Security Experts:

Connect with us

Hi, what are you looking for?



U.K. Teen Responsible for Bomb Threats, DDoS Attacks Sentenced to Prison

A British teenager involved in making false bomb threats and launching distributed denial-of-service (DDoS) attacks has been sentenced to three years in prison.

A British teenager involved in making false bomb threats and launching distributed denial-of-service (DDoS) attacks has been sentenced to three years in prison.

The bomb hoaxes of George Duke-Cohan, aged 19, targeted thousands of schools and other organizations in the United States and the United Kingdom, in hundreds of cases resulting in evacuations. He also made a prank call claiming that a United Airlines flight traveling from the UK to San Francisco had been hijacked.

The prank call targeting San Francisco airport was made while Duke-Cohan was on bail following his arrest – during that time he was not allowed to use electronic devices.

He has now been sentenced to one year in prison for the bomb hoaxes targeting schools, and two years for the airport incident.

While the charges brought against Duke-Cohan in the U.K. focused on the pranks, the teen was said to be the leader of Apophis Squad, a group that not only made bomb threats, but also launched DDoS attacks and offered DDoS-for-hire services.

The DDoS attack targets included security blogger Brian Krebs, the DEF CON security conference, government organizations in several countries, and the encrypted email provider Protonmail, which helped authorities identify Duke-Cohan and other members of his group.

Duke-Cohan is said to face additional charges in the United States, but an indictment has yet to be announced.

Before sentencing, the judge noted that Duke-Cohan’s early guilty pleas, his age, no prior criminal record and, to a limited extent, his “functioning deficiencies which have contributed to a diagnosis of autism,” were taken into consideration. However, these mitigating factors only helped his case to a certain degree.

“You knew exactly what you were doing and why you were doing it, and you knew full well the havoc that would follow,” Judge Richard Foster said, quoted by the Daily Mail. “What you did was far removed from anything that could be described as naivety or a cry for help from a sick person.”

Related: California Man Gets 26-Month Prison Sentence for DDoS Attacks

Related: Mirai Author Gets House Arrest for DDoS Attacks on University

Related: Man Sentenced to 15 Years in Prison for DDoS Attacks, Firearm Charges

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...