Briton accused of hacking Fox, PBS websites

LOS ANGELES (AP) – A 20-year-old Briton suspected of links to the hacking group Lulz Security is accused of cracking into websites for a Fox reality TV show, a venerable news show and other sites to deface them or steal personal information, federal prosecutors said Wednesday.

A federal grand jury indicted Ryan Cleary on conspiracy and hacking charges for allegedly hacking sites for the talent competition The X-Factor, the site for PBS NewsHour, Sony Pictures and others.

The indictment filed Tuesday alleges Cleary and his co-conspirators would identify security vulnerabilities in companies' computer systems and use them to gain unauthorized access and, often, cause mayhem.

In a separate and similar case filed against Cleary in theUnited Kingdom in 2011, he faces allegations that he and others hacked a law enforcement agency, the Serious Organized Crime Agency, and various British music sites — all while he was still a teenager.

Cleary was taken into custody in March and remains in custody in the United Kingdom, said Laura Eimiller, FBI spokeswoman.

In one instance, the U.S. indictment alleges, Cleary conspired to steal the confidential information of people who registered to get information on auditions for the Fox talent competition The X-Factor.

That hack was the first to be claimed by LulzSec, an offshoot of the larger hacking group Anonymous, in tweets about its international hacking spree that began in May 2011.

Later that month, LulzSec claimed to have hacked the website of the Public Broadcasting Service, where a phony news story was posted claiming the dead rapperTupac Shakur was alive and living in New Zealand.

The post caused a stir on the site for PBS NewsHour, an award-winning broadcast news show, and came after the network aired a documentary on WikiLeaks founder Julian Assange that was deemed critical. PBS' ombudsman at the time defended the program's treatment of Assange as "tough but proper."

The indictment also alleges LulzSec and Cleary hacked into the computer systems of Sony Pictures Entertainment Inc. in June 2011 to steal confidential information of users who had registered on the company's website.

Cleary faces a maximum of 25 years if convicted on all charges.

Calls and emails to Fox, Sony and The NewsHour seeking comment and confirmation were not immediately returned Wednesday.

An after-hours call to Cleary's legal representative in London was not returned. It was not immediately clear who would represent him in the United States.

LulzSec also has claimed responsibility for hacking incidents not listed in Cleary's indictment, including hacking the CIA's public-facing website and the Atlanta chapter of an FBI partner organization called InfraGard.

Copyright 2012 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Plenty Of Fish Hacked. Usernames and passwords compromised, says founder

Popular dating site Plenty of Fish was hacked last week, exposing users’ email addresses, usernames and passwords, according to a blog post today from its founder and CEO.

In what he calls “an incredibly well planned and sophisticated attack”, Markus Frind writes that “Plentyoffish was hacked last week and we believe emails usernames and passwords were downloaded. We have closed the security hole that allowed them to enter.”

Frind says that an official announcement from the company will follow shortly so at present, the extent of the breach is unknown. However, the story behind the hack is interesting.  Frind lays the blame on an Argentinian hacker. He claims that after breaking into Plenty of Fish’s database, the hacker contacted Frind’s wife claiming that “Russians have taken over his computer and are trying to kill him, and his life is in extreme danger and they are currently downloading plentyoffish’s database”.

Frind alleges that the hacker claimed a widespread, Russian-led hack on major dating sites was underway and the gang responsible planned to steal $30 million dollars from them. Frind says that he believes that this was an extortion attempt by the hacker who later introduced himself as part of a security company that could help solve the problem.

In the comments to Frind’s post, the “hacker” concerned denies the accusation, saying that he simply got in contact to offer a solution and wasn’t responsible for any data breach himself.

Meanwhile, over on Hacker News, an in-depth discussion is taking place into the security (or otherwise) of Plenty of Fish’s method of storing passwords. It appears that the passwords have been stored in an unencrypted form, thus leading to their easy exposure to hackers.

So, extortion attempt or a legitimate security analyst trying to help? We’re still unpicking the facts behind this, but one thing’s for sure – if you’re a Plenty of Fish user, it’s best to change your password right now.