Four Brits that were part of the LulzSec hacker group got their sentences Thursday for their roles in cyber attacks launched against corporate and government sites in 2011.
Ryan Cleary, 21, Jake Davis, 20, Ryan Ackroyd, 26, and Mustafa Al-Bassam, 18, ended up sentenced Thursday in London’s Southwark Crown Court after previously pleading guilty to charges of carrying out unauthorized acts with the intention of impairing the operation of computers.
Davis, known online as “Topiary,” received a two-year prison sentence. He acted as a spokesperson for LulzSec, writing some of the hacker group’s announcements and managing its website and Twitter account.
Ackroyd, who posed as a 16-year-old girl online and used the alias “Kayla,” received a 30-month prison sentence, while Mustafa al-Bassam, who used the online alias “T-Flow,” received a 20-month suspended prison sentence and ordered to perform 200 hours of unpaid community work.
Cleary, who used the online alias “Viral,” received a 32-month prison sentence. He was not one of the LulzSec core members, but associated with the group and operated a botnet used to launch distributed denial-of-service (DDoS) attacks against targets.
LulzSec’s members went on a hacking spree between May and June 2011, targeting various companies and government agencies. They used hacking methods and tools to break into websites and leak the information found in their databases, including the personal details of thousands of users, and also launched DDoS attacks to make websites inaccessible.
Some of LulzSec’s targets included Sony, Nintendo, News Corp., Bethesda Game Studios, the CIA, the FBI, the Arizona State Police and the UK’s Serious Organized Crime Agency (SOCA).
Andrew Hadik, a lawyer with the Crown Prosecution Service (CPS) in the UK, characterized the actions of LulzSec’s members as “cowardly and vindictive.”
“The harm they caused was foreseeable, extensive and intended,” Hadik said. “Indeed, they boasted of how clever they were with a complete disregard for the impact their actions had on real people’s lives.”
Companies suffered financial losses and serious damage to their reputations, while hundreds of thousands of innocent individuals had their private details exposed as a result of the group’s actions, he said.
Another LulzSec member, Cody Andrew Kretsinger, from Decatur, IL, who used the online alias “recursion,” received a sentence in April to one year in federal prison for his role in LulzSec’s attack against Sony Pictures.
Hector Xavier Monsegur, the former leader of LulzSec, known online as “Sabu,” ended up arrested in June 2011 and agreed to act as an informant for the FBI. Monsegur pleaded guilty to multiple hacking offenses in relation to the group’s activity and will undergoing sentencing in August.