel told the court at the start of the mens’ sentencing hearing, Reuters reports. “They are at the cutting edge of a contemporary and emerging species of international criminal offending known as cyber crime.”

“LulzSec saw themselves as latter-day pirates,” Patel said, adding that the group were motivated by “anarchic self-amusement”.

LulzSec – or the Lulz Security hacking collective – started off as an offshoot from the Anonymous hacking collective in 2011. It went on claim a large number of attacks during a 50 day hacking spree in the summer of 2011. Most of its targets were entertainment firms opposing file sharing and law enforcement or intelligence agencies. ‪LulzSec‬ ran a Twitter hashtag called “Fuck FBI Friday” that boasted of its latest assaults.

The alleged ringleader of LulzSec, Hector Xavier Monsegur – known online as “Sabu” – turned FBI snitch following his arrest in June 2011 and helped to identify other members of the group. Monsegur’s sentencing hearing has repeatedly been delayed. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/16/lulzsec_sentencing/