US authorities have arrested a second suspected member of online hacktivist group LulzSec for his alleged involvement in a series of attacks on computer systems belonging to Sony Pictures Entertainment, the FBI has said.
Raynaldo Rivera, 20, turned himself in to authorities in Phoenix, Arizona nearly a week after being indicted by a Los Angeles grand jury on charges of conspiracy and unauthorised impairment of a protected computer related to the Sony hack.
According to the indictment, Rivera and others involved, including Cody Kretisinger, a 24-year-old who was indicted last September and who pled guilty to the charges in April, stole confidential information from Sony’s computers between 27 May and 2 June 2011 using an SQL injection technique. The hack exploits vulnerabilities in websites, allowing attackers to steal or modify database content.
The FBI alleges that LulzSec then published the personal data they obtained, including sensitive details such as the names, birth dates, addresses, emails, and passwords of thousands of fans who submitted their information to enter Sony-sponsored contests.
"From a single injection we accessed EVERYTHING," LulzSec boasted at the time. "Why do you put such faith in a company that allows itself to become open to these simple attacks?"
If found guilty, Rivera, who allegedly used the nicknames “neuron” and “royal”, could face a maximum prison sentence of 15 years.
Over the past year, other members of LulzSec and Anonymous have been charged by federal authorities for computer hacking-related offenses. Most famously, Anonymous leader and LulzSec affiliate Sabu, born Hector Monsegur, pled guilty to hacking and served as an informant helping federal authorities investigate other members of the group.
Two others pled guilty to a series of attacks targeting the websites of such organisations as News International, Nintendo, and the Arizona State Police.