A GROUP of young British computer hackers who considered themselves to be “latter-day pirates” masterminded sophisticated cyber attacks on major global institutions including the CIA, Sony, the FBI and Nintendo from their bedrooms, a court heard yesterday.
Jake Davis, from Lerwick in Shetland, along with Ryan Ackroyd, Mustafa al-Bassam and Ryan Cleary were “hactivists” with the LulzSec collective that stole sensitive personal data including e-mail, online passwords and credit-card details belonging to millions of people.
News International, the NHS and the UK’s Serious Organised Crime Agency (Soca) were also victims of the group, who lived as far apart as London and the Shetland Islands and did not meet in person.
Stolen information was posted unencrypted on their website and file-sharing sites such as Pirate Bay in 2011, London’s Southwark Crown Court heard.
They also carried out distributed denial of service (DDoS) attacks, using linked networks of up to one million computers to overpower and crash websites.
Their activity collectively cost their targets millions of dollars and potentially left millions of people at risk from criminals, the court heard.
Prosecutor Sandip Patel said the group, a spin-off from Anonymous, had been motivated by a desire for publicity rather than financial gain.
But he said they were “not naive to the risk that confidential data might be misused”.
“It’s clear from the evidence that they intended to achieve extensive national and international notoriety and publicity,” he said. “They saw themselves as latter-day pirates.”
He added: “This is not about young immature men messing about. They are at the cutting edge of a contemporary and emerging species of criminal offender known as a cyber criminal.”
Davis, 20, from Lerwick, Shetland, used the alias Topiary and was LulzSec’s main publicist.
He and al-Bassam had previously pleaded guilty to hacking and launching cyber attacks on a range of organisations, including the CIA and Soca.
Cleary, 21, of Wickford Essex, known as ViraL, pleaded guilty to the same two charges plus four separate charges including hacking into US air force agency computers at the Pentagon.
Davis, who faces possible extradition to the US, has completely turned his life around since being arrested, his barrister Simon Mayo QC said.
The Canterbury-born, Shetland-raised hacker was an isolated depressed teenager who fell under the spell of a “misguided ideology”, he said.
But since his arrest, he had found work in London as a scriptwriter, also writing for the Observer newspaper about his time with Anonymous and taking part in a documentary.
LulzSec existed only for a few months in the first half of 2011, the court heard. But it built up a huge international profile, with 355,000 Twitter followers.
It probed websites looking for security weaknesses to exploit.
Attacks such as those on Sony and Nintendo harvested massive amounts of private data.
Sony lost details relating to 26.4 million customers, the court heard.
LulzSec also carried out a F*** FBI Friday attack on the US law enforcement agency and Wipeout Wednesday, which took down the CIA.gov website.
The Arizona State Police were also targeted because of the state’s perceived racist policy towards immigrants, the court heard.
News International was targeted too, with visitors to the Sun website redirected to a spoof story about Rupert Murdoch taking his own life.
Some attacks, were less serious, the court heard.
A sexual health clinic in Newham, east London, was simply warned about security flaws because the group “liked” the National Health Service.
Judge Deborah Taylor adjourned sentencing until today.