FBI arrests 23-year-old for hacking Sony

Hacker released without bail. Only allowed to use PC or Internet for work or school

The Federal Bureau of Investigation announced Thursday that it arrested Cody Kretsinger, 23, of Phoenix, Arizona, a member of the group known as LulzSec. The LulzSec member was arrested for publishing private user information stolen from Sony but was released without bail yesterday afternoon.

A FBI spokeperson told me that under the terms of his condition, "he is only allowed to use a PC or the Internet for work or school and had to turn in his passport." The spokeperson also said that "his tentative court date is set for October 11."

The arrest took place at his home yesterday following a two-month long investigation into extensive computer attacks against the computer systems of Sony Pictures Entertainment that took place from May 27, 2011 through June 2, 2011. 

Kretsinger, using the moniker "recursion," was charged with stealing and publishing personal information such as names, birth dates, addresses, emails, phone numbers, and the passwords of thousands of people who had entered online contests promoted by Sony.  

The information was published on the @LulzSec Twitter account as well as its website, which has since been taken down.

The Twitter @LulzSec account has not been active since July 27. 

The extent of damage caused by the compromise at Sony Pictures is under FBI investigation.

The group also claimed credit on Twitter and its website for hacking into the websites of the U.S. Senate and Central Intelligence Agency, later announcing  in June that it was ending its cyber attacks. The CIA’s public website was taken down on June 15.

Even though LulzSec took credit for hacking Sony Corporation on more than one occasion, the FBI told me that at this moment, it cannot confirmed the link to the group or Kretsinger to the crime.

Kretsinger allegedly set a proxy server in an attempt to mask or hide his Internet Protocol (IP) address. The FBI  indictment in a press release alleges "that Kretsinger and other co-conspirators obtained confidential information from Sony Pictures’ computer systems using an 'SQL injection' attack against its website, a technique commonly used by hackers to exploit vulnerabilities and steal information."

If convicted of the crimes, Kretsinger automatically faces a statutory maximum sentence of 15 years in prison.

This investigation was conducted by the Electronic Crimes Task Force (ECTF) in Los Angeles. 

Sony officials have declined to comment on Thursday's arrest.

LulzSec has been busy this year.  Back in May, the group hacked PBS in retaliation for a documentary the network aired on the hacktivists' beloved WikiLeaks.  The group hacked into PBS's Newshour website to post a fake story claiming Tupac Shakur was still alive and living in New Zealand. Also in May, the group hacked into Fox.com and stole the passwords of hundreds of Fox employees.