Network Security, Threat Management

LulzSec duo plead guilty to DDoS against CIA

Two members of the computer hacking group LulzSec pleaded guilty to launching distributed denial-of-service (DDoS) attacks against the Serious Organised Crime Agency (SOCA) in the United Kingdom and the Central Intelligence Agency (CIA) in the United States.

In London's Southwark Crown Court on Monday, Ryan Cleary, of Wickford, Essex, and Jake Davis, of Lerwick, Shetland, admitted involvement in a string of attacks against several high-profile targets. In addition to SOCA and the CIA, the pair admitted attacking News International, Sony, Nintendo, the Arizona State Police, 20th Century Fox, HBGary Federal, Infragard, Bethesda, Eve Online, and others.

Cleary and Davis were members of LulzSec, a small group responsible for a six-week-long hacking spree between May and June last year. They were well known for launching DDoS attacks, where websites are flooded with traffic to make them crash and go offline. Davis was known as “Topiary” and acted as the group's principal spokesperson.

He admitted to two of the four charges against him, including involvement in the attack against SOCA's website. Cleary admitted to six of eight charges, including attacking the CIA and U.S. Air Force computers based at the Pentagon.

However, they both denied two charges, under the Serious Crime Act of 2007, that they acquired or posted unlawfully obtained data to public websites, such as Pirate Bay or Pastebin.

Two other LulzSec suspects in custody, Ryan Ackroyd and an unnamed 17-year-old, have denied all the charges. Ackroyd is suspected of being the member known as “Kayla.” He and the fourth suspect denied two counts of conspiracy to do an unauthorized act or acts with intent to impair, or with recklessness as to impairing the operation of a computer or computers.

The trial date has been set for April 8, 2013. All the suspects except for Cleary were released on bail.

Cleary also faces charges in the United States, where a federal grand jury in Los Angeles indicted him with one count of conspiracy and two counts of unauthorized impairment of protected computers. The Federal Bureau of Investigation (FBI) charged Cleary with conspiring with LulzSec on a series of denial-of-service (DoS) attacks on news organizations and businesses. Cleary is also accused of operating a botnet that was used to launch DDoS attacks, and then renting it out to othes interested in launching similar attacks the network of illegally hijacked computers.

While the indictment didn't name any of the victims, LulzSec targeted a number of news organizations as part of its campaign to cause mayhem. In one of the attacks, LulzSec broke into servers at Fox Entertainment Group to steal personal information about contestants on the reality TV show X-Factor.

If found guilty, Cleary could face as many as 25 years in prison in the United States. However, there were reports earlier this month that the U.S. government has decided to not extradite Cleary.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.