Raynaldo Rivera has been taken into custody by US police. Rivera has long been suspected as a member of the hacking group known as LulzSec. He was arrested on charges of breaking into Sony Pictures Europe ‘s computer system.
A little less than a week ago, the federal grand jury in Los Angeles charged Rivera with conspiracy and unauthorized impairment of a protected computer. He just turned himself in recently.
Yesterday, the indictment was unsealed and in it, accusations claiming that Rivera (along with his co-conspirators) stole sensitive information from Sony Picture’s computer systems between May and June 2011. They used a SQL injection attack which exploits the system’s flaws and takes control of the system, against the studio.
SQL injections, or SQLi as it’s sometime referred to, has become a common method for hacking into secure systems.
According to the indictment, Rivera also helped post confidential info on their hacking website and announced the intrusion via Twitter. Rivera’s name was the only one listed in the indictment, but the FBI reported that Cody Kretsinger was one of his co-conspirators.
Kretsinger also pleaded guilty last spring to charges related to a different attack on Sony.
Despite the official indictment and arrest, unanswered questions remain regarding the whole hacking spree, which began back in early 2011, especially when the Anonymous and LulzSec (which branched out of the former group) came into the spotlight. The question that is still a mystery: who hacked into Sony’s Playstation Network in April 2011?
The attack supposedly leaked credit card details from millions of users. The strange thing about this case is that nothing can be traced back to any group. Furthermore, there has been no more details or insight as to which group carried out the attack, nor do we have data from the attack that’s been publicly posted.
The Sony Pictures Europe hack was very different. LulzSec took pride in their crime by publishing all the sensitive data including names, birthdates, addresses, passwords, and more on their website.
The hackers claimed in the statement, “From a single injection we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”
It is reported that the Sony breach cost the company £378,000 (over $600,000).