DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Individual Pleads Guilty to Participating in Internet-of-Things Cyberattack in 2016

Posted on December 9, 2020 by Dissent

There’s an update to a case previously reported on this site in 2016. From the U.S. Department of Justice:

An individual, formerly a juvenile, pleaded guilty to committing acts of federal juvenile delinquency in relation to a cyberattack that caused massive disruption to the Internet in October 2016.

Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division, U.S. Attorney Scott W. Murray of the District of New Hampshire, and Special Agent in Charge Joseph R. Bonavolonta of the FBI’s Boston Division made the announcement.

According to the plea agreement, the individual conspired to commit computer fraud and abuse by operating a botnet and by intentionally damaging a computer.  Because the individual was a juvenile at the time of the commission of the offense, the individual’s identity is being withheld pursuant to the Juvenile Delinquency Act, see 18 U.S.C. § 5031, et seq.  The guilty plea took place in a closed proceeding before Chief Judge Landya B. McCafferty in the District of New Hampshire.  Judge McCafferty scheduled the individual’s sentencing for Jan. 7, 2021.

According to unsealed court documents, from approximately 2015 until November of 2016, the individual conspired with others to create and operate one or more online botnets to launch cyberattacks against victim computers (specifically targeting those belonging to online gamers or gaming platforms) in order to take those computers offline altogether or otherwise significantly impair their functionality.  These attacks are often referred to as “Distributed Denial of Service” or “DDoS” attacks.

In general, a DDoS attack is a type of cyberattack in which a malicious actor directs a large volume of Internet traffic to a victim computer or network, overwhelming it and rendering it unable to function as intended.  Successful DDoS attacks can take individual computer users, websites, or entire computer networks offline altogether or otherwise slow their performance.  DDoS attacks are often conducted through the use of botnets (short for “robot networks”), that is, large numbers of compromised computers under the control of an individual or group of actors.

According to court documents, in September and October of 2016, the individual and others created a botnet, which was a variant of the so-called “Mirai” botnet, for use in launching DDoS attacks.  Mirai infected “Internet-of-Things” devices, such as Internet-connected video cameras and recorders, and turned them into bots to be used to launch DDoS attacks.

According to court documents, on Oct. 21, 2016, the individual and others used the botnet they created to launch several DDoS attacks in an effort to take the Sony PlayStation Network’s gaming platform offline for a sustained period.  The DDoS attacks impacted a domain name resolver, New Hampshire-based Dyn, Inc., which caused websites, including those pertaining to Sony, Twitter, Amazon, PayPal, Tumblr, Netflix, and Southern New Hampshire University (SNHU), to become either completely inaccessible, or accessible only intermittently for several hours that day.  As a result of the individual’s DDoS attacks, Dyn, Sony, SNHU, and other entities and individuals suffered losses including lost advertising revenues and remediation costs. Sony estimated that its resultant losses included approximately $2.7 million in net revenue.

This case was investigated by the FBI with assistance from the National Crime Agency and Police Service of Northern Ireland.  The case is being prosecuted by Senior Trial Attorney Mona Sedky of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Georgiana MacDonald of the District of New Hampshire.  Former Assistant U.S. Attorney Arnold H. Huftalen provided substantial assistance.

The year 2020 marks the 150th anniversary of the Department of Justice.  Learn more about the history of our agency at www.Justice.gov/Celebrating150Years.

Source: Department of Justice

Category: Breach IncidentsU.S.

Post navigation

← World’s largest manufacturer of machines and systems for solid wood processing hit in cyberattack.
Cyberattack cost UVM Medical Center $1.5 million a day →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.