Mitchell Frost, 22, of Bellevue, Ohio was charged Friday with one count each of damaging a protected computer system and possessing unauthorized access devices, according to the U. S. attorney's office for the Northern District of Ohio.
While enrolled as an undergrad at the University of Akron in Ohio, Frost used the school's computer network to establish a botnet of compromised computers across the United States and other countries, prosecutors said.
According to an indictment, Frost scanned the internet searching for vulnerable computer networks to access and gain control over.
Frost then used the botnet to initiate DDoS attacks that temporarily interrupted the operation of www.billoreilly.com, www.anncoulter.com and www.joinrudy2008.com, prosecutors said. The DDoS attacks caused each website to be knocked offline, resulting in damages exceeding $5,000.
“My website, billoreilly.com, spends a lot of money building walls against hackers who try to destroy the enterprise,” O'Reilly said Monday on his Fox television show, The O'Reilly Factor, according to a transcript of the broadcast. “The FBI did a great job investigating this cybercrime investigation, and we thank them very much.”
Frost also launched a DDoS attack against the university's computer server in March 2007, which caused the entire network to be knocked offline for approximately 8 1/2 hours, investigators said. The attack cost the school $10,000 to restore computer service.
In addition, Frost used compromised computers to spread malware that allowed him to collect sensitive information, including credit card numbers, CVV security codes, names, addresses, Social Security numbers and birth dates, according to prosecutors. University of Akron computer logs revealed that Frost chatted online with individuals about collecting, distributing and using stolen credit cards.
Federal investigators executed a forensic examination of Frost's computers, which tuned up 136 stolen credit card numbers and 2,923 usernames and passwords.
For the charge of damaging to a protected computer system, Frost faces up to five years in prison and a $250,000 fine. Additionally, the possession of an unauthorized access device charge carries a maximum sentence of 10 years in prison and a fine of $250,000.
No court date has been set.
Frost's public defender did not respond to a request for comment made by SCMagazineUS.com on Wednesday.