A 21-year-old California man pleaded guilty this week to using an army of 7,000 bots to launch distributed denial-of-service (DDoS) attacks on two websites, including one dedicated to the sharing of IT security information.
Gregory King of Fairfield admitted to two counts of transmitting code to cause damage to a protected computer, according to a statement from the U.S. Attorney McGregor Scott of the Eastern District of California. He agreed to a two-year prison sentence under a plea bargain.
Prosecutors said King was responsible for unleashing separate DDoS attacks against the websites for KillaNet, a forum for trading information on graphic design, photography and interactive gaming, and CastleCops, a volunteer group that shares information on IT security threats.
King caused about $70,000 in damage, Matthew Segal, an assistant U.S attorney, told SCMagazineUS.com on Thursday.
“It caused people a lot of aggravation to keep their sites up,” he said. “We live in a world where script kiddies can cause real damage and when they do, they’re going to be treated like real criminals because they are real criminals. This kind of punishment should send a message of deterrence.”
King used an army of botnets — or compromised computers — to conduct the attacks. CastleCops, which was hit Feb. 14, 2007, said the DDoS reached 969 megabits per second. Had it been charged by its hosting provider for all of that traffic, CastleCops would have been forced to close.
“Regardless of the outcome of this trial, it is a win for the good guys,” CastleCops co-founder Robin Laudanski wrote Oct. 1, 2007, the day King was charged. “It is hope for the victims of DDoS, and it should serve as a warning for computer criminals everywhere. No longer is computer crime going to go unpunished. No longer are the victims of these crimes going to be nameless and faceless.”
King was busted by FBI agents on Feb. 1, prosecutors said. Before he answered the front door, King tried to hide his computer in the backyard — but agents armed with a search warrant later seized it.
The machine contained botnet software, investigators said.
Authorities tracked King down with the help of CastleCops and KillaNet, which traced the IP addresses back to his home and a local library.
King is scheduled to be sentenced Sept. 3.