The FBI arrested a suspected member of the hacking group LulzSec yesterday for allegedly taking part in an extensive security breach involving Sony Pictures Entertainment. The hacker, 23-year-old Cody Kretsinger, is charged with conspiracy and the unauthorized impairment of a protected computer in connection with the attacks on the film studio in May and June.
The nine-page indictment, unsealed yesterday, accuses Kretsinger and other conspirators of obtaining confidential information from Sony computers using a SQL injection attack against its website. It is common for hackers to use this type of attack to gain access to servers and steal information by exploiting vulnerabilities in its defences.
The indictment further accuses Kretsinger, also known online as "recursion", of helping post information the group stole from Sony on LulzSec's website and of announcing the intrusion on the hacking group's Twitter account. He also stands accused of erasing his hard drives after the attack, in a bid to evade law-enforcement.
At the time of the attacks, LulzSec published the names, date of births, addresses, emails and phone numbers of thousands of people who had entered competitions run by the Sony corporation.
"From a single injection we accessed EVERYTHING," they said in a statement at the time. "Why do you put such faith in a company that allows itself to become open to these simple attacks."
If convicted, the hacker faces a maximum sentence of 15 years in prison. The government is currently requesting that he's moved to Los Angeles, the location of the hacked Sony computers and where the case against him was filed. The FBI is still investigating the extent of the damages caused by the attack and Sony has yet to comment on the arrests.