LulzSec Hacker Pleads Guilty To Sony Pictures Hit

A judge's gavel on a computer keyboard. Law, justice, court, DOJ, trial.

Lulzsec hacker Raynaldo Rivera is looking at a maximum five years in jail

LulzSec hacker Raynaldo Rivera, who was arrested in August on charges of hacking the Sony Pictures website, is facing a prison sentence after pleading guilty to the allegations.

Sony was battered by hackers last year, with the worst hit seeing over 77 million PlayStation Network users’ data compromised in April. The Sony Pictures databases were cracked open with a SQL injection attack soon after.

Law enforcement agencies have been putting pressure on hacktivists, meanwhile. In a plea agreement with the United States Attorney’s Office for the Central District of California, Rivera agreed to plead guilty to one charge at the earliest possible opportunity.

LulzSec getting hit where it hurts?

In the agreement Rivera claims he joined LulzSec in May 2011, taking part in a SQL injection attack on Sony Pictures, “impairing the integrity and availability of data, programs, systems, and information”. It is alleged Rivera stole data, including “personal identifying information for thousands of individuals”, before handing it over to his LulzSec cohorts.

Damage to Sony Pictures was estimated to be over $605,663. Costs were incurred in a number of areas, including money spent on computer forensic firms, staffing call centres and providing credit monitoring services for individuals whose data was compromised.

Rivera now faces a maximum five year prison sentence and a fine of at least $250,000. He will most likely pay restitution to Sony too.

Law enforcement has been capturing and prosecuting hacktivists since they became considerably more prominent in 2010. In June, UK teenagers Ryan Cleary and Jake Davis pleaded guilty to a number of charges, covering attacks on the US Central Intelligence Agency (CIA) and the Serious Organised Crime Agency (SOCA).

Graham Cluley, senior technology consultant at Sophos, said he was unconvinced by the impact hacktivist groups like LulzSec and Anonymous had made, but expected them to keep going despite law enforcement efforts.

“It never seemed terribly well expressed to me – and sometimes the actions of hacktivists seemed to not just expose big corporations but also put the ‘little people’ at risk too by exposing their personal information,” he told TechWeekEurope.

“I think hacktivism is here to stay. However, we’re going to see the authorities cracking down more and more on those who think it’s OK to hack into organisations, DDoS companies and steal information.

“Not having a clear financial motivation is not going to necessarily mean that you are treated any less leniently by the courts.”

How well do you know Anonymous? Take our quiz!