DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Individual Pleads Guilty to Participating in Internet-of-Things Cyberattack in 2016

Posted on December 9, 2020 by Dissent

There’s an update to a case previously reported on this site in 2016. From the U.S. Department of Justice:

An individual, formerly a juvenile, pleaded guilty to committing acts of federal juvenile delinquency in relation to a cyberattack that caused massive disruption to the Internet in October 2016.

Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division, U.S. Attorney Scott W. Murray of the District of New Hampshire, and Special Agent in Charge Joseph R. Bonavolonta of the FBI’s Boston Division made the announcement.

According to the plea agreement, the individual conspired to commit computer fraud and abuse by operating a botnet and by intentionally damaging a computer.  Because the individual was a juvenile at the time of the commission of the offense, the individual’s identity is being withheld pursuant to the Juvenile Delinquency Act, see 18 U.S.C. § 5031, et seq.  The guilty plea took place in a closed proceeding before Chief Judge Landya B. McCafferty in the District of New Hampshire.  Judge McCafferty scheduled the individual’s sentencing for Jan. 7, 2021.

According to unsealed court documents, from approximately 2015 until November of 2016, the individual conspired with others to create and operate one or more online botnets to launch cyberattacks against victim computers (specifically targeting those belonging to online gamers or gaming platforms) in order to take those computers offline altogether or otherwise significantly impair their functionality.  These attacks are often referred to as “Distributed Denial of Service” or “DDoS” attacks.

In general, a DDoS attack is a type of cyberattack in which a malicious actor directs a large volume of Internet traffic to a victim computer or network, overwhelming it and rendering it unable to function as intended.  Successful DDoS attacks can take individual computer users, websites, or entire computer networks offline altogether or otherwise slow their performance.  DDoS attacks are often conducted through the use of botnets (short for “robot networks”), that is, large numbers of compromised computers under the control of an individual or group of actors.

According to court documents, in September and October of 2016, the individual and others created a botnet, which was a variant of the so-called “Mirai” botnet, for use in launching DDoS attacks.  Mirai infected “Internet-of-Things” devices, such as Internet-connected video cameras and recorders, and turned them into bots to be used to launch DDoS attacks.

According to court documents, on Oct. 21, 2016, the individual and others used the botnet they created to launch several DDoS attacks in an effort to take the Sony PlayStation Network’s gaming platform offline for a sustained period.  The DDoS attacks impacted a domain name resolver, New Hampshire-based Dyn, Inc., which caused websites, including those pertaining to Sony, Twitter, Amazon, PayPal, Tumblr, Netflix, and Southern New Hampshire University (SNHU), to become either completely inaccessible, or accessible only intermittently for several hours that day.  As a result of the individual’s DDoS attacks, Dyn, Sony, SNHU, and other entities and individuals suffered losses including lost advertising revenues and remediation costs. Sony estimated that its resultant losses included approximately $2.7 million in net revenue.

This case was investigated by the FBI with assistance from the National Crime Agency and Police Service of Northern Ireland.  The case is being prosecuted by Senior Trial Attorney Mona Sedky of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Georgiana MacDonald of the District of New Hampshire.  Former Assistant U.S. Attorney Arnold H. Huftalen provided substantial assistance.

The year 2020 marks the 150th anniversary of the Department of Justice.  Learn more about the history of our agency at www.Justice.gov/Celebrating150Years.

Source: Department of Justice

No related posts.

Category: Breach IncidentsU.S.

Post navigation

← World’s largest manufacturer of machines and systems for solid wood processing hit in cyberattack.
Cyberattack cost UVM Medical Center $1.5 million a day →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Obligations under Canada’s data breach notification law
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information
  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group
  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • DeleteMyInfo Wins 2025 Digital Privacy Excellence Award from Internet Safety Council
  • TikTok Loses First Appeal Against £12.7M ICO Fine, Faces Second Investigation by DPC
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.