Three UK members of hacktivist group LulzSec – an offshoot of Anonymous – have pleaded guilty to attempting to break into computers run by the NHS, Sony and News International.
They were arrested in 2012 after the LulzSec's apparent leader, Hector Xavier Monsegur, was arrested by the FBI and persuaded to turn informant.
Ryan Ackroyd, a 26-year-old from South Yorkshire, admitted plotting to hack into the websites of 20th Century Fox and Arizona state police in the US as part of an eight-month campaign in 2011.
He pleaded guilty to one computer hacking-related charge alongside fellow LulzSec members Jake Davis, 20, and 18-year-old Mustafa al-Bassam, at Southwark crown court in London .
Ackroyd and Bassam initially denied the charges.
Davis, from Shetland, and Bassam from south London, admitted conspiring to bring down the websites of the CIA in the US and the UK’s Serious Organised Crime Agency (SOCA) in 2011.
Read more about LulzSec
- US indicts suspected UK LulzSec member
- Feds announce Anonymous, LulzSec arrests
- LulzSec returns to target Murdoch
- Hackers attack Panda Labs website in LulzSec revenge attack
- FBI informer Hector Xavier Monsegur aids in arrest of LulzSec hackers
- Suspected LulzSec hacker named and charged
- Suspected teen LulzSec hacker released on bail
- UK police nab another suspected LulzSec teen hacker
- Anonymous and Lulzsec hackers hit Italian cyber crime unit
- FBI makes LulzSec arrests in Sony breach investigation
They also pleaded guilty to attempting to break into computers run by the NHS, media giants Sony, 20th Century Fox and News International.
The three hacktivists will be sentenced on 14 May along with a fourth LulzSec member, Ryan Cleary, a 21-year-old from Essex, who was arrested in June 2011 and pleaded guilty to six related charges.
Bassam, who was 17 at the time of his arrest, was named for the first time and is believed to be the youngest hacker to date to admit to charges linked to LulzSec, according to the Guardian.
At the time of the arrests, lawyer Sam Jardine said UK businesses should be looking at how they should strengthen their internal IT security policy.
Jardine, an associate at international law firm Eversheds, said organisations should check their web servers are secure enough to survive hacking attempts, and resilient enough to survive denial of service (DOS) or distributed denial of service (DDOS) attacks.
Organisations should also look at what information is held on networked machines, as they are under a legal duty to keep electronically held information safe and secure, he said.
Jardine said information leaks can lead to huge losses and, depending on the nature of the information, result in claims for breach of contract, breach of confidentiality, negligence or data protection legislation.