15-year-old arrested for hacking 259 companies

A 15-year-old boy has been arrested for hacking into 259 companies during a 90-day spree. In other words, during the last quarter he successfully attacked an average of three websites per day.
Written by Emil Protalinski, Contributor

Austrian police have arrested a 15-year-old student suspected of hacking into 259 companies across the span of three months. Authorities allege the suspect scanned the Internet for vulnerabilities and bugs in websites and databases that he could then exploit. As soon as he was questioned, the young boy confessed to the attacks, according to Austria's Federal Criminal Police Office (BMI).

The boy allegedly stole data and published it publicly after breaching the security infrastructures of 259 firms. He also defaced many company websites and boasted about his accomplishments on Twitter, where he also posted links to his data dumps.

The firms were attacked between January 2012 and March 2012, and they were not limited to just Austria. He didn't seem to target specific types of industries: everything from sports companies, to tourism services, to adult entertainment, to search services were attacked.

The young man reportedly admitted to being responsible, saying that he was bored and wanted to prove himself. He was described as anti-social, and so looked to the online world for praise and affirmation, possibly being inspired by reports about the hacktivist group Anonymous.

After finding a hacker forum that gave members points for successful attacks, the boy went to work. Three months later, the 15-year-old was in the top 50 hackers of the approximately 2,000 users registered on the forum.

The teenager used various hacking tools widely available on the Internet, including software that helped him remain anonymous. Now and then, he left messages in the systems he hacked, or simply signed them with the hacker name ACK!3STX (a search for the handle on Twitter gave me no results).

Eventually, however, ACK!3STX's anonymizing software failed him and his IP address was visible to BMI's C4 (Cyber Crime Competence Centre) unit. C4 had been receiving multiple complaints from companies since the beginning of the year, so they started monitoring the hacker. At the end of last month, the unit traced his location to a residence in Lower Austria, and then obtained a search warrant.

Authorities said they could not detail the damage ACK!3STX caused, because their investigation is still ongoing. Europol is trying to quantify his attacks both at home and abroad.

I'd like to thank Sebastian Gruber for tipping me on this story as well as providing the above screenshot of a site defaced by ACK!3STX.

See also:

Editorial standards