• United States



by John E Dunn

LulzSec members sent to prison for infamous DDoS attacks

May 17, 20133 mins
Consumer ElectronicsData and Information SecuritySecurity

"I regret 95% of the things I've ever typed on the internet."

Four members of the infamous and largely British LulzSec hacking group that carried a string of high-profile DDoS attacks in 2011 have been handed relatively lenient prison terms of up to 32 months by the judge at Southwark Crown Court.

The bare facts are that Ryan Cleary, 21, and Ryan Ackroyd, 26, were given prison terms of 32 and 30 months respectively, while Jake Davis (‘Topiary’), 20, will spend 24 months in a young offender’s institution; Mustafa Al-Bassam, 18, was handed a 20 month suspended sentence.

All will be watched by the authorities for up to five years after their eventual release.

Although these sentences count as relatively severe by UK standards for hacking offences they are probably mild compared to the terms that might have been handed out in the US where collaborator and former LulzSec leader Hector Xavier Monsegur (‘Sabu’) has so far won sentencing delays only after turning police informer.

Information supplied by Monsegur was instrumental in the arrests of the four UK men on different dates in 2011, which caused LulzSec’s sudden and spectacular destruction.

Despite their self-assured public statements, police evidence revealed them to be a less imposing in the flesh.

Cleary managed the botnet used in DDoS attacks while Ackroyd chose the targets for attack and carried them out, hence their more severe sentences. Al-Bassam’s role was to supply information on possible vulnerabilities while Davis operated as a sort of witty, sarcastic PR man, running the public Twitter account that announced their latest successes using the callsign “tango down.”

Police claim the attacks caused APS20 million ($32 million) of damage, including reputational harm, to the clutch of organisations they honed in on, including the website of the UK Serious Organised Crime Agency (SOCA) itself.

It gets darker. On 20 June 2011, police raided Cleary’s home address where they found him in the middle of the SOCA DDoS attack; they also said that forensic analysis found child porn images on his PC.

“Theirs was an unusual campaign in that it was more about promoting their own criminal behaviour than any form of personal financial profit,” said the Police Central e-crime Unit head Charlie McMurdie.

“In essence, they were the worst sort of vandal – acting without care of cost or harm to those they affected,” she added.

“They claimed to be doing it for ‘a laugh’ but real people were affected by their actions. Today’s convictions should serve as a deterrent to others who use the internet to commit cyber-attacks.”

The inside track on LulzSec has always been something of a mystery beyond the few details made public during their trials.

However, in a new BBC interview, Jake Davis – Topiary – has now offered some fascinating insights that will probably surprise nobody.

“”It [the Topiary character] was an exaggerated version of the things I couldn’t be,” he said. “He was a lot more confident that I am certainly.”

“It [the Internet] is a very limited world. It’s a world devoid of empathy.”