Cody Kretsinger ‘recursion’ allegedly posted online stolen data from sonypictures.com; used LulzSec’s Twitter account
A man from Arizona has been arrested over his allegedly role in the hack attack on sonypictures.com that took place earlier this year by hacker group LulzSec.
The FBI said that Cody Kretsinger, 23, could be a member of the hacker group, said a Reuters report.
Kretsinger was arrested in Arizona on Thursday on charges of his participation in a hack attack on the website of Sony Pictures Entertainment film studio in May this year.
A federal grand jury indictment charges Kretsinger with conspiracy and the unauthorised impairment of a protected computer. It said Kretsinger and co-conspirators obtained confidential information from Sony Pictures’ computers using an "SQL injection" attack, said the report.
The indictment also said that Kretsinger’s used the moniker "recursion" and helped post information stolen from Sony on LulzSec’s website. He also allegedly announced the attack on LulzSec’s Twitter account, the indictment said.
In May, hackers from LulzSec claimed that they had broken into SonyPictures.com and stolen email addresses and passwords of over a million users. The attacks were apparently meant to teach Sony a lesson.
"From a single injection we accessed EVERYTHING," the hacking group said in a statement at the time.
LulzSec, which has also claimed responsibility for the hack of the Public Broadcasting Service (PBS) website, had said that they used a "simple" attack on a "primitive" security hole to gain control of Sony Pictures database.
The group also posted the stolen information online where they are publicly accessible.
Lulz Security had said, "We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts."
"Due to a lack of resources on our part we were unable to fully copy all of this information," the group had said.
"In theory we could have taken every last bit of information, but it would have taken several more weeks."
The group had added that Sony was negligent with its data and stored it in unencrypted form.
"Why do you put such faith in a company that allows itself to become open to these simple attacks?" LulzSec had asked.
In response, Sony Pictures had said that it is aware of the claims and is investigating the matter. The company said it had reported the breach to the Federal Bureau of Investigation as well.
If convicted, Kretsinger could face a maximum sentence of 15 years in jail.