Thursday 18 December 2014
Ryan Ackroyd aka Kayla (#LulzSec) fiddled nervously with the microphone clipped to his shirt as about 200 fellow students crowded into an auditorium at Sheffield Hallam University.
“This is the first lecture I’ve ever done,” he told them, after being introduced as a former computer hacker and current student. “I’ve done some very, very naughty things.”
Ryan Ackroyd, 27, and three other members of the LulzSec hacking collective were jailed in 2013. The group’s members, who never met in person, disrupted the websites of Sony Corp. (6758), News Corp. (NWSA) the U.S. Central Intelligence Agency and Arizona police. They also targeted the U.S. Air Force and Britain’s National Health Service.
“Companies suffered serious financial and reputational damage,” said Andrew Hadik, a U.K. prosecutor, after the four were sentenced in May 2013. Ackroyd, who had pleaded guilty to the charges, was sentenced to 30 months in prison and served nine months. Released early in February, he’s studying for a master’s degree in information systems security at Sheffield Hallam, about a three-hour train ride north of London.
“I just saw a challenge in getting into a server,” he said in the Sheffield talk, which he called: LulzSec, 50 Days of Lulz.
“If I couldn’t get into it, it just made me want to get into it more.”
LulzSec was an offshoot of Anonymous, the online activists who attacked PayPal Inc. and MasterCard Inc. (MA) websites when those companies stopped payments to WikiLeaks after it published U.S. military information. The name is derived from the phrase “laughing at security,” because they found online security was so poor it deserved derision.
LulzSec’s handful of members accessed millions of user names and e-mail addresses from Sony’s server, and intercepted FBI communications from a private contractor’s computer system.
“We never cared about money.”
“If we had wanted money, we would have done banks and you would have never heard about it.”
Ryan described the hacker’s toolkit, rainbow tables and SQL injection, and how he used weaknesses in programming code or vulnerable passwords to take control of systems.
“All of this is very illegal,” he said, to laughter from the audience.
Ryan received an information-technology degree while in prison and hopes to make a career in ethical hacking, although he accepts it might be difficult for employers to trust him.
“I’m still probably going to find it difficult to go into industry because of my criminal record.”
“While I was in prison, I thought that was it, I’m never going to get a job,” he said. He’s still subject to bail conditions; he can’t use certain types of encryption and must report to police if he owns a computer. “Now that I’m out, I’m a bit more optimistic. I wanted to study, hopefully that will lead to somewhere good.”