Teenager pleads guilty to massive Spamhaus DDoS attack

Hacker. Image courtesy of Shutterstock.

Hacker. Image courtesy of Shutterstock.A 17-year-old London schoolboy who was arrested last year has pleaded guilty to a distributed denial of service (DDoS) attack of unprecedented ferocity launched against the Spamhaus anti-spam service and internet exchanges, including the London Internet Exchange.

Given that he’s a minor, he can’t be named.

The Register quoted a police statement that said that the boy also admitted last week to money laundering and possessing child abuse images.

He’s out on bail pending sentencing on 9 January, the statement said:

A 17-year-old male from London has this week (Wed 10 Dec) pleaded guilty to [offences under the] Computer Misuse Act, money laundering and making indecent images of children offences, following a National Crime Agency investigation. He was arrested in April 2013 after a series of distributed denial of service (DDoS) attacks which led to worldwide disruption of internet exchanges and services. On his arrest officers seized a number of electronic devices. He has been bailed until 9 January 2015 pending sentencing.

He’s admitted to having a hand in the biggest DDoS ever recorded: one that at times was reported to be as large as 300 gigabits per second.

Traditionally, even large botnets are only able to deliver hundreds of megabits or a few gigabits per second, as Naked Security noted at the time.

The attackers used large-scale DNS reflection, taking advantage of misconfigured DNS servers to amplify the power of a much smaller botnet.

It was very effective. While the attack didn’t break the internet’s backbone when it launched in March 2013, it managed to slow the internet around the world.

But the 17-year-old didn’t pull all that off all on his lonesome. He was reportedly one of multiple arrests.

In April 2013, another suspect was arrested in Spain.

In fact, the teenager’s arrest, by detectives from the National Cyber Crime Unit, followed an international police operation against those suspected of carrying out the massive DDoS.

We’re on the brink of a new year. Unfortunately, this kid has made choices to put his talents to use in a way that means he’ll be in court soon into the coming new year.

Bad choice. Regrettable choice.

Will he do jail time? Will he cough up names of others involved in the attack?

Time will tell.

But if I had been in on this caper, I’d be very, very worried about getting a knock on the door.

Image of hacker courtesy of Shutterstock.