Support NeoGAF

[Killthee]

Teenage hacker jailed for masterminding attacks on Sony and Microsoft

A man has been jailed for two years for setting up a computer hacking business that caused chaos worldwide.

Adam Mudd was 16 when he created the Titanium Stresser program, which carried out more than 1.7m attacks on websites including Minecraft, Xbox Live and Microsoft and TeamSpeak, a chat tool for gamers.

He earned the equivalent of more than £386,000 in US dollars and bitcoins from selling the program to cybercriminals.

Mudd pleaded guilty and was sentenced at the Old Bailey. The judge, Michael Topolski QC, noted that Mudd came from a “perfectly respectable and caring family”. He said the effect of Mudd’s crimes had wreaked havoc “from Greenland to New Zealand, from Russia to Chile”.

Topolski said the sentence must have a “real element of deterrent” and refused to suspend the jail term. “I’m entirely satisfied that you knew full well and understood completely this was not a game for fun,” he told Mudd. “It was a serious money-making business and your software was doing exactly what you created it to do.”

Polnay said there were more than 112,000 registered users of Mudd’s program who hacked about 666,000 IP addresses. Of those, nearly 53,000 were in the UK.

Among the targets was the fantasy game RuneScape, which had 25,000 attacks. Its owner company spent £6m trying to defend itself against DDoS attacks, with a revenue loss of £184,000.

While not an official member of Lizard Squad, they apparently used his code to launch their DDoS attacks.

In any case, I’m not terribly interested in turning this post into a commercial for the Lizard kids; rather, it’s a brain dump of related information I’ve gathered from various sources in the past 24 hours about the individuals and infrastructure that support the site.

In a show of just how little this group knows about actual hacking and coding, the source code for the service appears to have been lifted in its entirety from titaniumstresser, another, more established DDoS-for-hire booter service. In fact, these Lizard geniuses are so inexperienced at coding that they inadvertently exposed information about all of their 1,700+ registered users (more on this in a moment).

https://krebsonsecurity.com/2014/12/lizard-kids-a-long-trail-of-fail/comment-page-1/

 

[KZXcellent]

GOOD

 

[Celcius]

Great. Too bad he couldn't have used his skills for a more constructive purpose.

 

[manfestival]

Very good

 

[antitrop]

Get fucked

 

[tci]

Great news. Now get the rest of them

 

[Leona Lewis]

Lock her up

 

[Gxgear]

Get fucked

Well, it's inevitable given where he's going.

 

[Joyful]

knew these guys were script kiddies

 

[Steeped in a Sea of Games]

I wonder if this opens him up for prosecution elsewhere as well.

 

[Maximo]

Lol laters fucker.

 

[Zaventem]

Anyone else find tthe jail time for these attacks relatively low?

 

[Cleve]

Well, it's inevitable given where he's going.

Do we have to go for the rape jokes?

 

[Snaku]

 

[Darryl M R]

So do they have the name of everyone that used the service as well? Get them all.

 

[Biggad]

How is it possible to create something technical of that magnitude at 16? How does that happen, serious question.

 

[Sniffynose]

I mean I would go to jail for 2 years if I could make 1 million Canadian from it, that's a sweet deal. Crime pays apparently.

 

[Goldenroad]

Well, it's inevitable given where he's going.

I made joke once about a murderer getting prison raped and got banned for it. Might wanna consider that.

Anyway, this seems pretty lenient to me. 2 years probably means he's out in 6 months on "good behavior". He should have to spend every day of the rest of his life paying back the time that people lost on those services to the individuals effected.

 

[Dylan]

HisNameIsMudd.jpeg

 

[Gentleman Jack]

2 years seems lenient for causing tens of millions of dollars in damage to organizations ranging from schools to ISPs. On the other hand, the States would probably take it too far in the other direction. OH WELL.

 

[Skyzard]

£386,000 (who knows how much in damages) and 2 years jail.

Crime pays.

 

[Charles Brandon]

Well, it's inevitable given where he's going.

I don't think that happens so much in the UK

 

[razgriz417]

good, now if only he had names or payment info on the other 112000 registered users to give up

 

[Into the Light]

Seriously, use the skills to make the world a better place, I assure you the money will come.

 

[TheOMan]

Does he get to keep that money? I hope not.

 

[Gummi Bunnies]

Haha. Serves him right.

 

[Chris1]

I don't think that happens so much in the UK

And even then, he's in a young offenders institution and has autism so prison officers will probably be keeping a real close eye on him.

 

[KLoWn]

Justice.

 

[Onaco]

Just two?

 

[MomoPufflet]

Hard to get excited about 2 years. He'll walk out of jail directly into a 6-figure consulting job.

 

[Into the Light]

I will never forgive Xmas 2015, it was a dark day.

 

[Arcipello]

feels good man

 

[one_kill]

How is it possible to create something technical of that magnitude at 16? How does that happen, serious question.

https://www.youtube.com/watch?v=DBXZWB_dNsw
Some people just get it

Hard to get excited about 2 years. He'll walk out of jail directly into a 6-figure consulting job.

This is true unfortunately

 

[Dipper145]

Initially felt weird about it because he was 16 at the time, then I realized that he's 20 now.

But the article makes it seem like he's being charged for stuff he did while studying in college in 2013 when he was 16 so I'm just more confused.

It looks like he was arrested in 2015, which would have made him 18 at the time. I suppose they specifically let him keep doing what he was doing until he was legally an adult so they could get a prison sentence?

Hopefully when he gets out he lands on the the side of working for cyber-security.

 

[Netherscourge]

Hopefully he reassess his life while in jail.

He could probably do well for himself with an honest living.

 

[Shadow Broker]

£386,000 (who knows how much in damages) and 2 years jail.

Crime pays.

Now that he was caught, found guilty, and sentenced his victims can sue him for damages.

 

[Kayant]

Teenage hacker

TheGuardian hasn't got the memo yet it seems. Also that's a shitton of money good they got rekted.

Among the targets was the fantasy game RuneScape, which had 25,000 attacks. Its owner company spent £6m trying to defend itself against DDoS attacks, with a revenue loss of £184,000.

Damn! Didn't know DDos prevention services can be that costly.

 

[m_dorian]

My sense of justice is justified from this sentence, one more year would not hurt though.
However, he was sixteen (16) when he started and anyone can act like or be an idiot when they are 16.
That is why i do not approve any "get screwed" post i am reading here.

 

[Plumpbiscuit]

Now that he was caught, found guilty, and sentenced his victims can sue him for damages.

You can only sue if you're expecting a lot money in return, and you can't get that money if it doesn't exist.

 

[Kayant]

My sense of justice is justified from this sentence, one more year would not hurt though.
However, he was sixteen (16) when he started and anyone can act like or be an idiot when they are 16.
That is why i do not approve any "get screwed" post i am reading here.

Sure at the same time there are many people in the world that are mature at that age even less and doing something stupid isn't really limited by age.

 

[Boke1879]

Hopefully the ball gets really rolling on this stuff, and swatting too.

When people start getting punished with Hefty fines and some jail time people might think twice.

 

[PetrCobra]

Hard to get excited about 2 years. He'll walk out of jail directly into a 6-figure consulting job.

Why is this bad? It just means he won't continue doing what he did, in fact he'll be on the other side. Plus, some people in here demanded that he pays the hacked companies what they spent/lost as a result of those attacks, well a six figure job might actually make that possible.

 

[m_dorian]

Sure at the same time there are many people in the world that are mature at that age even less and doing something stupid isn't really limited by age.

And there are also many stupid 16 yo without any real life experience. "Get screwed" will not help them mature.

 

[Justinh]

Hard to get excited about 2 years. He'll walk out of jail directly into a 6-figure consulting job.

Will this actually happen to this kid, though?

In any case, I'm not terribly interested in turning this post into a commercial for the Lizard kids; rather, it's a brain dump of related information I've gathered from various sources in the past 24 hours about the individuals and infrastructure that support the site.

In a show of just how little this group knows about actual hacking and coding, the source code for the service appears to have been lifted in its entirety from titaniumstresser, another, more established DDoS-for-hire booter service. In fact, these Lizard geniuses are so inexperienced at coding that they inadvertently exposed information about all of their 1,700+ registered users (more on this in a moment).

https://krebsonsecurity.com/2014/12/...omment-page-1/

Oh, I misunderstood. This guy actually made the thing that lizard squad copied apparently?

Hopefully the ball gets really rolling on this stuff, and swatting too.

When people start getting punished with Hefty fines and some jail time people might think twice.

Yeah, swatting needs to fucking stop. It's not funny and I don't see why anyone would dream of doing it unless they were actually trying to bring harm to another person.

oh my God, his name actually is Mudd

Topolski said the sentence must have a ”real element of deterrent" and refused to suspend the jail term. ”I'm entirely satisfied that you knew full well and understood completely this was not a game for fun," he told Mudd.

Interesting

 

[Kayant]

And there are also many stupid 16 yo without any real life experience. "Get screwed" will not help them mature.

Yes but it teaches them a lesson and show others actions have consequences. What should be done instead in this instance if not something to this degree given the scale of the damage caused as highlighted in the OP?

 

[Pantz]

 

[Haly]

2 years seems okay for this I suppose, in that it's not purely punitive but also not a slap on the wrist. 2 years is a lot to a 20 year old, but not life ruining.

 

[Maximo]

And there are also many stupid 16 yo without any real life experience. "Get screwed" will not help them mature.

When I was 16 I was sneaking beers and taking P Plates when I was roaming the streets with mates, I didn't make a DDoS program making over £386,000 in US dollars and more in bitcoins and sell that to criminals...biiiig difference.

 

[Apathy]

Lizard Squad is just a bunch of script kiddies and not 1337 h4x0rs?!?! No?!?! You don't say?!?!

Oh wait, except what everyone said that wasn't old media.

 

[Wonder Peter]

The thing is, he created the tool but he wasn't the one responsible for the DDOS attacks on those servers they mention, it's like jailing the guy responsible that made a gun that was used by another person that commited the crime. Kinda weird, and 2 years in prison for this at this age, kinda excessive, there are perfect legal uses for this kinda of software.