By the time a British teenager was caught, he had DDOSed Spamhaus with 300 gigabits of traffic. He had in his possession 1,000 credit card numbers and £72,000 in his bank accounts. He was sentenced to 240 hours of community service.
Do you think that is a fair sentence?
The attack on anti-junk mail group Spamhaus in 2013 slowed the internet around the world.
Seth Nolan Mcdonagh was sentenced at Southwark crown court to 240 hours of community service for the attack.
Mcdonagh had already pleaded guilty to five charges but details could not be reported until today's sentencing hearing by which time he had turned 18.
The attack on Spamhaus - which tracks sources of junk mail messages, to help network administrators and law enforcement to block spam senders - began on 15 March 2013 and drew world-wide attention.
It was a Distributed Denial of Service (DDoS) attack in which attackers bombarded servers with so many requests for data that they can no longer cope. This made them crash or stop working.
Spamhaus called on anti-DDoS specialist Cloudflare for support which then led to further and heavier attacks.
At its peak the attack was funnelling 300 gigabits of traffic every second to Spamhaus computers - the biggest DDoS attack ever seen at that time.
The sheer volume of traffic caused problems for internet traffic internationally and particularly for LINX - the London Internet Exchange - which helps data hop from one network to another.
The court heard the impact on the internet had been "substantial".
Mcdonagh, who used the hacker alias "narko", was described as a "gun for hire" who took down websites for those willing to pay, although other individuals, the court heard, may also have been involved.
Amongst other sites he targeted was the BBC on 24 February 2013, Sandip Patel QC for the prosecution said.
The court also heard that more than £72,000 had been discovered in Mcdonagh's bank account after his arrest in April 2013.
Source code used in the attacks was also found on machines in his house in London.
He also had in his possession 1,000 credit card numbers, apparently from German financial institutions.
Evidence presented in court revealed that Mcdonagh's criminal activity started when he was 13.
Ben Cooper, defending Mcdonagh, said his client had suffered from a severe mental illness at the time of the attack and had withdrawn from school, the wider world and even his own family.
His family have since played a key role in supporting his recovery to the point where he is now completing his A-levels and hoping to go to university . Judge Pegden described the case as "exceptional" adding that the crimes were "serious" and "sophisticated and unprecedented in scope".
The judge did not impose a custodial sentence saying Mcdonagh's rehabilitation since his arrest was "remarkable" and that he had shown "complete and genuine remorse".
He said there was virtually no risk of further harm or re-offending.
Richard Cox, chief information officer at Spamhaus, thanked the UK's National Crime Agency for the "enormous effort and resources" it had dedicated to investigating Mcdonagh.
He said he hoped the case would make very clear the considerable benefit that can result from law enforcement working closely with industry.
"We fully appreciate the difficult predicament with which the sentencing judge was faced, and hope that anyone considering similar attacks will take heed of his remarks, that in any other circumstances such criminality would have resulted in a custodial sentence," he said.
http://www.bbc.com/news/technology-33480257
I think they should have taken his use of computers away.
Totally got away with what he did with a slap on the hand holy shit.
He got off too lightly.
They chalked it up to the kid turning himself around prior to sentencing.
It's what happens when we allow computers to run our lives for us.
We get taken over by them and potentially are at the mercy of evil children such as those above.
He should spend no less than 10 years in a US prison where he can become some other inmate's girlfriend.
Then maybe he'd learn his lesson and say sorry.
So did he have to pay back everything he stole?
I don't know that he stole any money. He was paid to attack big companies.
What THAT tells me is that some of these institutions need to start reviewing their security.
It was DDOS attacks not security breaches.
It was a distributed NTP (network time protocol) amplification attack. It was a huge pain in the ass because it made everybody's NTP server a potential attacker.