LulzSec Sony Pictures attacker sentenced to year in jail, huge fine

Share this article:
The second U.S. LulzSec hacker implicated in the 2011 Sony Pictures hack has been sentenced.
The second U.S. LulzSec hacker implicated in the 2011 Sony Pictures hack has been sentenced.

A 21-year-old Arizona man has become the second U.S. member of now-disbanded hacker group LulzSec to be sentenced for an attack on Sony Pictures.

Raynaldo Rivera, whose alias is “neuron," pleaded guilty in October 2012 to the attack. He was sentenced last week to 366 days by U.S. District Judge John Kronstadt, according to federal prosecutors in Los Angeles.

Prison time is only part of the punishment. Following his time in lockup, Rivera faces 13 months of house arrest and 1,000 hours of community service, on top of paying more than $605,000 in restitution.

According to prosecutors, LulzSec's goal in the attack was to see the “raw, uninterrupted, chaotic thrill of entertainment and anarchy."

In April, Kronstadt handed out a nearly duplicate sentence to 25-year-old Cody Kretsinger – known as “recursion." Kretsinger, also implicated in the Sony Pictures attack, initially pleaded innocent, but eventually pleaded guilty.

Prosecutors said Kretsinger and Rivera studied together at the University of Advancing Technology in Arizona, during which time Kretsinger joined LulzSec and then recruited Rivera to join the group.

Shortly after the attack, the intruders boasted about it – referring to it as “Sownage” – on a newly created LulzSec website. They said its members exploited a common SQL injection vulnerability to gain access to internal Sony networks and websites.

Also posted on the website was the "booty," which consisted of passwords, email addresses, home addresses, birth dates and other account information belonging to more than one million users, as well as 3.5 million music coupon codes that could be used to redeem songs that appear in film soundtracks. Rivera was charged with posting the information belonging to more than 138,000 people.

The attack came just a couple of months after the rampage of Sony's PlayStation Network, when roughly 77 million registered users had information compromised, including credit card numbers. It's never been determined who was responsible for that incident.

Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.