At the time of the attacks against Sony Pictures, both Raynaldo Rivera and Cody Kretsinger were attending the University of Advancing Technology (UAT) in Tempe, Ariz., and competed in the Western Regional Collegiate Cyber Defense Competition in March 2011.
Executives at the Sony Pictures movie studio broke out the popcorn earlier this week when twenty-year-old Rivera (known by the “neuron," "royal" and "wildicv” hacking handles) was arrested for being part of an SQL injection attack on the Sony website in May and June 2011, where information about thousands of contestants entering a variety of promotions for the studio was stolen. The information included the names, birth dates, addresses, emails, phone numbers and passwords of unwitting consumers who signed up to do things like vote on a movie poster or enter a movie-themed sweepstakes for a trip to London.
He faces up to 15 years in prison if convicted.
Meanwhile in April, Cody Kretsinger confessed to being a LulzSec member and pleaded guilty to federal charges from the Sony breach. He is slated to be sentenced on October 25 and will likely see a reduced sentence because of his cooperation in the investigation.
Ironically, the Western Regional Collegiate Cyber Defense Competition required team members to restore services to a fictional, vulnerable enterprise – in this case, the US Securities and Exchange Commission – in the wake of hacker threats that included an undetected programmed script that changed passwords and introduced components like email amenities via injections.
One month after the Sony breach, Kretsinger was named as student of the month, as Infosecurity reported last year, telling UAT that a job with the National Security Administration or the Department of Defense would be his “ultimate dream."
Meanwhile such good intentions seemingly ring hollow in light of Kretsinger’s alleged actual interests.
"From a single injection we accessed EVERYTHING," LulzSec boasted at the time of the Sony breach. It also decided to taunt the victimized film enthusiasts: "Why do you put such faith in a company that allows itself to become open to these simple attacks?"
The sensitive information was posted LulzSec's website, and, with finger firmly on the social media zeitgeist, the group then broadcast the links out via Twitter. That prompted the FBI investigation which is now beginning to bear fruit.
Both men’s grand jury indictments charge them with conspiracy and unauthorized impairment of a protected computer to participate in the Sony breach, which authorities said cost the studio more than $600,000. Prosecutors say Rivera used a proxy server to conceal his IP address and location.
LulzSec is part of the hacking collective known as Anonymous, which was launched in 2010 to protest attempts to shut down WikiLeaks and is pledged to defend the honor of WikiLeaks founder Julian Assange, who has his own roots in the hacking community.