'Hacker_R_US' gets eight years in prison for bomb threats and DDoS extortion

'Hacker_R_US' was one of the two members of the Apophis Squad hacker group.
Written by Catalin Cimpanu, Contributor
Image: Blake Cheek

A US judge has sentenced a 22-year-old hacker to eight years in prison for engaging in DDoS extortion schemes, making fake bomb threats against companies and schools across the world, and possession of child pornography materials.

Identified as Timothy Dalton Vaughn, a resident of Winston-Salem, North Carolina, the hacker was arrested in February 2019pleaded guilty in November of the same year, and was sentenced to 95 months in prison on Monday, following delays to his sentencing due to the COVID-19 pandemic.

SEE: Meet the hackers who earn millions for saving the web, one bug at a time (cover story PDF) (TechRepublic)

Vaughn, who went online as "Hacker_R_US" and "WantedbyFeds," was a member of Apophis Squad, a hacker group who made a splash in the first eight months of 2018 and then fizzled out of existence after a law enforcement crackdown.

The group was your typical loudmouth hacker squad that bragged about launching DDoS attacks on their Twitter account, but according to court documents, they also extorted some of their targets in private, asking for money to stop their attacks.

But while they're not the only hacker group to engage in DDoS extortion, Apophis Squad members went off the rails in the summer of 2018, when, for no apparent reason, they escalated their online nuisance to a whole new level by beginning to make erratic bomb threats against a wide range of targets that included schools, airports, government organizations, and many private companies.

Obviously, the switch to such brazen tactics didn't go unanswered and a law enforcement crackdown followed soon after, especially after one of their fake bomb threats forced a plane to make an emergency landing.

UK police arrested the group's leader in August 2018, and Vaughn's arrest followed the next February.

The group's leader, who went online by nicknames such as "optcz1," "DigitalCrimes," and "7R1D3N7," was identified as George Duke-Cohan, 19, from Hertfordshire, UK.

Duke-Cohan was linked to DDoS extortions and fake bomb threats, and the hacker was quickly trialed in the fall of 2018 to receive a three-year prison sentence in December 2018.

In the follow-up case in the US, authorities similarly linked Vaughn to a $20,000 DDoS extortion against a Long Beach company and bomb threats made against 86 school districts, where he and other co-conspirators claimed to have planted ammonium nitrate and fuel oil bombs in school buildings; rocket-propelled grenade heads under school buses; and land mines on sports fields.

During a subsequent arrest and house search, the FBI said it also found child pornography materials on Vaughn's devices and tacked on additional charges.

Vaughn was sentenced to 95 months for the child pornography possession charge and 60 months for the other charges. The terms will be served concurrently for a sentence of 95 months (7 years and 11 months) in prison.

The FBI's most wanted cybercriminals

Editorial standards