Breach, Threat Management, Data Security

LulzSec Sony Pictures attacker sentenced to year in jail, huge fine

A 21-year-old Arizona man has become the second U.S. member of now-disbanded hacker group LulzSec to be sentenced for an attack on Sony Pictures.

Raynaldo Rivera, whose alias is “neuron," pleaded guilty in October 2012 to the attack. He was sentenced last week to 366 days by U.S. District Judge John Kronstadt, according to federal prosecutors in Los Angeles.

Prison time is only part of the punishment. Following his time in lockup, Rivera faces 13 months of house arrest and 1,000 hours of community service, on top of paying more than $605,000 in restitution.

According to prosecutors, LulzSec's goal in the attack was to see the “raw, uninterrupted, chaotic thrill of entertainment and anarchy."

In April, Kronstadt handed out a nearly duplicate sentence to 25-year-old Cody Kretsinger – known as “recursion." Kretsinger, also implicated in the Sony Pictures attack, initially pleaded innocent, but eventually pleaded guilty.

Prosecutors said Kretsinger and Rivera studied together at the University of Advancing Technology in Arizona, during which time Kretsinger joined LulzSec and then recruited Rivera to join the group.

Shortly after the attack, the intruders boasted about it – referring to it as “Sownage” – on a newly created LulzSec website. They said its members exploited a common SQL injection vulnerability to gain access to internal Sony networks and websites.

Also posted on the website was the "booty," which consisted of passwords, email addresses, home addresses, birth dates and other account information belonging to more than one million users, as well as 3.5 million music coupon codes that could be used to redeem songs that appear in film soundtracks. Rivera was charged with posting the information belonging to more than 138,000 people.

The attack came just a couple of months after the rampage of Sony's PlayStation Network, when roughly 77 million registered users had information compromised, including credit card numbers. It's never been determined who was responsible for that incident.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.