The teenage inventor of a prolific DDoS-for-hire service has been found guilty. On 28 October at the Old Bailey, Adam Mudd, 19, plead guilty to committing unauthorised acts to impair the operation of a computer; making, supplying or offering to supply a DDoS service and concealing criminal property.
Mudd is the inventor of Titanium Stresser, a program which launched Distributed Denial of Service attacks, otherwise known as DDoS, at targets chosen by paying customers. Over its lifespan, the service is known to have launched 1.7 million attacks on targets all over the world.
Members of hacker outfits, LizardSquad and PoodleCorp apparently also used his code when creating their own DDoS-for-hire service, Shenron. Several of the groups' members were arrested earlier this month for their work on the service.
Stephen Gates, chief research intelligence analyst at NSFOCUS IB told SCMagazineUK.com that his arrest is no mean feat: “finding and shutting down these types of operations is no easy task for law enforcement. This is primarily caused by the distributed nature of the Internet, and the fact that spoofing identities, IP addresses, locations, etc is possible at many levels. Stopping the ability to spoof oneself will go a long way to stopping this sort of activity long-term.“
Mudd has been freed on bail on the condition that he not use any devices connected to the internet. He will be sentenced on 16 December, but Judge Michael Topolski QC said that a youth offenders institution will be considered.
Mudd purportedly started the service when he was only 15, first testing it on his college's website and ran the programme alongside his job as a hotel porter in Hertfordshire.
Teenage hackers are far from a rarity and many go about normal teenage lives, going to school and living with their parents, who are oblivious to their child's lucrative criminal career.
Vince Warrington, cyber-security lead at the Financial Conduct Authority, works with a variety of bodies to help turn talented young computer enthusiasts into gainfully employed cyber-security professionals, as opposed to talented cyber-criminals. This, Warrington told SC, is “a classic case study of how we need to change getting young people into cyber-security”.
Teenagers need to be given a path into cyber-security, not only a well paid sector, but one in desperate need of the kinds of skills Mudd may have developed.The ‘underground' image of security research is a harmful one added Warrington: “If we can get the industry away from the 'Hoodie-in-a-bedroom' image and showcase cyber as a 'proper' career, then we can get those parents and teachers on-side and use them to help and encourage these kids, rather than the current situation where they don't understand what cyber is, or how to push people towards it as a career.”