Steven M. Dettelbach, United States Attorney for the Northern District of Ohio, announced Wednesday Mitchell L. Frost, age 23, of Bellevue, Ohio, appeared before U.S. Magistrate Judge Nancy A. Vecchiarelli and pleaded guilty to a two-count Information filed on May 14, 2010, which charged Frost with causing damage to a protected computer system and possessing 15 or more unauthorized access devices.
According to court documents, Frost admitted that between August 2006, and March 2007, while enrolled as a student at the University of Akron, he used the University’s computer network to access IRC channels on the Internet to control other computers and computer networks via computers intentionally infected and taken over, known as “BotNet” zombies, which were located throughout the United States and in other countries.
Frost also admitted gaining access to other computers and computer networks by various means, including scanning the Internet searching for computer networks which were vulnerable to attack or unauthorized intrusion, gaining unauthorized access to and control over such computers, and fraudulently obtaining user names and passwords for users on such systems. Frost admitted using the compromised computers to spread malicious computer codes, commands and information to even more computers, all for the purpose of harvesting and obtaining information and data from the compromised computer networks, including user names, passwords, credit card numbers, and CVV security codes, and for the purpose of launching Distributed Denial of Service (DDoS) attacks on computer systems and Internet websites.
Frost admitted that between August 2006 and March 2007, Frost initiated DDoS attacks on numerous computers connected to the Internet hosting various websites, including www.joinrudy2008.com, www.billoreilly.com, and www.anncoulter.com, among others, temporarily interrupting operation of the websites, which required the site owners to intervene and repair their computer systems.
Frost also admitted initiating denial of service attacks against the University of Akron computer server on or about March 14, 2007, which caused the entire University of Akron computer network to be knocked off-line for approximately 8 ½ hours, preventing all students, faculty and staff members from accessing the network. This denial of service attack required the University of Akron to employ diagnostic and remedial measures to restore computer service causing losses in excess of $10,000.
Frost will be sentenced on August 5, 2010, by U.S. District Judge Lesley Wells. His sentence will be determined by the Court after review of factors unique to this case, including his prior criminal record, if any, his role in the offense and the characteristics of the violation. In all cases the sentence will not exceed the statutory maximum and in most cases it will be less than the maximum.
This case is being prosecuted by Assistant U.S. Attorney Robert W. Kern, Cybercrime Coordinator for the Cleveland U.S. Attorney’s Office, following an investigation by the Akron Office of the United States Secret Service, the Federal Bureau of Investigation and the University of Akron Police Department.
Source: U.S. Attorney’s Office, Northern District of Ohio