A 19-year-old Essex man has been indicted by a federal grand jury in the United States for his part in the Lulzsec hacking group, which claimed responsibility for a number of attacks on media and video game websites last year.
Ryan Cleary was arrested in June 2011 and charged with violating the Computer Misuse Act and the Criminal Law Act 1977.
Now the Los Angeles Times has released a copy of the indictment, which claims Cleary “developed software for, and maintained and controlled a large botnet” which he used to “conduct DDOS attacks against various corporate and government entities”.
The papers also accuse Cleary of renting out his botnet to other cybercriminals.
Lulzsec first came to attention in May 2011 when they claimed to have hacked the Fox Entertainment website, taking responsibility for leaking employee information and user passwords as well as a database of applicants for TV talent show X Factor.
An offshoot of hacktivist group Anonymous, the group then went on to attack public television provider PBS, Sony Pictures Entertainment and the online game League of Legends amongst others. Crimes varied from simply bringing down websites to stealing and releasing confidential user data.
In a blog post for PC World, freelance technology writer Ian Paul pointed out that while the group probably didn’t have any particularly sinister motives, their actions were still putting users at risk.
“As its name suggests, LulzSec claims to be interested in mocking and embarrassing companies by exposing security flaws rather than stealing data for criminal purposes,” Paul wrote on June 3 2011.
“But that doesn’t mean others won’t capitalize on security flaws exposed by the online pranksters.”
Cyber-attacks like the ones perpetrated by Lulzsec can have major impacts on businesses. Often a red cell assessment can be the best way to defend your business against an attack, by simulating a legitimate security penetration attempt.