Associate of Hacking Group LulzSec Indicted for Conspiracy to Conduct Cyber Attacks

U.S. Attorney’s Office
June 13, 2012 Central District of California
(213) 894-2434

LOS ANGELES—A federal grand jury in Los Angeles returned an indictment Tuesday charging an associate of the hacking group LulzSec, an offshoot of the larger group Anonymous, with multiple computer attacks targeting a news organization and private companies, announced André Birotte, Jr., the United States Attorney in Los Angeles; and Steven Martinez, Assistant Director in Charge of the FBI’s Los Angeles Field Office.

Ryan Cleary, 20, a resident and citizen of the United Kingdom, is currently incarcerated while facing foreign prosecution in England related to his hacking activities. The indictment, filed on June 12, 2012, in United States District Court in Los Angeles, charges Cleary with one count of conspiracy and two counts of the unauthorized impairment of protected computers.

Count one of the indictment alleges that from approximately April 2011 through June 2011, Cleary conspired with LulzSec members to intentionally cause damage to the computer systems of a news organization and several businesses, including by hacking into systems to steal data and by launching distributed denial of service attacks, or DDoS attacks, using Cleary’s “botnet.” A botnet is a collection of compromised computers, known as “bots,” that are infected with malicious software and then listen for, respond to, and execute commands issued remotely by the owner of the botnet. A botnet can be used to conduct DDoS attacks by directing the numerous bots in the botnet to flood a victim’s computer system with so many commands that the system is rendered unable to handle legitimate requests, thus denying legitimate users the services of the computer resource.

The indictment alleges that Cleary controlled a large botnet of tens of thousands, and potentially hundreds of thousands of bots, and that he used his botnet to conduct DDoS attacks against various entities. The indictment further alleges that Cleary would rent out his botnet for certain time periods in exchange for money from individuals interested in conducting DDoS attacks targeting specific victims.

The conspiracy count alleges that Cleary assisted LulzSec in its hacking activities by identifying and exploiting security vulnerabilities on victim computers, conducting DDoS attacks, and providing access to servers and other computer resources for LulzSec members to use, including to communicate amongst each other and to store and publish confidential information stolen from victim computers. When an associate of Cleary’s was questioned by law enforcement regarding LulzSec’s activities, Cleary allegedly instructed the associate to falsely accuse an innocent party.

LulzSec is known for its affiliation with the international group of hackers known as Anonymous. Anonymous, according to the indictment, is a collective of computer hackers and other individuals located throughout the world who conduct cyber attacks against individuals and entities they perceive to be hostile to its interests.

LulzSec has been linked to the hacking, or attempted hacking, of numerous targets, including the computer systems of government and business entities.

If convicted of the charges in the United States, Cleary faces a statutory maximum sentence of 25 years in prison.

This investigation was conducted by the Electronic Crimes Task Force (ECTF) in Los Angeles. The ECTF is comprised of agents and officers from the FBI, United States Secret Service, Los Angeles Police Department, Los Angeles County Sheriff’s Department, United States Attorney’s Office, Los Angeles County District Attorney’s Office, and the California Highway Patrol.

This case is being prosecuted by the United States Attorney’s Office in Los Angeles.

An indictment merely contains allegations that a defendant has committed a crime. Every defendant is presumed innocent unless and until proven guilty at trial.

FBI — Associate of Hacking Group LulzSec Indicted for Conspiracy to Conduct Cyber Attacks