Cody Kresinger, who pleaded guilty in April 2012 to charges of conspiracy and unauthorized impairment of a protected computer – namely, Sony Pictures Entertainment – was yesterday sentenced to one year in prison and 1000 hours community service, and further ordered to pay $605,663 in restitution.
Kresinger, known online as Recursion, was a member of LulzSec, a prolific hacking group famous for 50 days of mayhem in 2011; but now mostly serving or awaiting sentence. He was arrested and charged in September 2011. He originally claimed innocence, but in April 2012 he accepted a plea bargain for a more lenient sentence. It is not known whether that bargain involves co-operating with FBI investigations in a manner similar to the LulzSec leader, Sabu.
On 2 June 2011, LulzSec announced on Pastebin, “We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 ‘music codes’ and 3.5 million ‘music coupons’.” It added, “What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it.”
The hack was achieved with a SQL injection attack. “SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING.”
Read more: http://www.infosecurity-magazine.com/view/31922/lulzsec-hacker-kresinger-gets-a-year-in-prison/
ShinyHunters member gets 3 years in prison for breaching 60 firms
LockBit ransomware affiliate gets four years in jail, to pay $860k
Why it’s time to take warnings about using public Wi-Fi, in places like airports, seriously