Four online hackers who masterminded attacks against major global institutions, including Sony Pictures and the CIA, have been jailed in Britain. The sentencing judge criticized the group's quest for publicity.
Prosecutors said the hackers, belonging to a network called Lulz Security, posted stolen information including emails and credit card details, belonging to millions of people, onto file-sharing websites. They said the activity potentially left those whose information had been stolen at risk from criminals.
The group hacked into Pentagon computers, crashed the website of the US Central Intelligence Agency (CIA), as well as targeting British institutions - including websites belonging to the National Health Service and the Serious Organized Crime Agency.
In one attack, the group targeted the website of Rupert Murdoch's The Sun newspaper, redirecting visitors to a spoof story that Murdoch had committed suicide. The group also carried out distributed denial of service (DDoS) attacks, using linked networks of up to one million computers to crash websites.
The court heard Sony lost details relating to more than 25 million customers, costing it £13 million in revenue (15 million euros). In sentencing the four, Judge Deborah Taylor said their actions had real-life consequences, despite what they considered a "cyber game."
"You cared nothing for the privacy of others but did everything you could through your computer activities to hide your own identities while seeking publicity," said Taylor.
The court heard the men, Ryan Cleary, 21, Jake Davis, 20, Mustafa Al-Bassam, 18, and Ryan Ackroyd, 26, used social media and leaked details of attacks to journalists.
Cleary was jailed for 32 months, Ackroyd for 30 months, Davis for two years, and Al-Bassam received a 20-month suspended sentence.
Prosecutor Andrew Hadik said the men's actions had caused companies serious financial and reputational damage, and that to say "it was all a bit of fun" was disingenuous.
"Coordinating and carrying out these attacks from the safety of their own bedrooms may have made the group feel detached from the consequences of their actions," said Hadik.
"They were in fact committing serious criminal offences for which they have been successfully prosecuted," he said.
In April, Australian police said they had arrested the leader of LulzSec. The 24-year-old, whose name was not released, was charged with two counts of unauthorized modification of data to cause impairment, and one count of unauthorized access to, or modification of, restricted data. The charges carry a maximum penalty of 12 years in prison.
According to Glen McEwen, manager of cyber crime operations at the Australian Federal Police, the suspect had held a position of trust at an international company where he had access to sensitive information from clients, including government agencies.
Formed in 2011 as an offshoot of the hacking group Anonymous, LulzSec shot to prominence after claiming to have hacked a number of high-profile websites, including those belonging to the CIA, Sony Pictures, Nintendo, the US Public Broadcasting Service and Britain's Serious Organized Crime Agency.
The group allegedly also broke into Australian government and university websites in 2011.
jr/msh (AFP, AFP, Reuters)