A Dutch hacker who launched DDoS attacks against high-profile sites like the BBC and Yahoo News, and also attempted to extort many other companies, received no jail time for his actions.
Speaking in a court in the Hague, the Netherlands earlier this month, a 20-year-old man showed remorse in court, admitted to his crimes, which he committed as a minor, and apologized for his actions.
The hacker received 120 hours of community support and 377 days of juvenile detention. He didn't get any prison time as a part of his sentence was considered time spent and was set free on a 360-day conditional release pursuant he not break any other laws.
S. was a Mirai botnet operator
According to heavily redacted court documents obtained by ZDNet, the hacker managed a DDoS botnet that he built using the Mirai IoT malware. Estimates on the size of the botnets ranged from 2,697 bots (court docs) to 10,000 bots (social media).
Court documents identified the hacker only as S. and did not reveall the names of any of his targets. However, according to a Haagsche Courant journalist present at a February 21 court hearing, some of the websites that suffered from S.'s wrath included the BBC, Yahoo News, e-commerce giant Zalando, and several Bitcoin exchanges and gambling sites.
Authorities say that in some cases, S. also contacted companies asking for Bitcoin ransoms to stop the attacks. One such example is the cryptocurrency exchange Moneypot, which, at the time, published one of S.'s ransom notes.
These attacks happened began around October 2016 and stopped a year later in October 2017, when investigators arrested the suspect.
Evidence from seized equipment included Skype logs detailing conversations with two co-conspirators, one named Chris and another suspect from Croatia.
Conversations included phrases such as "the're[sic] down and sent email" and "sent this," with a copy of the email S. had sent.
S. made roughly $150,000
Investigators claim that S. made roughly $150,000 in Bitcoin from his attacks and subsequent ransom demands.
Speaking in court in a February 21 hearing, S. told the judge that he started his DDoS spree because his parents couldn't give him money due to their financial situation and after learning that the creator of the Mirai IoT malware made $100,000 from a similar scheme. He began using the botnet soon after its source code was released online.
He also said that he first started hacking around 13-14, even before conducting the Mirai-supported DDoS attacks.
Besides confessing and apologizing for his crimes, S. told the judge that he is now involved in cryptocurrency mining and speculation, to which the judge replied that his new occupation is dangerous and that "you will need money again soon."
The prosecutions asked for a much harsher sentence, with a 24-months prison stay and that S. pay €12,000 ($13,500) in damages to some of the victims.
Multiple industry sources who spoke with ZDNet said that S. is one of the hackers included in a list of top IoT hackers and botnet operators compiled by NewSky Security last year. We have chosen not to include the hacker's nickname as this was speculation that we could not independently verify.
Related malware and cybercrime coverage:
- Malicious Counter-Strike 1.6 servers used zero-days to infect users with malware
- Almost 150 million users impacted by new SimBad Android adware
- WordPress shopping sites under attack
- Chinese hacking group backdoors products from three Asian gaming companies
- '100 unique exploits and counting' for latest WinRAR security bug
- Pirate Bay malware buries nuisance program bundles in a single click
- How the United Nations helps fight global cybercrime TechRepublic
- Google blocked 2.3 billion bad ads in 2018 CNET