Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lulzsec Member Raynaldo Rivera Pleads Guilty To Sony Pictures Breach

Posted by timothy on from the ok-at-first-I-thought-I-was-innocent dept.

hypnosec writes "Raynaldo Rivera has pleaded guilty at the US District Court for the Central District of California to hacking the Sony Pictures Entertainment website in May 2011. The 20-year-old in his plea agreement revealed that he joined Lulzsec in May of last year in a bid to help the hacking collective carry out cyberattacks on governments and businesses. Rivera, who surrendered to the FBI on August 28 this year, admitted that he was the one who launched an SQL injection attack against sonypictures.com that enabled him to extract confidential information from the website's database."

33 of 81 comments (clear)

  1. typo in summary by MichaelSmith · · Score: 2, Informative

    lof ast year

    --
    http://michaelsmith.id.au
  2. Well, he should plead guilty of wasting my time by olsmeister · · Score: 2

    After I spent an hour of my life watching him open Al Capone's empty vault.

  3. xkcd by Anonymous Coward · · Score: 3, Funny

    Bobby Tables

  4. SONY was breached a bunch of times by gelfling · · Score: 3, Informative

    They clearly learned nothing and refused to learn anything or do anything. Lemme guess, SONY is run by copywrite attorneys and Hollywood 'content' types.

    1. Re:SONY was breached a bunch of times by gweihir · · Score: 5, Interesting

      Actually this problem is typically caused by MBA "beancounters" that do not have any skills or object knowledge with regard to the things they decide. They are also characterized by a hugely inflated ego and self-assessment. What then happens is best described as "save a penny, lose a million". Add to hat that external and independent security reviews are not done or only companies with no ethics are selected ("the customer is always right" is the road to hell in security evaluations) or reports are blatantly ignored. That is how Fuckupshima happened, that is how RSA was compromised (and why are they still in business????), that is why Sony was conceptually unable to even understand what happened to it.

      Only solution: Massive corporate liability (They got your account hacked and cannot prove IT Sec due diligence? $1000 per count to the affected customer, unless the customer can prove even higher damage.) coupled with personal liability on the highest level (No external reviews? Glaring security holes not even looked for or ignored? CTO, CIO and CSO go to jail for a few years. If they can prove being blocked by the CEO and cooperate fully in the investigation, 30% sentence reduction, still at the very least 2 years they have to serve, and CEO goes to jail for a long time. All also have their salary and bonuses impounded for the time they did not perform.) Add to that surprise audits from time to time that have much the same impact if glaring security problems are found.

      Of course, this will not happen. It would require a honest and competent government to put something like that in place. They do not exist, except occasionally in small countries.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re:SONY was breached a bunch of times by tlhIngan · · Score: 1

      I suppose the worst part is well, he's the only one caught.

      Remember when Sony shut down PSN? It wasn't because they detected a breach, but because they found a bunch of people getting free DLC. Yes, free DLC. Basically people were turning their retail PS3s into developer PS3s and accessing the developer PSN store, which gives free DLC for testing purposes.

      After that, they discovered the breaches. But that was too late - who knew how long the data was accessible. This guy was stupid and bragged. The smart ones don't brag, but quietly make use of the data. Do it well enough and the logs would get wiped out as part of the natural rotation.

      At least this guy basically told everyone that Sony was vulnerable.

    3. Re:SONY was breached a bunch of times by kamapuaa · · Score: 1

      Right, what we need is a government body determining which computer security holes are worth sending people to jail for three years. Of course, even nuclear programs have been hacked successfully, so basically every single person involved with a computer system needs to become liable for something or another, and sent off to jail.

      --
      Slashdot: providing anti-social weirdos a soapbox, since 1997.
    4. Re:SONY was breached a bunch of times by gweihir · · Score: 1, Informative

      No ad hominem here. I am saying MBAs are the problem because of the way they are educated. The arrogance and inflated sense of self-worth is actually part of many MBA programs as the training providers want to inflate the worth of their programs. Ad hominem would be something like "MBAs have poor personal hygiene, hence they are the problem".

      IT security is top priority, because if you build on sand, you never create anything of longer-term worth.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:SONY was breached a bunch of times by gweihir · · Score: 1

      The question is not whether you get hacked or not. The question is whether you had reasonable security in place or not. If you do not have reasonable security, you should be liable for any and all damage and punished for endangerment. The way some (many) organizations are handling IT security today is like running a nuclear facility without a fence or security guards. Sure, even these do not keep everybody out, but not having them is inviting a catastrophe and should have dire consequences for the bean-counters that saved money in the wrong place.

      The way to do reasonable IT security is simple: Follow best practices, have regular external reviews, implement the recommendations. If you do that, I do not propose you are liable when you get hacked anyways. I just propose you become liable when you think you can get away without spending the money needed for reasonable security.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    6. Re:SONY was breached a bunch of times by Joce640k · · Score: 1

      SONY is run by copywrite attorneys

      Attorneys are working as copywriters now...?

      --
      No sig today...
    7. Re:SONY was breached a bunch of times by gweihir · · Score: 1

      Now that _is_ ad hominem thinly veiled. Idea: "You do not have an MBA, so you are no able to judge."

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  5. These lulzsec guys are pathetic. by Anonymous Coward · · Score: 2, Informative

    If they hadn't gloated so much and took the proper precautions, they wouldn't have been found. Don't tell anyone, not even anyone on your team, who you are.

    1. Re:These lulzsec guys are pathetic. by westlake · · Score: 1

      If they hadn't gloated so much and took the proper precautions, they wouldn't have been found. Don't tell anyone, not even anyone on your team, who you are.

      The ego the size of the planet.

      If you are in it for the laughs you talk, you gloat.

  6. Sony Should Go To Jail by andrew3 · · Score: 5, Insightful

    When does Sony go to jail, for developing rookits? I bet that affected people on a much larger scale. What about the false advertising regarding the OtherOS feature, which was removed via an updater/backdoor?

    Sony screws its customers with DRM and anti-features and attacks software developers. I find it hard to feel sorry for them.

    1. Re:Sony Should Go To Jail by Anonymous Coward · · Score: 1

      he who has the money has the power

      we serfs will never be able to get justice against those with better means than us

      You obviously have never read the history of the French Revolution.

      There are plenty of other examples in history as well.

      So you need to come up with other excuses for your miserable servile
      existence, because the ones you claim above are invalid.

    2. Re:Sony Should Go To Jail by MightyMartian · · Score: 1

      And look what the French Revolution produces; the Jacobins, Robespierre, the Reign of Terror, the Directory, and ultimately Napoleon. Yes, poor silly well-meaning ill-advised Louis XVI lost his head, along with a bunch of equally silly foppish aristocrats, but the average Frenchman's lot really didn't improve until the Bourbon Restoration and the rise of Napoleon III.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    3. Re:Sony Should Go To Jail by MightyMartian · · Score: 1

      England had dispensed with the idea of Absolutism over a century before. The Glorious Revolution was as far reaching as the French Revolution, and considerably less bloody.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    4. Re:Sony Should Go To Jail by fredprado · · Score: 1

      The problem is that it was never about if you can download the latest song, it is about who controls information.in a much general sense than you give credit to it.

    5. Re:Sony Should Go To Jail by fredprado · · Score: 1

      Unfortunately, seeing our current "democracies" I am not very sure if we progressed a lot since then...

    6. Re:Sony Should Go To Jail by Grumbleduke · · Score: 1

      In France's defence, the UK got the bloody parts of its revolution done during the Wars of the Three Kingdoms (1630-50s), which killed off something like 4%, 6% and 40% of the English, Scottish and Irish populations respectively, or around 800,000 people (including Charles I; you can't get a much clearer rejection of the notion of an absolute monarch than Parliament finding one guilty of treason and executing him).

  7. Just as pathetic a vermin as I suspeced by gweihir · · Score: 1

    When they bragged to the world, I was convinced that

    1. They would be found (law enforcement is pretty incompetent, but they do get the idiots and only idiots brag like that)
    2. They would turn on each other as they have no personal honor
    3. They would be utterly pathetic

    Seems to have been spot-on. Incompetence combined with arrogance and self-aggrandizement. A pity that other fine examples of this personality profile can continue unhindered, e.g. in lots of government, administration, corporations, banks and academia.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Just as pathetic a vermin as I suspeced by steveaustin1971 · · Score: 1

      I'm not sure who you are referring to as "they". If you are referring to anonymous in general, well you just don't understand that movement. If you are referring to this particular hack, lulzsec is more than this guy and they only really grabbed a few of them, the rest blended back into the fold. There are a number of folk that are part of various "sec's" that are really only useful at this point as bait for the feds anyways and now as martyrs they serve the purpose of attracting more numbers and more cannon fodder. Anon will not stop because of some arrests. Anon is not like anything the world has seen before. What you see now is still just the tip.

    2. Re:Just as pathetic a vermin as I suspeced by gweihir · · Score: 1

      I am very specifically referring to Lulzsec. As should be obvious as the story is about Lulzsec, not Anonymous. I do not even remember bragging from anonymous, but Lulzsec was probably the worst offender ever in that category.

      I do however not buy into these myths about Anonymous either. It is very much like other things the world has seen before. Quite a few terrorist/freedom fighter (not making a judgment here either way) organizations qualify for example and many of them have never been gotten under control by the authorities. Anonymous is not that large, the tip is basically all there is (plus, say 2-3 times reserves), and while the supporters are nice, they are not Anonymous proper. Anonymous will stop if a significant number of people have been arrested (which I doubt will happen). They are not nearly as good with regard to hacking as they want to make people believe, there is plenty of low-hanging fruit (think how pathetic even RSA Lab security was) and there are plenty of informers.

      I also highly doubt anybody of any significance in Lulzsec got away. Some may still be useful as informers and are now run that way. Others may be (temporarily) shielded by legal issues with different countries. Some may be kept in reserve to generate more publicity when the current idiot has been dispatched and the authorities feel they want more press exposure.

      That said, I do sympathize with Anonymous in general as "freedom fighter" types. Lulzsec, on the other hand, are nihilistic vandals (they never managed to get to "terrorist" levels, although no doubt they would have enjoyed that) of negative worth for any and all reasonable purposes and with no redeeming qualities whatsoever. And no, I do not see them as part of Anonymous, just as free-riders.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    3. Re:Just as pathetic a vermin as I suspeced by steveaustin1971 · · Score: 1

      None of the important folk are behind bars... and anon is millions. Underestimate if you like, but legion they are.

    4. Re:Just as pathetic a vermin as I suspeced by gweihir · · Score: 1

      None of the important Lulzsec members are behind bars? Anonymous is millions? What are you smoking?

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:Just as pathetic a vermin as I suspeced by steveaustin1971 · · Score: 1

      Truth.

    6. Re:Just as pathetic a vermin as I suspeced by gweihir · · Score: 1

      Truth.

      You bought the counterfeit variant. (Possibly made in China.) You should stop using it. It is unhealthy and leads to massive delusions.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    7. Re:Just as pathetic a vermin as I suspeced by steveaustin1971 · · Score: 1

      I'm ignorant? I own FOUR homes and don't happen to live in the basement of any of them and I have probably been in my field longer than you have been alive. If you feel the need to log in just to hurl insults, I would suggest your life cannot be that fulfilling.

  8. Re:Rookie mistake by spiffmastercow · · Score: 2

    How do you set up a server to prevent SQL injection? That's a systematic failure in the web app, not a flaw in the DB configuration.

  9. sentencing by planckscale · · Score: 3

    Possibly 5 years in Jail and $605k in fines is the guilty plea bargain. Sound like a deal to me, go ahead and reciprocate by doing the same time and paying each user who was hacked by Sony and their drm rootkit.

    --
    Namaste
  10. Re:Isn't this all backwards? by vakuona · · Score: 1

    No. There is nothing backwards about punishing low life scumbags like Raynaldo who are the reason companies need to secure their websites in the first place.

    What sort of morality is it to suggest that a site being inadequately secured is an invitation to steal? Do you also subscribe to the view that a woman being drunk or dressing provocatively is an invitation for you to rape her?

  11. And... by Impy+the+Impiuos+Imp · · Score: 1

    > admitted that he was the one who launched an SQL injection attack

    Ha ha!

    To quote Bertram, "Hmmmmmm... Worth it!"

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  12. 20 year old guy injects some code into sony by sql by KingBenny · · Score: 1

    abuse, why , tell me someone, why is sony not hiring this guy ?

    --
    Free speech was meant to be free for all... how can anyone grow up in a nanny state ?