A former University of Akron student was sentenced Friday to 30 months in prison, followed by 3 years of supervised release for conducting Denial of Service Attacks on the sites of several prominent conservative figures as well as infecting several systems with botnet zombies.
Mitchell L. Frost, age 23, of Bellevue, Ohio admitted that between August 2006 and March 2007, he initiated Denial of Service attacks on Web servers hosting the Web sites several conservative figures including Bill O’Reilly (www.billoreilly.com), Rudy Giuliani (www.joinrudy2008.com), Ann Coulter (www.anncoulter.com), and others.
Frost was also ordered to pay restitution in the amount of $40,000 to Bill O’Reilly.com and $10,000 to the University of Akron, as well as a special assessment of $200 to the Crime Victims’ Fund.
On May 26, 2010, Frost pleaded guilty to causing damage to a protected computer system and possessing 15 or more unauthorized access devices.
According to court documents, Frost admitted that between August 2006, and March 2007, while enrolled as a student at the University of Akron, he used the University’s computer network to access IRC channels infected several systems located in the United States and in other countries with botnet zombies.
Frost also admitted gaining access to other computers and computer networks by various means, including scanning for computer networks which were vulnerable to attack or unauthorized intrusion, gaining unauthorized access to and control over such computers, and fraudulently obtaining user names and passwords for users on such systems. Frost admitted using the compromised machines to spread malware and harvest data from the compromised systems, including user names, passwords, credit card numbers, and CVV security codes, and for the purpose of launching Distributed Denial of Service (DDoS) attacks on computer systems and Internet websites.
The former student also admitted initiating denial of service attacks against University of Akron computer servers on or about March 14, 2007, which caused the entire University of Akron computer network to be knocked off-line for approximately 8 1⁄2 hours, preventing all students, faculty and staff members from accessing the network. The University claimed that response and remediation efforts to restore network services cost over $10,000.
The case was prosecuted by Assistant U.S. Attorney Robert W. Kern, Cybercrime Coordinator for the Cleveland U.S. Attorney’s Office, following an investigation by the Akron Office of the United States Secret Service, the Federal Bureau of Investigation and the University of Akron Police Department.
Earlier this week an IT Director who was fired from his job was sentenced to 27 months in prison for hacking into his former employer’s Web site.
Can your organization survive a massive DDoS attack?
More Cybercrime News – http://www.securityweek.com/cybercrime
