Ryan Ackroyd

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Ryan Ackroyd
Other namesKayla
OccupationComputer hacker
Known forFounder of LulzSec

Ryan Ackroyd,[1] a.k.a. Kayla[2][3] and lolspoon, is a former black hat hacker who was one of the six core members of the hacking group "LulzSec"[4][5] during its 50-day spree of attacks from 6 May 2011 until 26 June 2011.[6] At the time, Ackroyd posed as a female hacker named "Kayla" and was responsible for the penetration of multiple military and government domains and many high profile intrusions into the networks of Gawker in December 2010, HBGaryFederal in 2011, PBS, Sony, Infragard Atlanta, Fox Entertainment and others. He eventually served 30 months in prison for his hacking activities.

After his release from jail, Ackroyd publicly stated during "a conversation with Lulzsec"[7] that he believes Anonymous, other activists and like-minded should come together and attempt to change issues legally.

In December 2014, he gave his first ever lecture[8] in an over-capacity lecture auditorium at Sheffield Hallam University[9] for over 200 students, where he spoke about Lulzsec and their "50 days of lulz".

On his Twitter account,[10] Ackroyd vowed to help the security of the systems he once breached, stating that he would "help secure and defend the systems in hopes we can all learn from each other, should I be given the chance to do so". He also added "For me, it wasn't about stealing people's information, I just wanted to show people how flawed their so-called secure systems are. People need to fix their stuff… I sent countless emails to companies and even government organisations and I was ignored. I soon realised I'd have to show them why they should secure themselves before they would listen. I'm like Jiminy Cricket, only when you don't listen I'd hit you really hard with my tiny umbrella so you'd do the right thing," he joked.


Ackroyd is said to have LLI (low latent inhibition)[11][12] which is why he is driven by wanting to learn how everything works. He was an infantry soldier who served in Iraq where he specialised in encrypting military communications and systems.

Rise to prominence[edit]

In 2011, Ackroyd was part of the small group of hackers who breached the security of HBGaryFederal.com[13] through an SQL injection[14][15] and is said to have social engineered[16] the administrator of rootkit.com,[17] HBGary's CEO's personal website to gain root access to their entire systems. During the rise of the group "LulzSec", Ackroyd is said to be its most talented hacker, doing much of the security penetration along with Hector Monsegur. He hacked into fox.com,[18] UK Bank Machines,[19] Sony,[20] PBS,[21] the FBI,[22] Bethesda Softworks,[23] Senate.gov,[24] Arizona Department of Public Safety,[25] AT&T, AOL, Navy.mil,[26] Infragard Atlanta,[27] NATO Bookshops[26] and others during LulzSec's infamous "50 Days of Lulz".[28][29]

Ackroyd is responsible for the hack on Booz Allen,[30] where Edward Snowden was an employee. He was also responsible for the hack into Gawker Media's computer networks in December 2010, in retaliation to what Ackroyd perceived to be behaviour condescending of Anonymous and other affiliated hackers. During this time, Ackroyd hacked into hundreds of military domains to show vulnerabilities were in excess even in the most sensitive areas.

Arrest and legal proceedings[edit]

On 1 September 2011, Ackroyd's "lolspoon" Twitter feed went silent for the last time,[2] amidst announcements that the hacker was arrested[31] in Mexborough, South Yorkshire.[32] It became clear that Ackroyd was not, in fact, a girl, but rather a 24-year-old man with prior military service in the British Army serving in Iraq. He was released on bail[33] with fellow co-defendants Tflow and Topiary.

Ackroyd was accused of installing a trip-wire which activated as soon as agents moved his computer upon raiding his home, which clean erased all data on his system.

On 9 April 2013, Ackroyd appeared in court for the final time[34] where he was branded "highly forensically aware" by the court. Ackroyd pleaded not guilty to Distributed Denial of Service (DDoS) attacks carried out under the LulzSec banner during its "AntiSec" campaign, but pleaded guilty to violating the computer misuse act.

Ackroyd served a 30-month prison sentence in England.[35]

After release[edit]

Ackroyd is now an Associate Lecturer at Sheffield Hallam University and is also enrolled on a master's degree in information systems security.[36][dead link][needs update]


  1. ^ "Ryan Ackroyd".
  2. ^ a b "Kayla".
  3. ^ "Lulzsec hacker 'Kayla' pleads guilty to cyber crime in U.K. - VentureBeat - Security - by Meghan Kelly".
  4. ^ The Christian Science Monitor. "6 men alleged to be LulzSec hackers". The Christian Science Monitor.
  5. ^ Charles Arthur. "LulzSec IRC leak: the full record". the Guardian.
  6. ^ "LulzSec's Top 3 Hacking Tools Deconstructed". Dark Reading.
  7. ^ "In conversation with former Anonymous and LulzSec hacktivists at The Royal Court Theatre". royalcourttheatre.com.
  8. ^ Ryan Ackroyd's Talk at Sheffield Hallam University. YouTube. 15 December 2014.
  9. ^ Kit Chellel (26 November 2014). "Laughing Hacker Who Hit Sony, FBI Now Seeks Legal Lols". Bloomberg.com.
  10. ^ "Ryan Ackroyd". twitter.com.
  11. ^ "» What is Low Latent Inhibition". lowlatentinhibition.org.
  12. ^ Latent inhibition#Low latent inhibition
  13. ^ Parmy Olson (16 March 2011). "Is This The Girl That Hacked HBGary?". Forbes.
  14. ^ Nicholas Jackson (16 March 2011). "Meet the 16-Year-Old Girl Who Hacked HBGary". The Atlantic.
  15. ^ "Anonymous speaks: the inside story of the HBGary hack". Ars Technica.
  16. ^ "HBGary's nemesis is a '16-year-old schoolgirl'".
  17. ^ https://dazzlepod.com/site_media/txt/rootkit.com.txt
  18. ^ "Hackers leak Fox.com employee info". msnbc.com.
  19. ^ "The rise of LulzSec: a hacking chronology".
  20. ^ "Hackers Lulzsec Say Sony Pictures Attacked, 1 Million Users Compromised (UPDATE)". The Huffington Post. 2 June 2011.
  21. ^ Andy Greenberg (30 May 2011). "PBS Hacked After Critical WikiLeaks Show". Forbes.
  22. ^ Matt Brian (26 June 2011). "50 Days Of Lulz: The Life And Times Of LulzSec - Media". The Next Web.
  23. ^ Tsukayama, Hayley (14 June 2011). "Skyrim keeps LulzSec from releasing more info. on Bethesda". Washington Post.
  24. ^ "LulzSec Strikes Again, Hits Bethesda Softworks And US Senate - Arik Hesseldahl - News - AllThingsD". AllThingsD.
  25. ^ "LulzSec Releases Arizona Law Enforcement Data, Claims Retaliation For Immigration Law". TechCrunch. AOL.
  26. ^ a b Andy Greenberg (25 June 2011). "LulzSec Says Goodbye, Dumping NATO, AT&T, Gamer Data". Forbes.
  27. ^ "Sony Hackers LulzSec Strike FBI Affiliate InfraGard". PCMAG.
  28. ^ "After 50 Days Of Attacks, Hacker Group LulzSec Calls It Quits". TechCrunch. AOL.
  29. ^ Mohit Kumar (26 June 2011). "50 Days of Lulz - LulzSec Says Goodbye & Operation AntiSec will Continue". The Hacker News - Biggest Information Security Channel.
  30. ^ Adam Clark Estes. "Anonymous Charges Booz Allen $310 for Hacking Their Email". The Wire.
  31. ^ "Scotland Yard Arrests LulzSec Hacker 'Kayla'". Fox News. 2 September 2011.
  32. ^ "Hacker "Kayla" taken down in latest LulzSec arrests?". Ars Technica.
  33. ^ "LulzSec's Kayla given bail". Infosecurity Magazine.
  34. ^ "BBC News - UK Lulzsec hacker Ryan Ackroyd pleads guilty". BBC News. 9 April 2013.
  35. ^ "LulzSec 'hacktivists' handed long jail sentences for hacking". the Guardian.
  36. ^ Sheffield Hallam University. "MSc Information Systems Security". shu.ac.uk.