Can the same talents that landed Hacker Ackroyd in jail one day secure him a six-figure salary?
Ryan Ackroyd fiddled nervously with the microphone clipped to his shirt as about 200 fellow students crowded into an auditorium at Sheffield Hallam University.
“This is the first lecture I’ve ever done,” he told them, after being introduced as a former computer hacker and current student. “I’ve done some very, very naughty things.”
Ackroyd, 27, and three other members of the LulzSec hacking collective were jailed in 2013. The group’s members, who never met in person, disrupted the websites of Sony Corp. (6758), News Corp. (NWSA) the U.S. Central Intelligence Agency and Arizona police. They also targeted the U.S. Air Force and Britain’s National Health Service.
“Companies suffered serious financial and reputational damage,” said Andrew Hadik, a U.K. prosecutor, after the four were sentenced in May 2013. Ackroyd, who had pleaded guilty to the charges, was sentenced to 30 months in prison and served nine months.
Released early in February, he’s studying for a master’s degree in information systems security at Sheffield Hallam, about a three-hour train ride north of London. In the speech to students Nov. 25, he said he regretted what he’d done and hoped to put his skills to better use.
Companies “recognize that there is this perfect storm ofcyber securityoccurring and there are not enough professionals to service their needs,” said Del Heppenstall, a director at KPMG LLP, who works in information security. “It’s left a gap in the market.”Ackroyd, who left school at 16, taught himself how to read computer code. He started hacking at the age of 11 or 12, at first because he wanted to cheat on computer games, altering the code to get infinite lives or invincibility. It proved to be addictive.
“I just saw a challenge in getting into a server,” he said in the Sheffield talk, which he called: LulzSec, 50 Days of Lulz.“If I couldn’t get into it, it just made me want to get into it more.”
LulzSec was an offshoot of Anonymous, the online activists who attacked PayPal Inc. andMasterCard Inc. (MA) websites when those companies stopped payments to WikiLeaks after it published U.S. military information. The name is derived from the phrase “laughing at security,” Ackroyd said, because they found online security was so poor it deserved derision.
LulzSec’s handful of members accessed millions of user names and e-mail addresses from Sony’s server, and intercepted FBI communications from a private contractor’s computer system, Ackroyd said.