Top Cybercriminal Prosecutions Of The Month: February 2014

As always, we continue to closely monitor the progress of law enforcement agencies as they chase down cybercriminals. Here are some cases from the last month.

busted

3 years for DDoS-attack

At the beginning of February, Christopher Sudlik was sentenced to 36 months probation, 60 hours of community service and ordered to pay $111,000 in restitution.

The 22-year-old had previously pled guilty for his participation along with members of the online hacker group “Anonymous” in a service attack against the Angel Soft website in February and March of 2011. Angel Soft is a subsidiary of Koch Industries, the intended target of the attack. The team of hackers, including Christopher, used LOIC (Low Orbit Ion Cannon) software, which can create a mass flood of traffic for direct attacks on specific websites. Koch Industries suffered several hundred thousand dollars in losses as a result of the continuous attacks on several of its network servers over a three-day span.

It’s not the first time attackers who targeted Koch Industries have received sentences. Last December Eric Rosol, 38, pleaded guilty to taking part in a denial of service attack and has been sentenced to two years federal probation and ordered to pay $183,000 in restitution.

Another Anonymous bites the dust

As those two DDoS-attackers were sentenced, agents from the FBI didn’t stop their investigation and continued to pursue everyone who targeted Koch Industries.

The young cybercriminal also utilized a «Low Orbit Ion Cannon» which was designed to flood servers with traffic with the intention of disrupting the website’s service.

February 12th was a bad day for the third Anonymous activist, Jacob Allen Wilkens from Postville, Iowa, as he was sentenced to 24 months probation and ordered to pay $111 in restitution. The young cybercriminal also utilized a «Low Orbit Ion Cannon» which was designed to flood servers with traffic with the intention of disrupting the website’s service. The bad news was that LOIC stores attackers’ IP addresses, so federal agents quickly found the culprit.

Got paid for DDoS? Get a sentence

You can receive a sentence for participating in a DDoS-attack, so it’s pretty obvious you will get the same for earning money doing it. An unnamed Russian man, 26, pled guilty for organizing a denial of service attack on big financial companies. For every day the target was out of service, the young cybercriminal was paid a little less than $100.

Police arrested the man red-handed and uncovered all the information from him including details of his activities on hacker forums and evidences he was organizing attacks. As a result, he’s now on a two-year probation.

2.5 years for a securities fraud scheme

Another Russian was sentenced in February; this time probation was not the course of action. Petr Murmylyuk was living in New York and took part in a conspiracy to steal from online trading accounts at Scottrade, E*Trade, Fidelity, Schwab and other brokerage firms. Members of the conspiracy first gained unauthorized access to the online accounts of the brokerage firm’s customers, then used stolen identities to open additional accounts at other brokerage houses. After that, criminals caused the victims’ accounts to make unprofitable and illogical securities trades, leading to gains for the members. The scheme caused a combined loss of around $1 million to the affected firms.

The 33-year-old man was sentenced to 30 months in prison and will have three years of supervised release. Petr will also pay $505,000 in restitution.

Jail time for changing grades

Roy Sun, a former American student, was sentenced earlier this week to 18 months’ probation and 200 hours of community service for changing his grades after hacking into his college’s computer systems.

The incident took place between 2008 and 2010 at Purdue University in Indiana. Roy, along with two of his friends, broke into his professor’s office, attached keyloggers to computers and harvested login information. The credentials were then used to change grades to straight As. Although Roy left Purdue in 2010, the incident came to light in 2013, when one of the professors complained to the IT staff that his password had been changed. Investigations followed, revealing the tweaks to grades.

One of Roy’s friends, Sujay Sharma, who participated in the hack, was also sentenced and received 18 months’ probation and 200 hours of community service.

Send to Kindle