Judge in London sentences LulzSec members

Share this article:
Judge in London sentences LulzSec members
Judge in London sentences LulzSec members

Four U.K. men with varying ties to the hacktivist group LulzSec were sentenced Thursday in London – and they appear safe from U.S. extradition for now.

Ryan Ackroyd (who used the online alias "Kayla"), Ryan Cleary ("Viral"), Jake Davis ("Topiary") and Mustafa Al-Bassam ("T-Flow") received prison time ranging from 20 to 32 months following a two-day hearing at Southwark Crown Court.

Over the past year, the four had pleaded guilty to spearheading hacking and distributed denial-of-service (DDoS) attacks against government agencies, including the CIA in the United States and Serious Organised Crime Agency (SOCA) in the U.K., and high-profile corporations, such as Sony Pictures, Nintendo and 20th Century Fox.

According to reports, Ackroyd, 26, received a 30-month sentence and Cleary, 21, earned a 32-month sentence. Both men are expected to serve half of their time. Davis, 20, who ran the group's popular Twitter account, was sentenced to two years in an institution for young offenders, and is also expected to serve half of his sentence. Al-Bassam, the youngest defendant, 18, received a 20-month sentence that will be suspended for two years, assuming he avoids trouble, and he will be on probation and serve 300 hours of community service.

The judge who sentenced the foursome noted that none of their crimes were financially motivated, which likely enabled them to receive lighter sentences.

Cleary, who received the longest sentence, was the only defendant not considered a core member of LulzSec, as he was charged with aiding others by providing services such as a botnet, which allowed them to target the CIA and SOCA websites with DDoS attacks.

It's been debated whether Cleary was an official member of LulzSec at all, as some consider the core members to be Davis, Al-Bassam, Ackroyd, and group leader-turned-snitch Hector Monsegur, who also went by the nickname “Sabu.” Darren Martyn of Ireland, also known as "Pwnsauce," still awaits sentencing, and police have yet to catch the sixth unknown member, who used the online moniker “Avunit.”

In June 2011, in the midst of its hacking spree, the LulzSec group said on its Twitter page that “Ryan Cleary is not a part of LulzSec.” At the time, it claimed that one of its chat rooms was housed on his internet relay chat (IRC) server, and that was the extent of his involvement in attacks.

Despite this, Cleary was indicted last June in Los Angeles on federal hacking charges for his alleged role in infiltrating the networks of Fox, PBS and Sony.

A month prior to that, Davis and Ackroyd where indicted by a grand jury in New York for allegedly hacking the computer systems of Fox and HBGary.

According to reports, the United States, however, has yet to make a formal extradition request that any of the LulzSec defendants appear in court, but it's certainly possible.

On Thursday, a Twitter account affiliated with the Anonymous collective posted a message on Pastebin confirming comments made at the Thursday's hearing in London.

"There is a practice for the U.S. to seek extradition after the conclusion of proceedings in this country," Cleary's attorney reportedly said.

Some hope that's not the case, as the United States has a history of being much harsher on accused hacktivists. For example, Jeremy Hammond, an Illinois man who has pleaded innocent to charges that he helped compromise the Arizona Department of Public Safety in June 2011 and six months later the global intelligence firm Stratfor, has been held without bail in a New York prison since March 2012.

According to his supporters, Hammond, who has been associated with Anonymous and LulzSec, has been in and out of solitary confinement for "minor" prison infractions, and has been denied access to family and friends. He faces 30 years to life in prison.

In an unrelated case, last fall, British courts concluded that hacker Gary McKinnon would not face extradition to the United States, an outcome McKinnon had battled for years following his 2002 arrest on government hacking charges.

Share this article:

Sign up to our newsletters

More in News

Instagram iOS and Android apps vulnerable to session hijacking

Two researchers wrote about the Instagram app for iOS and Android is vulnerable to session hijacking because both send unsecured information through HTTP.

Report: Hackers stole data from Israeli defense firms

A report by Brian Krebs detailed the intrusions, which occurred between Oct. 2011 and Aug. 2012.

Neverquest trojan targets regional banks in Japan

Symantec researchers found a new variant of the banking trojan.