FBI nabs alleged LulzSec member over Sony Pictures hack

Raynaldo Rivera is accused of using a SQL injection attack against the entertainment company

A 20-year-old man surrendered to FBI agents on Tuesday for his alleged hacking of Sony Pictures, one of a wave of attacks executed last year by the hacking collective LulzSec.

Raynaldo Rivera, 20, of Tempe, Arizona, was indicted by a grand jury last week on charges of conspiracy and unauthorized impairment of a protected computer, according to a news release from the FBI's Los Angeles office. If convicted, he could face a maximum of 15 years in prison.

The arrest comes shortly after a judge postponed the sentencing of LulzSec ringleader Hector Xavier Monsegur, known by his nickname "Sabu," for his continued cooperation in the investigation. Monsegur provided information to the FBI, leading to the arrests of one American man and four in the U.K. in March.

LulzSec, short for Lulz Security, is now defunct but was an offshoot of the decentralized hacking group Anonymous. In May and June 2011, several Sony Pictures websites were hacked by LulzSec, revealing the unencrypted passwords for more 1 million people. Sony staff information was obtained, along with special codes for music and information in Sony databases.

Rivera allegedly used a proxy server to hide his real IP address and used a SQL injection attack against Sony, according the indictment, which was unsealed on Tuesday. The type of attack involves the input of commands into web-based forms to see if the backend database will yield information.

Rivera, who went by the online nicknames "neuron," "royal" and "wildicv," allegedly distributed Sony's information to other LulzSec members, who publicized it on the @LulzSec Twitter account, the indictment said. Damages to Sony exceeded US$5,000.

Prosecutors allege Rivera worked with Cody Kretsinger, who was indicted in Sept. 2011 for the same attacks on Sony. Kretsinger allegedly provided the coupon codes along with email addresses and passwords for an extensive data release by LulzSec on June 2, 2011.

Kretsinger pleaded guilty in April and is scheduled for sentencing on Oct. 25, according to the FBI.

Send news tips and comments to jeremy_kirk@idg.com

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts