TK worm creators jailed

Two Britons were sentenced today for their part in creating a worm that infected thousands of computers and formed a botnet that launched DDoS attacks on networks and websites worldwide.

Jordan Bradley, 22, and Andrew Harvey, 23, were identified as members of the hacking group "THr34t Krew" and conspired to create a computer worm which infected thousands of computers around the world. They received three months and six months respectively.

Bradley, an electrician from Darlington and unemployed Harvey from County Durham were sentenced today at Newcastle Crown Court for their part in an international hacking group.

Both pleaded guilty on May 27 this year to conspiring together and with others between December 31 2001 and February 7 2003 to "effect unauthorized modifications to the contents of computers with the intent to impair the operation of those computers, contrary to Section one of the Criminal Law Act 1977.

A 21-year old American, Raymond Stegerwalt, was also arrested in 2003 and was sentenced to 21 months in jail and ordered to pay restitution costs of $12,000 to the Department of Defense, some of whose computers were compromised by the worm.

Following an investigation by officers from the UK's National Hi-Tech Crime Unit and the US multi-agency CATCH team (Computer and Technology Crime Hi-Tech Response Team) based in Southern California, Bradley and Harvey were arrested in February 2003.

The worm known as the TK worm also compromised thousands of computers in the UK. Justice Bolton said that the number of computers compromised was "unquantifiable".

Once connected to the internet, the infected computer connected to a number of computers under the control of the THr34t-Krew who were able to send commands to the infected hosts to scan other computers for vulnerabilities and launch DDoS attacks on servers and websites. The TK worm was able to spread itself across the internet distributing itself to other computers.

"Over the past year, the National Hi-Tech Crime Unit has seen a sustained increase in the professionalism of cybercriminals. Companies are taking the brunt of their attempts to steal money and data, but consumers are also being hit," said detective superintendent Mick Deats, Deputy Head of the NHTCU.

"Our task is to track down those people who seek to hamper companies by reducing their ability to do business and I hope that these sentences deliver a tough message," he said.

SC Magazine reported yesterday that a British security professional was convicted of gaining unauthorized access to the website set up last December to handle charitable donations for the Asian tsunami.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.