Raynaldo Rivera, from Tempe, Arizona, has admitted hacking into computer systems belonging to Sony Pictures, and stealing the personal information and passwords of thousands of innocent internet users
The attack, which took place in May last year, was part of a concerted attack against Sony websites by LulzSec and Anonymous hackers during 2011.
Rivera, who was arrested by the FBI in August, admitted his guilt in the form of a plea agreement filed with Los Angeles Federal Court.
Rivera – who used online nicknames including “neuron”, “royal”, and “wildicv” – admitted launching an SQL injection attack against the Sony Pictures website, extracting confidential and personal user information – such as the names, birth dates, addresses, emails, phone numbers and passwords of people who had entered Sony contests.
The stolen information was subsequently published online by the LulzSec hacking gang, compounding the risk to innocent users.
The hack is said to have cost Sony more than $605,000 in losses.
In an attempt to hide his true identity during the attack, Rivera used the HideMyAss anonymising proxy service to disguise his IP address as he probed the Sony Pictures’ website for vulnerabilities.
However, Rivera had not been careful enough in disguising his tracks – and HideMyAss co-operated with the authorities when a court order was received by the anonymising proxy service.
Others considering committing crimes on the net might be wise to stop believing that using an anonymising proxy service will necessarily keep them out of the clutches of the law.
Under the plea agremement, Rivera will pay restitution to his victims. He also faces a maximum five year prison sentence, and a fine of at least $250,000.
Man with clapperboard image from Shutterstock.