We have watched the story multiple times in movies. A young hacker living in his parent’s basement teams up with a bunch of their buddies to take down a large organization or otherwise run a criminal enterprise making them quite wealthy at a young age. These characters usually have interesting nicknames, like Chronic, Turmoil, or Snake Pit. They eventually get caught by authorities for their deviant behavior and are sent away to prison for a lengthy time…only to be rescued by the same authorities who put them there in the first place, on the condition they commit to working for the government to catch groups or actors more evil than they are. This plot is entertaining, if predictable. But does it accurately reflect the relationships between young hackers and authorities? The truth is we probably do not know the deals that are really made and the players involved, but one case that seems to have the earmarks of the theme came to my attention recently.
HIring DDOS Attackers
Six individuals, all United States citizens, were charged last month with violations of the Computer Fraud and Abuse Act, for alleged booter services. These services provided by the defendants, use a super network of computers through collaboration to launch what is known as a Distributed Denial of Service (DDOS attack) of the customer’s choosing, who can pick the target, duration and frequency of the offensive operation. The platform they can hire the DDOS experts to carry it out for them are various websites, some of which are even located on the Dark Web. It was and still is a way to enact revenge on gamers, as well as a multitude of other motives. Essentially, the customer is paying for services they do not have the knowledge or infrastructure to perform on their own. The DDOS attack can have serious consequences to the victim such as lost revenue, negative publicity, and the blocking of valuable communications. The FBI has cracked down on these services in the past with numerous arrests and convictions. It is quite difficult, however, to keep the booters completely shut down, as others seemingly quickly replace the arrested in performing the high demand service.
Can Young Hackers and Mayhem Makers Become Future Assets?
The defendants range in age from 19 to 32 years and come from Florida, Texas, Hawaii, and New York. They have nicknames such as “John the Dev” and “Anonghost720”. The sites they allegedly run include SecurityTeam.io, Astrostress.com, and Booter.sx. For more specific information on the arrests read the DOJ DDOS Case .
The 19 year old, according to a cursory search of social media, appears to have just graduated high school in Florida last year. Another defendant is only 22 years old. While DDOS attacks are not the most sophisticated, according to hacking elites, they still require a modicum of skill and commitment, and may represent only a fraction of the knowledge on the subject the defendants possess.
Will this story have a Hollywood ending where the individuals involved will somehow find their way to the other side, somehow getting clearance to work for three letter agencies? Will they go the way of Marcus Hutchins, the person who saved us from the WannaCry ransomware attack blowing up only to be convicted of malware development that happened years earlier, which in turn resulted in a light sentence and Hutchins becoming a beloved security consultant? One never knows, but with the talent shortage in cybersecurity, crazier things have happened.