Four LulzSec hackers handed prison sentences

Four LulzSec members have been sentenced today at Southwark Crown Court for taking part in the 2011 attacks against a series of high-profile websites and publishing user information stolen in these attacks.

Ryan Cleary (aka Viral), 21, and Ryan Ackroyd (aka Kayla), 26, have been sentenced to 32 and 30 months in prison respectively and will serve at least half of the sentence .

The 20-year-old Jake Davis (aka Topiary) will be spending his 2-year sentence in a young offenders’ facility, and Mustafa Al-Bassam (aka Tflow), 18, has been handed a 20-month suspended sentence and has been ordered to perform 300 hours of community service.

Ackroyd admitted to hacking into the websites of Sony, Nintendo, News International and the Arizona State Police, and stealing data from Sony.

Davis, Cleary and Al-Bassam took responsibility for the attacks on the websites of UK’s Serious Organised Crime Agency and the National Health Service, as well as those belonging to News International, Nintendo, Sony, the CIA, the US Air Force, and many others.

Davis and Cleary denied stealing confidential data and posting it online on Pirate Bay, Pastebin or on the group’s own website. Al-Bassam distributed the stolen data both through torrents and pastebins

Cleary also admitted hacking into Pentagon’s systems, and creating a 100,000-strong botnet that was used in the attacks and occasionally rented out to other attackers. He has also pleaded guilty to possession of images depicting child abuse, but hasn’t yet been sentenced for that particular charge.

“The actions of these LulzSec hackers were cowardly and vindictive. The harm they caused was foreseeable, extensive and intended. Indeed, they boasted of how clever they were with a complete disregard for the impact their actions had on real people’s lives,” Andrew Hadik, a lawyer for the Crown Prosecution Service, commented the sentencing.

“Whilst aggressively protecting their own privacy and identities, they set out to hack and publish hundreds of thousands of innocent individuals’ private details. Companies also suffered serious financial and reputational damage. A senior executive of one American company lost his job and had to move his young family because of death threats.

“Coordinating and carrying out these attacks from the safety of their own bedrooms may have made the group feel detached from the consequences of their actions. But to say it was all a bit of fun in no way reflects the reality of their actions. They were in fact committing serious criminal offences for which they have been successfully prosecuted. This case should serve as a warning to other cyber-criminals that they are not invincible.”