2011 Computer Attack Cost Sony $600 Million
A second member of the LulzSec hacking group surrendered this week to federal authorities after being charged for his role in an extensive computer attack against computer systems owned and operated by Sony Pictures Entertainment.
Raynaldo Rivera, 20, of Tempe, Arizona, was taken into custody in Phoenix after surrendering to the FBI.
On August 22 a federal grand jury in Los Angeles returned an indictment that was filed under seal. The two-count indictment charges Rivera with conspiracy and the unauthorized impairment of a protected computer. The federal indictment was unsealed this week.
According to the indictment, the computer systems of Sony Pictures Entertainment were compromised from approximately May 27, 2011 through June 2, 2011, by a group of hackers, known as “LulzSec” or “Lulz Security,” whose members anonymously claimed responsibility for the attack. Rivera, also known by the monikers “neuron,” “royal” and “wildicv,” is alleged to have been a member of LulzSec.
The indictment alleges that in order to carry out the attack, Rivera allegedly used a proxy server in an attempt to mask or hide his Internet protocol (IP) address. The indictment alleges that Rivera and co-conspirators, including defendant Cody Kretsinger, who was indicted in September 2011 in connection with the same intrusion, obtained confidential information from Sony Pictures’ computer systems using an SQL injection attack against its website.
An SQL injection attack is a technique commonly used by hackers to exploit vulnerabilities and steal information. The indictment alleges that Rivera and his co-conspirators distributed the stolen information, including by posting the data on LulzSec’s website, and by announcing the attack via its Twitter account. Kretsinger pleaded guilty in April and is scheduled to be sentenced on October 25 by United States District Judge John A. Kronstadt.
LulzSec is known for its affiliation with the international group of hackers known as “Anonymous.” According to the indictment, Anonymous is a collective of computer hackers and others throughout the world linked to cyber attacks, including the dissemination of confidential information stolen from victims’ computers, targeting individuals and groups its members perceive to be hostile to its interests.
In 2011, LulzSec was linked to the hacking, or attempted hacking, of numerous targets, including various websites that represent governmental or business entities, among others.
Rivera made an initial appearance before a federal magistrate in U.S. District Court in Phoenix Tuesday afternoon and was ordered to appear in Los Angeles on September 14, 2012.
If convicted, Rivera faces a statutory maximum sentence of 15 years in prison.
This investigation was conducted by the Electronic Crimes Task Force (ECTF) in Los Angeles. The ECTF is comprised of agents and officers from the FBI; the United States Secret Service; the Los Angeles Police Department; the Los Angeles County Sheriff’s Department; the United States Attorney’s Office; the Los Angeles County District Attorney’s Office; and the California Highway Patrol. The FBI’s Phoenix Office provided assistance during the investigation and arrest of Rivera.
This case is being prosecuted by the United States Attorney’s Office in Los Angeles.