Ryan Ackroyd

Last updated

Ryan Ackroyd
Other namesKayla
Occupation Computer hacker
Organization LulzSec
Known forFounder of LulzSec

Ryan Ackroyd, [1] a.k.a.Kayla [2] [3] and also lolspoon, is a former black hat hacker who was one of the six core members of the computer hacking group "LulzSec" [4] [5] during its 50-day spree of attacks from 6 May 2011 until 26 June 2011. [6] Throughout the time, Ackroyd posed as a female hacker named "Kayla" and was responsible for the penetration of multiple military and government domains and many high profile intrusions into the networks of Gawker in December 2010, HBGaryFederal in 2011, PBS, Sony, Infragard Atlanta, Fox Entertainment and others. He eventually served 30 months in prison for his hacking activities.

Contents

After his release from jail, Ackroyd publicly stated during "a conversation with Lulzsec" [7] that he believes Anonymous, other activists and like-minded should come together and attempt to change issues legally.

In December 2014, he gave his first ever lecture [8] in an over-capacity lecture auditorium at Sheffield Hallam University [9] for over 200 students, where he spoke about Lulzsec and their "50 days of lulz".

On his Twitter account, [10] Ackroyd vowed to help the security of the systems he once breached, stating that he would "help secure and defend the systems in hopes we can all learn from each other, should I be given the chance to do so". He also added "For me, it wasn't about stealing people's information, I just wanted to show people how flawed their so-called secure systems are. People need to fix their stuff… I sent countless emails to companies and even government organisations and I was ignored. I soon realised I'd have to show them why they should secure themselves before they would listen. I'm like Jiminy Cricket, only when you don't listen I'd hit you really hard with my tiny umbrella so you'd do the right thing," he joked.

Rise to prominence

In 2011, Ackroyd was part of the small group of hackers who breached the security of HBGaryFederal.com [11] through an SQL injection [12] [13] and is said to have social engineered [14] the administrator of rootkit.com, [15] HBGary's CEO's personal website to gain root access to their entire systems. During the rise of the group "LulzSec", Ackroyd is said to be its most talented hacker, doing much of the security penetration along with Hector Monsegur. He hacked into fox.com, [16] UK Bank Machines, [17] Sony, [18] PBS, [19] the FBI, [20] Bethesda Softworks, [21] Senate.gov, [22] Arizona Department of Public Safety, [23] AT&T, AOL, Navy.mil, [24] Infragard Atlanta, [25] NATO Bookshops [24] and others during LulzSec's infamous "50 Days of Lulz". [26] [27]

Ackroyd is responsible for the hack on Booz Allen, [28] where Edward Snowden was an employee. He was also responsible for the hack into Gawker Media's computer networks in December 2010, in retaliation to what Ackroyd perceived to be behaviour condescending of Anonymous and other affiliated hackers. During this time, Ackroyd hacked into hundreds of military domains to show vulnerabilities were in excess even in the most sensitive areas.

On 1 September 2011, Ackroyd's "lolspoon" Twitter feed went silent for the last time, [2] amidst announcements that the hacker was arrested [29] in Mexborough, South Yorkshire. [30] It became clear that Ackroyd was not, in fact, a girl, but rather a 24-year-old man with prior military service in the British Army serving in Iraq. He was released on bail [31] with fellow co-defendants Tflow and Topiary.

On 9 April 2013, Ackroyd appeared in court for the final time [32] where he was branded "highly forensically aware" by the court. Ackroyd pleaded not guilty to Distributed Denial of Service (DDoS) attacks carried out under the LulzSec banner during its "AntiSec" campaign, but pleaded guilty to violating the computer misuse act.

Ackroyd served a 30-month prison sentence in England. [33]

After release

Ackroyd was an Associate Lecturer at Sheffield Hallam University and was also enrolled on a master's degree in information systems security. [34] He is now the Lead Penetration Tester at The Hut Group. [35]

Related Research Articles

<span class="mw-page-title-main">Hacktivism</span> Computer-based activities as a means of protest

Internet activism, hacktivism, or hactivism, is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hacker culture and hacker ethics, its ends are often related to free speech, human rights, or freedom of information movements.

<span class="mw-page-title-main">InfraGard</span> FBI Initiative for Public-Private Sector Infrastructure protection

InfraGard is a national non-profit organization serving as a public-private partnership between U.S. businesses and the Federal Bureau of Investigation. The organization is an information sharing and analysis effort serving the interests, and combining the knowledge base of, a wide range of private sector and government members. InfraGard is an association of individuals that facilitates information sharing and intelligence between businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to preventing hostile acts against the United States.

Booz Allen Hamilton Holding Corporation is the parent of Booz Allen Hamilton Inc., an American government and military contractor, specializing in intelligence. It is headquartered in McLean, Virginia, in Greater Washington, D.C., with 80 other offices around the globe. The company's stated core business is to provide consulting, analysis and engineering services to public and private sector organizations and nonprofits.

<span class="mw-page-title-main">Jeremy Hammond</span> American political activist and hacker

Jeremy Hammond, alias sup_g, is an American anarchist activist and former computer hacker from Chicago. He founded the computer security training website HackThisSite in 2003. He was first imprisoned over the Protest Warrior hack in 2005 and was later convicted of computer fraud in 2013 for hacking the private intelligence firm Stratfor and releasing data to WikiLeaks, and sentenced to 10 years in prison.

<span class="mw-page-title-main">Anonymous (hacker group)</span> Decentralized hacktivist group

Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.

Michael Gregory Hoglund is an American author, researcher, and serial entrepreneur in the cyber security industry. He is the founder of several companies, including Cenzic, HBGary and Outlier Security. Hoglund contributed early research to the field of rootkits, software exploitation, buffer overflows, and online game hacking. His later work focused on computer forensics, physical memory forensics, malware detection, and attribution of hackers. He holds a patent on fault injection methods for software testing, and fuzzy hashing for computer forensics. Due to an email leak in 2011, Hoglund is well known to have worked for the U.S. Government and Intelligence Community in the development of rootkits and exploit material. It was also shown that he and his team at HBGary had performed a great deal of research on Chinese Government hackers commonly known as APT. For a time, his company HBGary was the target of a great deal of media coverage and controversy following the 2011 email leak. HBGary was later acquired by a large defense contractor.

The Jester is a self-identified grey hat hacktivist. He claims to be responsible for attacks on WikiLeaks and Islamist websites. He claims to be acting out of American patriotism.

HBGary is a subsidiary company of ManTech International, focused on technology security. In the past, two distinct but affiliated firms had carried the HBGary name: HBGary Federal, which sold its products to the US Government, and HBGary, Inc. Its other clients included information assurance companies, computer emergency response teams, and computer forensic investigators. On 29 February 2012, HBGary, Inc. announced it had been acquired by IT services firm ManTech International. At the same time, HBGary Federal was reported to be closed.

Jake Leslie Davis, best known by his online pseudonym Topiary, is a British hacktivist. He has worked with Anonymous, LulzSec, and other similar groups. He was an associate of the Internet group Anonymous, which has publicly claimed various online attacks, including hacking HBGary, Westboro Baptist Church, and Gawker. They have also claimed responsibility for the defacing of government websites in countries such as Zimbabwe, Syria, Tunisia, Ireland, and Egypt.

<span class="mw-page-title-main">LulzSec</span> Hacker group

LulzSec was a black hat computer hacking group that claimed responsibility for several high profile attacks, including the compromise of user accounts from PlayStation Network in 2011. The group also claimed responsibility for taking the CIA website offline. Some security professionals have commented that LulzSec has drawn attention to insecure systems and the dangers of password reuse. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. One of the founders of LulzSec was computer security specialist Hector Monsegur, who used the online moniker Sabu. He later helped law enforcement track down other members of the organization as part of a plea deal. At least four associates of LulzSec were arrested in March 2012 as part of this investigation. Prior, British authorities had announced the arrests of two teenagers they alleged were LulzSec members, going by the pseudonyms T-flow and Topiary.

Teamp0ison was a computer security research group consisting of 3 to 5 core members. The group gained notoriety in 2011/2012 for its blackhat hacking activities, which included attacks on the United Nations, NASA, NATO, Facebook, Minecraft Pocket Edition Forums, and several other large corporations and government entities. TeaMp0isoN disbanded in 2012 following the arrests of some of its core members, "TriCk", and "MLT".

<span class="mw-page-title-main">Operation AntiSec</span> Series of cyberattacks conducted by Anonymous and LulzSec

Operation Anti-Security, also referred to as Operation AntiSec or #AntiSec, is a series of hacking attacks performed by members of the hacking group LulzSec and Anonymous, and others inspired by the announcement of the operation. LulzSec performed the earliest attacks of the operation, with the first against the Serious Organised Crime Agency on 20 June 2011. Soon after, the group released information taken from the servers of the Arizona Department of Public Safety; Anonymous would later release information from the same agency two more times. An offshoot of the group calling themselves LulzSecBrazil launched attacks on numerous websites belonging to the Government of Brazil and the energy company Petrobras. LulzSec claimed to retire as a group, but on 18 July they reconvened to hack into the websites of British newspapers The Sun and The Times, posting a fake news story of the death of the publication's owner Rupert Murdoch.

Hector Xavier Monsegur, known also by the online pseudonym Sabu, is an American computer hacker and co-founder of the hacking group LulzSec. Monsegur became an informant for the FBI, working with the agency for over ten months to aid them in identifying the other hackers from LulzSec and related groups while facing a sentence of 124 years in prison. LulzSec intervened in the affairs of organizations such as News Corporation, Stratfor, UK and American law enforcement bodies and Irish political party Fine Gael.

Anonymous is a decentralized virtual community. They are commonly referred to as an internet-based collective of hacktivists whose goals, like its organization, are decentralized. Anonymous seeks mass awareness and revolution against what the organization perceives as corrupt entities, while attempting to maintain anonymity. Anonymous has had a hacktivist impact. This is a timeline of activities reported to be carried out by the group.

<i>We Are Legion</i> 2012 American film

We Are Legion: The Story of the Hacktivists is a 2012 documentary film about the workings and beliefs of the self-described "hacktivist" collective, Anonymous.

<span class="mw-page-title-main">NullCrew</span>

NullCrew was a hacktivist group founded in 2012 that took responsibility for multiple high-profile computer attacks against corporations, educational institutions, and government agencies.

Parmy Olson is a tech journalist for The Wall Street Journal. While at Forbes, she was known for her work on the hacktivist movement Anonymous. She describes herself as covering "agitators and innovators in mobile".

<span class="mw-page-title-main">Mustafa Al-Bassam</span> Iraqi-British computer hacker and co-founder of LulzSec

Mustafa Al-Bassam is an Iraqi- British computer security researcher, hacker, and co-founder of Celestia Labs. Al-Bassam co-founded the hacker group LulzSec in 2011, which was responsible for several high profile breaches. He later went on to co-found Chainspace, a company implementing a smart contract platform, which was acquired by Facebook in 2019. In 2021, Al-Bassam graduated from University College London, completing a PhD in computer science with a thesis on Securely Scaling Blockchain Base Layers. In 2016, Forbes listed Al-Bassam as one of the 30 Under 30 entrepreneurs in technology.

On March 27, 2016, hackers under the banner "Anonymous Philippines" hacked into the website of the Philippine Commission on Elections (COMELEC) and defaced it. The hackers left a message calling for tighter security measures on the vote counting machines (VCM) to be used during the 2016 Philippine general election on May 9. Within the day a separate group of hackers, LulzSec Pilipinas posted an online link to what it claims to be the entire database of COMELEC and updated the post to include three mirror link to the index of the database's downloadable files. The leaked files by LulzSec Pilipinas amounts to 340 gigabytes.

References

  1. "Ryan Ackroyd".
  2. 1 2 "Kayla".
  3. "Lulzsec hacker 'Kayla' pleads guilty to cyber crime in U.K. - VentureBeat - Security - by Meghan Kelly". 9 April 2013.
  4. The Christian Science Monitor (8 March 2012). "6 men alleged to be LulzSec hackers". The Christian Science Monitor.
  5. Charles Arthur (24 June 2011). "LulzSec IRC leak: the full record". The Guardian.
  6. "LulzSec's Top 3 Hacking Tools Deconstructed". Dark Reading. 7 May 2011.
  7. "In conversation with former Anonymous and LulzSec hacktivists at The Royal Court Theatre". royalcourttheatre.com.
  8. Ryan Ackroyd's Talk at Sheffield Hallam University. YouTube. 15 December 2014.
  9. Kit Chellel (26 November 2014). "Laughing Hacker Who Hit Sony, FBI Now Seeks Legal Lols". Bloomberg.com.
  10. "Ryan Ackroyd". twitter.com.
  11. Parmy Olson (16 March 2011). "Is This The Girl That Hacked HBGary?". Forbes.
  12. Nicholas Jackson (16 March 2011). "Meet the 16-Year-Old Girl Who Hacked HBGary". The Atlantic.
  13. "Anonymous speaks: the inside story of the HBGary hack". Ars Technica. 16 February 2011.
  14. "HBGary's nemesis is a '16-year-old schoolgirl'". The Register .
  15. "Archived copy". Archived from the original on 1 October 2014. Retrieved 29 September 2013.{{cite web}}: CS1 maint: archived copy as title (link)
  16. "Hackers leak Fox.com employee info". msnbc.com. Archived from the original on 12 July 2013.
  17. "The rise of LulzSec: a hacking chronology".
  18. "Hackers Lulzsec Say Sony Pictures Attacked, 1 Million Users Compromised (UPDATE)". The Huffington Post. 2 June 2011.
  19. Andy Greenberg (30 May 2011). "PBS Hacked After Critical WikiLeaks Show". Forbes.
  20. Matt Brian (26 June 2011). "50 Days Of Lulz: The Life And Times Of LulzSec - Media". The Next Web.
  21. Tsukayama, Hayley (14 June 2011). "Skyrim keeps LulzSec from releasing more info. on Bethesda". Washington Post.
  22. "LulzSec Strikes Again, Hits Bethesda Softworks And US Senate - Arik Hesseldahl - News - AllThingsD". AllThingsD.
  23. "LulzSec Releases Arizona Law Enforcement Data, Claims Retaliation For Immigration Law". TechCrunch. AOL. 23 June 2011.
  24. 1 2 Andy Greenberg (25 June 2011). "LulzSec Says Goodbye, Dumping NATO, AT&T, Gamer Data". Forbes.
  25. "Sony Hackers LulzSec Strike FBI Affiliate InfraGard". PCMAG.
  26. "After 50 Days Of Attacks, Hacker Group LulzSec Calls It Quits". TechCrunch. AOL. 25 June 2011.
  27. Mohit Kumar (26 June 2011). "50 Days of Lulz - LulzSec Says Goodbye & Operation AntiSec will Continue". The Hacker News - Biggest Information Security Channel.
  28. Adam Clark Estes. "Anonymous Charges Booz Allen $310 for Hacking Their Email". The Wire.
  29. "Scotland Yard Arrests LulzSec Hacker 'Kayla'". Fox News. 2 September 2011.
  30. "Hacker "Kayla" taken down in latest LulzSec arrests?". Ars Technica. 2 September 2011.
  31. "LulzSec's Kayla given bail". Infosecurity Magazine. 19 March 2012.
  32. "BBC News - UK Lulzsec hacker Ryan Ackroyd pleads guilty". BBC News. 9 April 2013.
  33. "LulzSec 'hacktivists' handed long jail sentences for hacking". The Guardian. 16 May 2013.
  34. Sheffield Hallam University. "MSc Information Systems Security". shu.ac.uk.
  35. "Ryan Ackroyd". March 2021 via LinkedIn.