When LulzSec bragged way back in June that it had broken into Sony's servers and released the personal information -- including passwords, email addresses, home addresses and birthdays -- of a million users, smart readers took it with a grain of salt. The Anonymous splinter group claimed up front that it had used what's known as a SQL injection (regarded among hackers as one of the most basic break-in tools) to get into Sony's servers and get access to the information. On Thursday, the FBI announced two new Anonymous and LulzSec arrests. One was a homeless San Francisco man who allegedly broke into government websites in Santa Cruz. The other was Cody Kretsinger, a Phoenix man charged with the infamous Sony Pictures breach. The charging documents describe an attack that was as easy as the group first claimed.
The hack took about three days in total, according to the indictment against Cody Kretsinger, the Phoenix man charged in the Sony attack. Kretsinger and "known and unknown coconspirators" started stealing and sharing Sony Pictures' user data on May 30, and posted it on the Web on June 2, the indictment says. Kretsinger allegedly used the proxy server site hidemyass.com to disguise his location, then worked with his LulzSec colleagues to carry out the SQL attack: