The suspect, Cody Andrew Kretsinger, is believed to be a member of the LulzSec group, an offshoot of the online griefer collective known as Anonymous. LulzSec called it quits in June after 50 days of high-profile breaches made public through a fascinating and oddly entertaining Twitter account.
A second unidentified man was arrested in San Francisco the same day in connection with Anonymous cyberattacks on web sites belonging to Santa Cruz County government offices, according to Fox News. Search warrants were also being executed against other Anonymous suspects in New Jersey, Minnesota, and Montana, an FBI source told the news agency.
The actions continue an ongoing law-enforcement crackdown against alleged members of the two groups. In July, federal agents arrested 14 suspected Anonymous members on charges of participating in denial-of-service attacks against online payment service provider PayPal.
Five additional suspects were arrested overseas — one in the United Kingdom and four in the Netherlands — for related crimes. The U.K. arrest was reportedly of “Tflow”, a former member of LulzSec, identified by police as a 16-year-old male.
The majority of the individuals were allegedly acting as part of Anonymous, which took credit for denial-of-service attacks last year against PayPal, Visa, and Mastercard after the payment service providers announced they would stop processing donations intended for the secret-spilling site WikiLeaks.
As for the latest arrest on Thursday, according to the indictment against Kretsinger (.pdf), on May 23 the Tempe, Arizona resident registered a virtual private network at hidemyass.com using the handle “recursion.” He and others allegedly used the masking service to conduct a SQL injection attack on Sony’s servers and steal data, before announcing the hack on the LulzSec web site and Twitter feed. Kretsinger then allegedly erased his hard drive in an effort to wipe out evidence of the hack.
He’s currently facing one count of conspiracy and one count of computer fraud.
Hackers breached several divisions of Sony this year, beginning in April with its PlayStation Network, where they stole data pertaining to more than 75 million customers. This was followed by another breach at Sony Online Entertainment, which compromised an additional 25 million customers, and still more breaches at Sony Pictures and Sony BMG. The initial intrusion forced Sony to take its PlayStation Network offline for 40 days. No one has taken responsibility for that hack.
In April the tech giant was hit with a class-action lawsuit by customers complaining, in part, that the company failed to adequately secure their data, failed to notify customers of the breach in a timely manner, and deprived customers of the use of the network for an extended period of time.
Sony estimated the breaches would cost it more than $170 million this year, including expenses for shoring up its network against future attacks.
An FBI spokesman said he had no immediate information to provide about the latest arrests.
Photo: Jim Merithew/Wired.com