Adam Mudd admitted to running the ‘Titanium Stresser’ DDoS attack tool out of his bedroom in Hertfordshire
A 20-year-old computer hacker has been sentenced to two years in a correctional facility after masterminding 1.7 million distributed denial-of-service attacks (DDoS) from his bedroom in Hertfordshire.
Adam Mudd created the Titanium Stresser tool in 2013, when he was only 16, and used it to carry out attacks on targets in most countries around the world.
Gaming servers targeted
Clients paid him more than £386,000 in US dollars and Bitcoins to direct attacks against targets including Minecraft, Xbox Live and Runescape gaming servers.
Attackers often target online gaming operations in hopes of receiving protection money or to drive gamers to competing servers.
Mudd also carried out 594 attacks on his own account, including one on West Herts College, where he was studying computer science.
He targeted up to 70 schools and colleges, including the University of Cambridge, the University of Essex and the University of East Anglia, and local councils around the UK.
When arrested in March 2015 he was in the bedroom of his parents’ home in King’s Langley and refused to unlock his computer until his father told him to do so, police said.
In October of last year Mudd pleaded guilty to three offences under the Computer Misuse Act and another offence of money laundering.
Sending a message
He would likely have received a six-year sentence if he had been tried as an adult and if his autism hadn’t been taken into account, according to the Eastern Region Special Operations Unit (ERSOU), which worked with the National Crime Agency on Mudd’s case.
Judge Michael Topolski said during sentencing that Mudd came from a “perfectly respectable and caring family” but his crimes had caused damage “from Greenland to New Zealand and from Russia to Chile”.
He said he could not suspend the sentence, which is to be carried out in a young offenders’ institution, because he wanted it to represent a “real” deterrent.
“We want to make clear it is not our wish to unnecessarily criminalise young people, but want to harness those skills before they accelerate into crime,” the ERSOU said in a statement. “It is important that this case sends out a clear message to others who may be tempted by committing cybercrime or who are already engaging in cyber scams from the comfort of their own bedrooms, to consider what they are doing and it is for parents to know and understand what your children are doing online.”
Judge Topolski said he was “entirely satisfied” that Mudd knew the attacks were “not a game” and carried them out rather as a “serious money-making business”.
Authorities in the UK and the US have targeted operators of “stresser” DDoS services in recent months in order to deter young people from engaging in cyber-crime.
Arrests included those of six British teenagers aged between 15 and 18 who were held in 2015 on suspicion of operating the “Lizard Stresser” service, while an American and a Dutch man, both 19, were charged by the US Justice Department in the same case in October 2016.
In September of last year two Israeli teenagers were arrested on suspicion of operating vDOS, one of the leading DDoS-for-hire services, and Israeli authorities said in March they were preparing a case against the 18-year-olds.
US and European investigators arrested nearly three dozen people in December 2016 on suspicion of buying DDoS services.
Do you know all about security in 2017? Try our quiz!