LulzSec hacker pleads guilty to Sony Pictures attack, faces prison sentence

Graham Cluley
Graham Cluley
@[email protected]

Man with clapperboard. Image from ShutterstockRaynaldo Rivera, from Tempe, Arizona, has admitted hacking into computer systems belonging to Sony Pictures, and stealing the personal information and passwords of thousands of innocent internet users

The attack, which took place in May last year, was part of a concerted attack against Sony websites by LulzSec and Anonymous hackers during 2011.

Rivera, who was arrested by the FBI in August, admitted his guilt in the form of a plea agreement filed with Los Angeles Federal Court.

Rivera – who used online nicknames including “neuron”, “royal”, and “wildicv” – admitted launching an SQL injection attack against the Sony Pictures website, extracting confidential and personal user information – such as the names, birth dates, addresses, emails, phone numbers and passwords of people who had entered Sony contests.

Sign up to our free newsletter.
Security news, advice, and tips.

The stolen information was subsequently published online by the LulzSec hacking gang, compounding the risk to innocent users.

The hack is said to have cost Sony more than $605,000 in losses.

HideMyAss logoIn an attempt to hide his true identity during the attack, Rivera used the HideMyAss anonymising proxy service to disguise his IP address as he probed the Sony Pictures’ website for vulnerabilities.

However, Rivera had not been careful enough in disguising his tracks – and HideMyAss co-operated with the authorities when a court order was received by the anonymising proxy service.

Others considering committing crimes on the net might be wise to stop believing that using an anonymising proxy service will necessarily keep them out of the clutches of the law.

Under the plea agremement, Rivera will pay restitution to his victims. He also faces a maximum five year prison sentence, and a fine of at least $250,000.

Man with clapperboard image from Shutterstock.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.