back to article Second LulzSec suspect charged over Sony Pictures hack

US police have arrested a second suspect in the June 2011 hacktivist attacks on Sony Pictures Entertainment, an assault that resulted in a breach of passwords and personal data involving 38,000 accounts. Raynaldo Rivera, 20, of Tempe, Arizona, surrendered to authorities on Tuesday after he was named in a federal grand jury …

COMMENTS

This topic is closed for new posts.
  1. Scott Pedigo
    Go

    Second Suspect Only Four Months Later?

    At this rate, they will round up all of the culprits by 2020 or so.

    1. Anonymous Coward
      Anonymous Coward

      Re: Second Suspect Only Four Months Later?

      Your maths is wrong. They are doubling their arrests every 4 months. In 1 year they will have arrested an additional 14, the year after that another 112.

  2. Alister

    >>Sony Pictures maintained that only 38,000 accounts were actually compromised.

    Oh, well that's fine then, if it was only that many, especially since they were compromised by a thing called a "SQL injection attack" which no-one has ever heard of or learnt how to protect against...

    </sarcasm> (just in case someone takes this seriously)

  3. Anonymous Coward
    Anonymous Coward

    "Charges against Rivera come a week after it emerged that alleged LulzSec kingpin Hector "Sabu" Monsegur had been granted a six-month delay in his sentencing as a reward for his continuing 'assistance' to authorities"

    Honour amongst thieves and all that. Oh how I despair.

    Hey Hector, you know what they say... 'If you can't do the time, don't do the crime".

    1. Anonymous Coward
      Anonymous Coward

      Honour amongst thieves and all that. Oh how I despair.

      Yes I'm so upset that he kept his mouth shut, thus allowing other guilty people go free.

      Lets hope you or your family are not the victim of crime and know full well someone out there is protecting the guilty party.

      1. Anonymous Coward
        Anonymous Coward

        @AC 14:29

        You misunderstood my point and sarcasm entirely.Maybe I shall try to be a little less ambiguous and more literal in future posts.

  4. Grezzo
    FAIL

    The $600,000 is not all because of the hacking.

    "The incident ultimately cost the entertainment giant $600,000 in security consultant fees and other charges"

    I'm not defending the hackers, but if Sony had been a bit more responsible with customer's data and written their website a bit more securely (e.g. making sure that there were no SQL injection vulns in sensitive areas of their website) then perhaps they wouldn't have had to pay out the $600,000. Perhaps they didn't do this as it would have cost $$$. If so, then attributing $600,000 to the hackers is just plain wrong.

    It's not all one sided here, Sony *were* the victim, but *they are also at fault*. In fact I think what Sony has done is perhaps more wrong that what the hackers did as they have betrayed their customer's trust by not making sure the data was as safe as they would have expected.

    1. Anonymous Coward
      Anonymous Coward

      Re: The $600,000 is not all because of the hacking.

      > In fact I think what Sony has done is perhaps more wrong that what the hackers did ...

      What Sony did was make a mistake, what the LulzSec scum did was a deliberately malicious act.

      Perhaps you think if you accidentally leave your car or house unlocked you deserve to be robbed?

      1. Anonymous Coward
        Anonymous Coward

        Re: The $600,000 is not all because of the hacking.

        Here we go with that poor analogy again.

        SQL injection is more like having pieces of paper containing your personal details displayed on your front window.

        1. Anonymous Coward
          Anonymous Coward

          Re: The $600,000 is not all because of the hacking.

          > Here we go with that poor analogy again.

          If you think somebody making a mistake (Sony) deserves to have criminal activity (hacking) directed at them then you have a warped sense of values.

          It is no different than leaving your car unlocked (the mistake) and having it robbed (the criminal activity).

          > is more like having pieces of paper containing your personal details displayed on your front window.

          Looking at something displayed in somebodies window is not illegal. Hacking is a criminal offence.

          1. Anonymous Coward
            Anonymous Coward

            Re: The $600,000 is not all because of the hacking.

            That's simplistic. What is "hacking"?

            Unauthorized access to a computer is generally the legal definition, but that's incredibly vague and could just as easily be used to describe looking at something displayed in someone's window, I suspect, if it were not for the "computer" clause.

            An SQL injection is not even remotely the same as a buffer overflow, as an example. In that latter example you are actually gaining access and control to the computer, assuming you didn't mess up the shellcode or whatever, and to detect an vulnerability and weaponize it requires some amount of expertise and time.

            SQL injection is merely displaying contents of the database that the engineer of the system didn't intend possible, and is within the ability of anyone with a browser to perform or check for; even the most basic by-the-book design should prevent it being even possible. It's not the same as "making a mistake" like leaving your car unlocked; a better analogy would be walking through a lion enclosure with raw meat strapped to one's body.

            While it is certainly true that I have a warped sense of values, I do have some fragment of empathy left in this cold black heart. But Sony should be more careful if they are using/storing people's data.

            Criminal negligence is also an offence.

        2. Anonymous Coward
          Anonymous Coward

          Re: The $600,000 is not all because of the hacking.

          Still doesnt make being thieving scum ok?

          1. Anonymous Coward
            Anonymous Coward

            Re: The $600,000 is not all because of the hacking.

            > Still doesnt make being thieving scum ok?

            I never called them thieving scum, I called them LulzSec scum.

        3. Tom 13

          Re: Here we go with that poor analogy again.

          Yours is even worse.

          All analogies fail at some point, but I'll try to improve on yours.

          It's like having dropped off your clothes at the dry cleaners and the dry cleaner hung your bill on the backside of a window so only internal staff could see it. Only they missed a mirror on the back wall that no customer could read. And someone who was not a customer walked into the shop with a camera, took a picture of the mirror through the glass, developed the film, printed the picture, pilfered the details of your bill, and then posted it on the internet.

      2. Anonymous Coward
        Anonymous Coward

        Re: The $600,000 is not all because of the hacking.

        What if Sony DID know of the vuln? What if they just didn't care? Costs money to patch it up, maybe they just didn't think it was worth it....

        It'll never happen to us!

        1. Anonymous Coward
          Anonymous Coward

          Re: The $600,000 is not all because of the hacking.

          > What if Sony DID know of the vuln?

          You've forgotten to take your meds again.

      3. Lozsta

        Re: The $600,000 is not all because of the hacking.

        Well if you do leave it unlocked try getting the insurance.

        Sony clearly had vulnerabilities that were being used years ago, they didn't put the effort in they should also be punished!

    2. NukEvil
      Paris Hilton

      Re: The $600,000 is not all because of the hacking.

      "It's not my fault--she was wearing a short skirt and low-cut shirt, your honor!"

      Paris because who wouldn't?

  5. Anonymous Coward
    Anonymous Coward

    Sooner or later hackers pay

    It's just a matter of time.

This topic is closed for new posts.