The Tech Herald

Proxy logs helped FBI track and arrest LulzSec member

by Steve Ragan - Sep 23 2011, 03:37

The logs maintained by, in addition to other evidence, has led to the arrest of another LulzSec member in Arizona, The Tech Herald has learned. Cody Kretsinger, 23, allegedly used the anonymity service during his role in the attack on Sony Pictures.

In late May, during the height of their escapades, LulzSec said it was the beginning of the end for Sony. A week later, they released 140,000 records. The breach was possible thanks to a single SQL Injection flaw within a promotional page for the movie Ghostbusters. The SQLi flaw led them to more than one million clear text passwords, 3.5 million “music coupon” codes, and 75,000 “music codes”.

At the time, database dump with 12,500 records, containing names, home addresses, phone numbers, email addresses, usernames and passwords, was viewed as the most damaging part of the release. In a statement, Sony Pictures confirmed the breach, and said they were working with the FBI during the investigation. [More]

According to a recently unsealed indictment filed in Los Angeles, and a press release from the FBI, one of the participants in the LulzSec attack was arrested without incident at his home in Phoenix, Arizona on Thursday.

The indictment states Cody Kretsinger used a VPN from to scout Sony Pictures’ website for SQL Injection vulnerabilities. Based on statements made by the group at the time, Kretsinger’s efforts were successful. In an attempt to cover his tracks, he formatted his hard drive.

Sources at the U.S. Department of Justice told The Tech Herald this afternoon that depending on the methods used to erase the drive, it was entirely possible that data would be recovered. Computer Forensics has come a long way in the last decade. Aside from outright destroying a disk, it’s hard to wipe a hard drive in a short amount of time. In addition, the source suggested that server logs presented by Sony and the anonymity service helped with the investigation.

Logs, seized equipment, and testimony from those arrested, seems to be the undoing for those connected to Anonymous and LulzSec. However, the source refused to comment on the scope and general flow of the FBI’s investigation into Anonymous and LulzSec, so it is unknown how investigators are connecting the dots.

According to, “…services such as ours do not exist to hide people from illegal activity. We will cooperate with law enforcement agencies if it has become evident that your account has been used for illegal activities.”

The service stores logs for 30-days when it comes to Website proxy services, and they store the connecting IP address, as well as time stamps for those using the VPN offerings. Emails seeking comment on’s level of cooperation with the FBI, as well as to confirm what information was made available, were not returned.

Kretsinger made an initial appearance before a federal magistrate in U.S. District Court in Phoenix on Thursday. If convicted, he faces a maximum sentence of 15 years in prison.

In related news, a homeless man was arrested in San Francisco on Thursday as well, for his connection to Anonymous and an attack against the Santa Cruz County government. Moreover, the FBI conducted raids in Minnesota, Montana, and New Jersey, as part of their investigation into the actions of Anonymous and LulzSec.

Comment on this Story

comments powered by Disqus


Mercedes-AMG GT S Pricing

Mercedes-AMG has announced pricing for the new Mercedes-AMG GT S.The GT S will go on sale in...

Nissan is #withdad for Super Bowl

Nissan is the latest company to announce details of their advertising during the forthcoming...

Special-Edition Porsche GTS Club Coupe Unveiled

The new Porsche GTS Club Coupe has been revealed celebrating the 60th anniversary of the big...

Volvo Detroit Auto Show Pictures

Swedish car maker Volvo has been showing off their latest models at the North...

Ford GT Detroit Auto Show Pictures

We have added some great pictures of Ford’s new supercar the Ford GT. The company was s...