Four British hackers who took part in 2011 cyber-attacks on targets ranging from the CIA to Sony were audacious, arrogant men whose motivation was “anarchic self-amusement”, a court heard on Wednesday.
The men, who have pleaded guilty to a variety of offences, were members of the hacking collective LulzSec that caused millions of dollars of damage to corporate and government computer networks during an online crime spree they boasted about on Twitter.
“They are at the cutting edge of a contemporary, emerging species of international criminal offending known as cyber crime,” prosecutor Sandip Patel told a London court at the start of the men’s sentencing hearing.
“LulzSec saw themselves as latter-day pirates,” he said.
The four men being sentenced were Ryan Cleary, 21; Ryan Ackroyd, 26; Mustafa Al-Bassam, 18, and Jake Davis, 20. In their hacker days, they hid their identities behind the online monikers ViraL, Kayla, tFlow and Topiary, respectively.
“The real-life identities of the hackers were aggressively concealed. Similar protection did not extend to their victims,” Patel said.
Among other attacks, the men hacked into Pentagon computers, crashed the CIA’s website, stole millions of items of private individuals’ data such as passwords and user names from companies including Fox or Sony and posted them online on sites such as Pirate Bay.
Their exploits, as they described them, also included hacking into News International’s computer system to post a fake story, purporting to be from the Sun tabloid, announcing that owner Rupert Murdoch had committed suicide.
They also attacked the U.S. public broadcaster PBS’s website, redirecting users to a fake news story reporting that the late rapper Tupac Shakur was alive.
In addition to the hacking offences to which all four have pleaded guilty, Cleary alone has pleaded guilty to charges of downloading pornographic images of babies and children.
“Laughing at your security”
Patel said the four men’s activities were as much about self-promotion as they were about hacking, describing them as adept at getting the attention of media and of hundreds of thousands of Twitter followers and motivated by “anarchic self-amusement”.
He said LulzSec was a splinter group that had evolved out of Anonymous, a bigger, shapeless “hacktivist” collective, but that LulzSec lacked the libertarian political agenda of Anonymous.
He said the LulzSec slogan was “laughing at your security since 2011” and that a press release in August 2011 had said they had acted in the way they had “just because we could”.
The name LulzSec is a combination of “lulz”, a distortion of the commonly used “LOL” or “laugh out loud”, and security.
The alleged ringleader of LulzSec was U.S.-based Hector Xavier Monsegur, known as “Sabu”, who was arrested in June 2011 but agreed to cooperate, maintaining his online persona for a time and leading the FBI to other members of the group.
Patel said the core members of LulzSec were Monsegur, Ackroyd, Al-Bassam and Davis. He said Cleary was not a core member but wanted to be.
Monsegur is awaiting sentencing in the United States, while a 24-year-old IT worker was arrested in Australia in April in connection with LulzSec.
Lawyers for the four British hackers were due to address the court about mitigating factors later on Wednesday. Judge Deborah Taylor is expected to sentence them either on Wednesday or Thursday.