Digital Version of November/December 2014 Print Edition
Alleged U.K, Lulzsec associate indicted for U.S. cyber attacks
A federal grand jury in Los Angeles indicted a man who law enforcement officials call an associate of the hacking group LulzSec, with multiple computer attacks targeting a news organization and private companies, including Sony Pictures and Fox Entertainment Group.
Ryan Cleary, 20, a citizen of the United Kingdom, is currently in jail facing prosecution in England related to his hacking activities, said the FBI on June 13.
Lulzsec, an offshoot of the loosely affiliated Anonymous hacking group, has been accused over the last two years of attacks on government and private sector Websites, including those operated by Mastercard and even police departments.
According to ComputerWorld magazine, Cleary was arrested in June 2011 at his home in Wickford, England, for allegedly taking part in the DDOS attacks against Britain's Serious Organised Crime Agency. He is charged in that country with five computer-related offenses and of distributing botnet programs to attack other Web sites, including the International Federation of the Phonographic Industry and the British Phonographic Industry.
The U.S. indictment, filed on June 12 at a federal district court in Los Angeles, charges Cleary with one count of conspiracy and two counts of the unauthorized impairment of protected computers. Although the June 13 statement from the FBI doesn’t name Cleary’s alleged targets in the U.S., various reports say they include Fox, Sony, the Public Broadcasting System and HBGary Federal, among others.
If convicted of the U.S. charges, he faces a statutory maximum sentence of 25 years in prison.
The indictment alleges that between April and June of 2011, Cleary conspired with LulzSec members to damage the computer systems of a news organization and several businesses, by hacking into systems to steal data and launching distributed denial of service attacks, or DDoS attacks, using Cleary’s “botnet.” The botnet Cleary allegedly used controlled tens of thousands, potentially hundreds of thousands of enslaved computers. The indictment further alleges Cleary would rent out his botnet for certain time periods in exchange for money from individuals interested in conducting DDoS attacks targeting specific victims.
The indictment alleges Cleary helped LulzSec by identifying and exploiting security vulnerabilities on victim computers, conducting DDoS attacks, and providing access to servers and other computer resources for LulzSec members to use, including to communicate amongst each other and to store and publish confidential information stolen from victim computers.