The UK’s West Midlands police force said late last week that Alex Bessell, from Liverpool, was behind a string of attacks against well-known brands, including Skype, Google, and Nintendo’s Pokemon web domains.
In a statement, the law enforcement agency said Bessell ran a botnet with over 9,000 slave PCs under his command which were used to launch Distributed Denial-of-Service (DDoS) attacks.
DDoS attacks send a flood of illegitimate traffic to web domains in a bid to crash them and prevent legitimate traffic from reaching these addresses, causing businesses disruption, time, and money to resolve.
West Mid says that this “zombie army” was used to conduct 102 attacks on companies.
In addition, the botnet was used to steal 750 account credentials — although which and where were not disclosed — and compromised PCs to deliver malware payloads.
The 21-year-old was also charged with operating a store hidden in the Dark Web.
Under the name “Aiobuy,” Bessell sold a variety of hacking tools and malware, including remote administration tools, botnet systems, crypters, booter access, and “other illegal items,” according to law enforcement.
Over 9,000 products were on sale, and Bessell made at least $700,000 from his business. Aiobuy catered for roughly 26,000 customers.
Bessell was charged with 10 offenses, including unauthorized access to computers, impairing the operation of computers, making and supplying malware, and money laundering.
The man pleaded guilty and landed a two-year jail sentence.
“In the past, we have seen hackers escape with suspended prison sentences or even community orders but courts are increasingly switching onto the damage cyber crooks can wreak,” said Investigating officer DC Mark Bird, from the West Midlands Regional Cybercrime Unit. “They can destroy businesses and cause huge financial distress for people and families.”
“Anyone who is using their technical expertise for sinister motives needs to sit up and take notice of this sentence — because they face a very real risk of being jailed,” Bird added.
Previous and related coverage
Schneider Electric has revealed how the Trojan managed to disrupt core industrial systems in the Middle East.
The Trojan is back with a new technique to avoid detection by email gateways.
The bug bounty highlighted serious security issues in the Pixel smartphone.