A group of LulzSec computer hackers have been jailed for attacks on Sony, EA, News International and the UK's Serious Organised Crime Unit in 2011.

The LulzSec group used this image as their online brand.

The four men, Ryan Cleary, Jake Davis, Mustafa al-Bassam and Ryan Ackroyd, were sentenced after a two-day hearing at Southwark Crown Court. All pleaded guilty to various computer hacking charges.

Emerging as a splinter group from the Anonymous collective, Lulzsec's name is derived from a variant of the Lol acronym - to laugh out loud - and security. The group gained a widespread following and amassed more than 340,000 Twitter followers.

Judge Deborah Taylor sentenced Ackroyd, 26, to 30 months in jail - of which he must serve half - and Cleary, 21, was ordered to serve half of a 32-month sentence.

Davis, 20, will serve 24 months in a Young Offenders institute and Bassam, 18, received a suspended sentence of 20 months.

Judge Taylor said: "You sought to amuse yourselves and wreaked destruction and havoc. You cared nothing about the privacy of others, but kept your own identities hidden."

Ackroyd, from South Yorkshire, used the online alias of a 16-year-old girl named 'Kayla' and admitted to hacking into a number of websites in 2011, including those of Sony, Nintendo, News Corp and the Arizona State Police, as well as stealing data from Sony.

The former soldier was also found responsible for redirecting visitors looking for the Sun newspaper's site to a fake story claiming News Corp chairman Rupert Murdoch had committed suicide. Ackroyd pleaded guilty to carrying out an unauthorised act to impair the operation of a computer.

The prosecution said Sony suffered $20m (£13m) in damages, and that revenue loss due to the security breach was "incalculable," as an estimated 24.6 million customer accounts were compromised across its Sony Online Entertainment service.


The group were able to steal users' account information, including names, passwords, email addresses and credit card details. They also performed DDoS (distributed denial of service) attacks, which flood a website with traffic until it crashes and is knocked offline.

Bassam, from south London, Davis, from Shetland and Cleary, from Essex, all pleaded guilty to two charges - hacking and launching cyber-attacks against organisations including the CIA and Soca.

Cleary also pleaded guilty to hacking into the US Air Force's computers and possession of indecent images of children, which were found on his computer hard drive by police; the sentence for this offence will be given at another hearing.

Prosecutor Sandip Patel said: "It's clear from the evidence that they intended to achieve extensive national and international notoriety and publicity. This is not about young immature men messing about.

"They are at the cutting edge of a contemporary and emerging species of criminal offender known as a cybercriminal."

Patel added that the group "saw themselves as latter-day pirates," motivated by "anarchic self-amusement."


Cyber security expert Graham Cluley has commented on the Naked Security blog, speaking out against those who say the group's cause was a noble one, giving information to the masses.

"Although the hackers involved in the LulzSec attacks may not have been financially motivated that doesn't mean no harm was done," Cluley writes.

"Innocent people had their private information exposed and published on the internet, forcing them to change passwords and mop up any damage. You may find membership of a hardcore porn website distasteful, but didn't the 26,000 members of a hacked sex site deserve better than to have their email addresses and passwords published and LulzSec encourage others to hack into Facebook accounts and tell their friends and family?"

Cluley adds: "In one example, LulzSec published details of applications for the Miss Scotland beauty contest, which includes details of potential contestants' aspirations, vital statistics, hair and eye colour, weight, and height as well as their dates of birth and addresses.

"So no...I don't view what LulzSec did as noble...What isn't cool, or funny, is to hack into companies, expose private information of members of the general public, and to launch denial of service attacks. Those kind of attacks are illegal, and the LulzSec gang knew it."