Ryan Ackroyd

Early Life and Background

Ryan Ackroyd is a British former black hat hacker who served in the British Army, including a deployment to Iraq, before becoming involved in computer hacking. He operated under the online aliases Kayla and lolspoon, and notably maintained a female persona throughout his hacking activities, a detail that was not publicly known until his arrest.

Rise to Prominence

Ackroyd first gained attention in December 2010 when he was responsible for breaching the computer networks of Gawker Media, an action he carried out in retaliation for what he perceived as condescending behavior toward Anonymous and affiliated hackers. He subsequently became one of six core members of LulzSec, the hacking collective that conducted a widely publicized 50-day campaign of intrusions running from May 6 to June 26, 2011.

Within LulzSec, Ackroyd was described as its most talented hacker, conducting much of the group's security penetration work alongside Hector Monsegur. During the group's so-called "50 Days of Lulz," he was involved in breaches of fox.com, Sony, PBS, Senate.gov, Navy.mil, Infragard Atlanta, the Arizona Department of Public Safety, AT&T, AOL, Bethesda Softworks, NATO Bookshops, UK Bank Machines, and others. He also hacked into hundreds of military domains to expose vulnerabilities in sensitive systems.

Ackroyd was responsible for the breach of HBGary Federal's website through an SQL injection attack and is reported to have social engineered the administrator of rootkit.com, the personal website of HBGary's CEO, to gain root access to their systems. He was additionally responsible for the hack on Booz Allen Hamilton, a contractor at which Edward Snowden was employed at the time.

Arrest and Legal Proceedings

On September 1, 2011, Ackroyd's lolspoon Twitter account went silent, coinciding with reports of an arrest in Mexborough, South Yorkshire. His arrest revealed that Kayla was not, as widely assumed, a female hacker, but a 24-year-old man with prior military service. He was released on bail alongside fellow LulzSec co-defendants Tflow and Topiary.

Ackroyd made his final court appearance on April 9, 2013, where the court described him as "highly forensically aware." He pleaded not guilty to Distributed Denial of Service attacks carried out under LulzSec's AntiSec campaign but pleaded guilty to violations of the Computer Misuse Act. He subsequently served a 30-month prison sentence in England.

After Release

Following his release, Ackroyd pursued a career in legitimate cybersecurity. He became an Associate Lecturer at Sheffield Hallam University and enrolled in a master's degree program in information systems security. In December 2014, he delivered his first public lecture to an over-capacity audience of more than 200 students at Sheffield Hallam University, speaking about LulzSec and the group's 50-day campaign. He later became Lead Penetration Tester at The Hut Group.

Ackroyd publicly stated his belief that Anonymous, activists, and like-minded individuals should work together to pursue change through legal means. On his Twitter account, he expressed a desire to help secure the systems he once breached, framing his earlier hacking as an effort to expose security flaws that organizations had repeatedly failed to address despite being warned through conventional channels.