A U.S. federal grand jury has indicted Ryan Cleary, a British citizen, accusing him of orchestrating a hacking rampage last year that victimized Sony Pictures Entertainment, Fox Entertainment Group and others.
The indictment, filed on Tuesday in Los Angeles district court, alleges Cleary ran a powerful botnet used to execute distributed denial-of-service (DDOS) attacks, vandalize websites and steal sensitive data as part of the hacking group Lulz Security, or LulzSec.
LulzSec, an offshoot of Anonymous, fell under heavy scrutiny from law enforcement worldwide for its successful attacks and relentless bravado, often publicized through its Twitter account.
Cleary, 20, was arrested in June 2011 at his home in Wickford, England, for allegedly taking part in the DDOS attacks against Britain's Serious Organised Crime Agency. He is charged in the U.K. with five computer-related offenses and is accused of distributing botnet programs to attack SOCA as well as websites of the International Federation of the Phonographic Industry and the British Phonographic Industry.
An FBI spokeswoman said the U.S. will evaluate after Cleary's legal proceedings have finished in the U.K. whether to request his extradition.
Cleary, who has been diagnosed with a type of high-functioning autism called Aspergers Syndrome, is in jail awaiting trial. He was arrested again in March for breaching his bail conditions by using the Internet and contacting former LulzSec leader Hector Xavier Monsegur, The Guardian reported.
Monsegur, who was known as "Sabu," was arrested in secret by the FBI and provided information that led to another spate of LulzSec arrests, including of one American man and four in the U.K. in March. Monsegur pleaded guilty in August 2011 to various hacking charges, including attacks against HBGary Federal, the Public Broadcasting System, Sony Pictures and Fox.
Cleary is also accused of either attacking or stealing data from Fox, PBS, Sony, Riot Games and SOCA. He is charged with one count of conspiracy and two counts of unauthorized impairment of a protected computer. If convicted, he could face a maximum of 25 years in prison.
The indictment alleges Cleary controlled a botnet that may have been composed of hundreds of thousands of computers. Botnets are networked of hacked computers that can be remotely controlled.
He is also accused of identifying security vulnerabilities on computer networks, obtaining sensitive information and coordinating the publishing of the information taken from LulzSec's victims. Prosecutors allege in one instance Cleary stole the personal data of people registered to receive information on auditions for Fox's "The X-Factor" talent show.
Sign up for Computerworld eNewsletters.