Cody Kretsinger, 23, pleaded not guilty on Monday during his brief appearance in court. He is charged with participating in the attack against Sony Pictures earlier this year. In all, he faces 15 years in prison if convicted.
In late May, during the height of their escapades, LulzSec said it was the beginning of the end for Sony. A week later, they released 140,000 records. The breach was possible thanks to a single SQL Injection flaw within a promotional page for the movie Ghostbusters. The SQLi flaw led them to more than one million clear text passwords, 3.5 million “music coupon” codes, and 75,000 “music codes”.
Last month, the FBI reported that Kretsinger used a VPN from HideMyAss.com to scout Sony Pictures’ website for SQL Injection vulnerabilities. This information was confirmed by the VPN provider, who said they cooperated with law enforcement during their investigation.
“…services such as ours do not exist to hide people from illegal activity. We will cooperate with law enforcement agencies if it has become evident that your account has been used for illegal activities,” HideMyAss.com states in their TOS.
After pleading not guilty to the charges of conspiracy, and unauthorized impairment of a protected computer, U.S. Magistrate Judge Victor Kenton set the trial date for December 13. In addition, he ordered that Kretsinger be represented by a public defender.
In somewhat related news, a judge-led review panel in the U.K. has said that extradition treaty with the United States is not biased against British criminal suspects on Tuesday, leading to possible charges in the U.S. for the alleged U.K. members of LulzSec currently awaiting trials.
The review was held as part of an ongoing legal battle by Gary McKinnon, a self admitted hacker who breached U.S. systems looking for information on UFOs. McKinnon, age 45, suffers from Asperger's syndrome and supporters say that moving him to the U.S. for trial would harm his health.