Three members of the high profile internet “hacktivist” group LulzSec have admitted to their parts in a series of cyber attacks against targets which included the CIA, the UK’s Serious Organised Crime Agency and News International, a court heard today.
Jake Davis, 20, and 18-year-old Mustafa Al-Bassam, who can be named for the first time today, have both pleaded guilty to attacks on websites belonging to the two agencies, as well as Sony, News International and the NHS.
And they, along with accomplices Ryan Ackroyd, 26, also admitted hacking into the systems of Sony, Twentieth Century Fox and a US police force in bids to steal data and redirect visitors to spoof sites. Fellow defendant Ryan Cleary, 21, had already pleaded guilty on the same charges, as well as four other related ones and all four men now await sentencing.
As Ackroyd issued a last-minute change of plea to guilty at Southwark Crown Court today, prosecutor Sandip Patel told the court: “He was the hacker, so to speak, they turned to him for his expertise as a hacker”, and said Ackroyd admitted using the persona of a 16-year-old girl Kayla online.
The group, an offshoot of the “Anonymous” hacktivists, caused an international stir as they coordinated high profile attacks against some of the world’s biggest companies and intelligence agencies in 2011, often from their bedrooms. It was later revealed that their de facto leader Hector Xavier Monsegur, aka “Sabu”, had been turned by the US authorities following his own arrest.
Apart from hacking into sites, the group carried out non-hacking attacks - called Distributed Denial of Service (DDoS) - in a bid to block access to the websites they targeted. DDoS, one of the most common attacks used by online activism groups, work by bombarding websites with traffic until they cannot deal with the weight and cease to load.
The group used a system which allows them to infect and, thereby, take control of other people’s computers - called a botnet – to carry out the attacks. The tactic, one of the most commonly used by similar groups, allows them to use the computers in their power to blast target sites with amplified volumes of traffic.
The full extent of LulzSec’s campaign was revealed as members of the group admitted to their parts in DDoS attacks on the CIA, SOCA, News International and the anti-gay Westboro Baptist Church. They also attacked gaming sites Bethesda and Eve Online.
And their hacking campaign took in the NHS, Sony and Twentieth Century Fox. They also targeted HBGary, which was allegedly looking to infiltrate hacktivist groups, US Public Broadcasting Service Inc, FBI contractor Infragard, Nintendo and the Arizona State Police. And they carried out another attack on News International.
The attacks were carried out with other, unknown members of the groups LulzSec, Anonymous and Internet Feds.
Davis, Al-Bassam and Cleary all admitted to the same count of launching DDoS attacks, which prosecutors agreed could lie on file in respect of Ackroyd. All four admitted another count of computer hacking, while Cleary alone admitted a further four hacktivism-related counts, with two more lying on file.