LulzSec Member admits to Hacking PlayStation Network
Last year, the gaming world was struck with concern over the security of user information when it was revealed that the PlayStation Network had been hacked. How much damage was done or how much information was stolen was initially unclear, though it can be said with certainty that it was an embarrassing and potentially dangerous ordeal for SONY, the owners of PlayStation. Worse, perhaps, is that no one could initially identify the perpetrator of the act. But, as part of a deal with prosecutors, 24 year old former LulzSec member Cody “Recursion” Kretsingerp pleaded guilty on Thursday in a California federal court. The crimes include one count of conspiracy and one count of unauthorized impairment of a secure computer. This news arrives on the heels of the story concerning the capture of Lulzsec leader Hector Xavier Monsegur, aka Sabu, who then became an informant and helped in the capture of several other hackers. This event nearly lead to Lulzsec’s elimination, but a new group, calling itself Lulzsec Reborn, continues to perform their hack attacks.
The initial attack happened in May and June of 2011. After the hacking of the PlayStation Network, Kretsinger and the other LulzSec members launched an SQL injection attack on the Sony Pictures Entertainment website. This follow up attack allowed the hackers to steal the personal information of thousands of people. According to evidence presented to the court today by Assistant U.S. Attorney Eric Vandevelde, the two hacks cost SONY over $600,000 in damages and repairs to the system.
“I joined LulzSec, your honor, at which point we gained access to the Sony Pictures website,” Kretsinger told the judge after entering his guilty plea.
Kretsinger was arrested in September of last year, and was not involved in the FBI’s recent move against LulSec. Kretsinger was caught thanks to a different investigation. The nine-page indictment issued by a federal grand jury said that he not only helped break into the Sony website, but also helped load the data online which contained the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony.
At the time of the hackings, LulzSec released a statement boasting the ease of the attacks:”From a single injection we accessed EVERYTHING,” LulzSec said in the statement. “Why do you put such faith in a company that allows itself to become open to these simple attacks?”
LulzSec and its parent hactivist group Anonymous surfaced back in 2010 to launch a cyber war in retaliation for attempts to shut down the Wikileaks website. Since then, both have attacked websites mostly with DDoS methods to protest against various causes. One of the bug differences between LulzSec and Anonymous is that while Anonymous stayed more true to the DDoS methods, LulzSec leaned more towards actual hacking and dumping sensitive data on the internet for public access.
Kretsinger’s plea agreement is currently under seal, but Vandevelde told Reuters that Kretsinger will likely receive substantially less than the maximum 15-year prison sentence. Actual sentencing doesn’t take place until July 26.