Second Alleged LulzSec Sony Hacker Arrested

Young man in handcuffs - copyright Fotolia

The Sony security saga rolls on with another arrest

An alleged member of the LulzSec hacktivist group has been arrested in the US in an investigation into last year’s hack of Sony Pictures Entertainment’s database.

Sony was pummelled by cyber attacks last year, the most significant one targeting its PlayStation Network (PSN) in April, which saw data of 77 million users compromised. In June, it emerged SonyPictures.com was hacked. LulzSec claimed to be behind the attack, saying it had published several lists with extracts from over a million compromised user accounts.

Raynaldo Rivera, a 20-year-old from Arizona, was taken into custody in Phoenix Arizona yesterday, the FBI said, charging him with conspiracy and unauthorised impairment of a protected computer. He could be jailed for up to 15 years, according to various reports.

Breaking LulzSec apart

The FBI has been cracking down on the hacktivist group. Another alleged LulzSec member, 24-year-old Cody Kretsinger, was arrested last year and pleaded guilty to charges relating to the same hit on Sony.

Hector Xavier Monsegur, known online as the leader of LulzSec “Sabu”, was recently given six months of semi-freedom for his contribution to the demise of the hacker collective, before being sentenced on 12 counts of violating federal law. Monsegur’s trial was delayed as he became an informant for the FBI after being arrested in June 2011, but he could still be handed 124 years in prison if found guilty of all the charges.

It is believed the Sony Pictures website was hacked with a simple SQL injection hit. LulzSec boasted about attacking the site over Twitter. “From a single injection we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”LulzSec said.

Other Sony businesses, including Sony BMG Music Entertainment, Sony Qriocity, the Sony-run Japanese service provider So-net and the Canadian Sony Ericsson eShop were all believed to have been hacked, as was a company server in Thailand.

Yet the Information Commissioner’s Office (ICO) has not issued a decision on security practices at the company, having announced an investigation in April 2011, even though it told TechWeekEurope on 28 March this year that a decision was expected in around six weeks from that date.

The ICO has repeatedly told this publication that a decision is imminent, but nothing has emerged. Sony has not responded to a request for comment on a delay.

How well do you know Anonymous? Take our quiz!