Follow us on RSS or Twitter for the latest updates.

September 23, 2011

Alleged LulzSec, Anonymous hackers arrested


antisec
An Arizona man was arrested today for allegedly stealing data from Sony Pictures Entertainment earlier this year, and two others were indicted on charges of participating in a denial-of-service (DoS) attack that temporarily shut down Santa Cruz County servers late last year.


Cody Andrew Kretsinger, 23, of Phoenix was indicted September 2 by a federal grand jury on charges of conspiracy and unauthorized impairment of a protected computer, the FBI said in a statement. Kretsinger could not be reached for comment.

Separately, 47-year-old Christopher Doyon of Mountain View, Calif., was arrested and appeared before Magistrate Judge Howard Lloyd in U.S. District Court for the Northern District of California in San Jose, according to a U.S. Department of Justice statement released this afternoon. Lloyd ordered that a bail study be done and set a court appearance for September 29 at 1:30 p.m. PT.

Doyon, who allegedly uses the alias "Commander X," and Joshua John Covelli, 26, of Fairborn, Ohio, were indicted on charges of conspiracy to cause intentional damage to a protected computer, causing intentional damage to a protected computer, and aiding and abetting by participating in a distributed DoS attack on Santa Cruz County servers December 16, 2010, shutting down the Web site. A criminal summons was issued to Covelli, aka "Absolem" or "Toxic," to appear before Magistrate Paul Grewal in San Jose on November 1.

In the Sony case, Kretsinger is accused of using proxy services via the hidemyass.com site, designed to offer anonymous Internet access, to probe Sony Pictures Entertainment's computer systems in May, according to the indictment, which was unsealed in U.S. District Court in Los Angeles today.

He and other co-conspirators looked for vulnerabilities and exploited them by means of a SQL injection attack between May 27 and June 2, the indictment says. They then allegedly compromised the Sony system, making "tens of thousands of requests for confidential data," and released the information from Sony on a public Web site and on Twitter.

Kretsinger permanently erased the hard drive of the computer he used to conduct the attack, the indictment alleges. He is due to make an initial appearance in federal court in Phoenix today. The U.S. government will request that he be transferred to Los Angeles to face prosecution. He faces up to 15 years in prison if convicted.

He is alleged to have used the hacker handle "recursion" and is believed to be a member of the LulzSec hacker group.

The LulzSec group, believed to be a spinoff of the Anonymous group of online activists, had bragged about breaking into Sony Pictures' system, posting a statement on Pastebin on June 2 and proof of their attack. "We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts," the statement said. "Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 'music codes' and 3.5 million 'music coupons.'"

A week later, Sony said that actually personally identifiable information of 37,500 customers had been exposed in the breach. The breach was one of a series of attacks targeting Sony and its affiliate sites globally that started in May following a legal spat Sony had with a hacker who had modified his Sony PlayStation 3.

In the San Jose cases, the indictments allege that the attack on Santa Cruz County servers was orchestrated by the People's Liberation Front (PLF), which is associated with the Anonymous group. After the city enacted a law restricting camping in city limits, protesters occupied the courthouse premises and several were charged with misdemeanors, the Justice Department said. In retaliation, the PLF organized the DoS attack, the statement alleges.

Covelli is also separately under indictment in U.S. District Court for the Northern District for allegedly participating in a distributed DoS attack on PayPal in December 2010. His next court appearance in that case is set for November 1 at 9 a.m. PT before Judge Lowell D. Jensen in San Jose. Neither Doyon nor Covelli could immediately be reached for comment this afternoon.

The Justice Department and FBI said they could not comment on the San Jose cases beyond the indictments and statements, so it is unclear exactly where Doyon was arrested. Earlier today, Fox News reported that a hacker who is believed to be homeless was arrested in San Francisco on charges of participating in attacks allegedly carried out by activist group Anonymous on Santa Cruz County government Web sites, and that search warrants were being executed in New Jersey, Minnesota, and Montana. An FBI spokesman said that the agency does not typically comment on search warrants.