Lulz Security really wanted to make it clear that its huge dump of Sony Playstation Network user data in June 2011 was very easy to pull off, and a lot of fun, but now that a culprit has pleaded guilty, he faces years in prison after getting entirely sold out. Far less fun. Of course, 24-year-old Cody Kretsinger probably won't get close to the maximum sentence of 15 years, but at this point he's got to be wondering if it was all worth it -- especially since the key people supposed to have his back in the operation turned out to be working for the FBI.
One of the people Kretsinger passed his Sony data to, LulzSec leader Sabu, turned out to be an FBI informant who spied on Anonymous and LulzSec members for months. Sabu agreed to cooperate after the feds caught up to him last summer and his snitching only came out last month. Kretsinger also got the shaft from a site called Hidemyass.com, a proxy server he thought would hide his actions, but which also turned out to be cooperating with the feds.
When the FBI arrested Kretsinger in September, their complaint against him bore out exactly what LulzSec had bragged about when it first infiltrated and then breached Sony: The operation took three days and utilized an SQL injection, which is one of the easiest and most common kinds of cyber-attack. It's also easy to spot, but Kretsinger apparently thought he had some kind of protection in the form of his LulzSec compatriots and Hidemyass.
"Kretsinger testified that he gave the information he got from the Sony site to other members of LulzSec [Sabu and the group's spokesman, Topiary], who then posted it onto the group's website and on Twitter," Reuters reported on Thursday. The operation cost Sony $600,000 and caused much celebration among LulzSec's fans, but now that Sabu and Topiary have been arrested and Kretsinger convicted, it looks like the Lulz boat has run firmly aground.