UK teenager walks free over ‘biggest’ web attack that ‘almost broke the internet’
Dubbed as ‘Narko’, a British teenage cyber geek who worked as a hacker for hire has been spared prison after cyber attacks from his bedroom against global institutions including the BBC that ‘almost broke the internet’.
Seth Nolan-Mcdonagh was just 13 when he joined a network of online hackers. It was a Distributed Denial of Service (DDoS) attack in which attackers bombarded servers with so many requests for data that they can no longer cope. This made them crash or stop working.
In March 2013, one such attack was launched on Spamhaus, a firm that provides details of spammers to email and network providers. The attack on this anti-junk mail slowed the internet around the world.
Spamhaus called on anti-DDoS specialist Cloudflare for support which then led to further and heavier attacks. This was later described as the largest known DDOS surprise attack by hackers at the time. At its peak the attack was guiding 300 gigabits of traffic every second to Spamhaus computers.
The steep volume of traffic caused problems for internet traffic internationally and particularly for LINX – the London Internet Exchange – which helps data jump from one network to another. The court heard the effect on the internet had been “substantial”.
During his sentencing at Southwark Crown Court today, Seth Nolan Mcdonagh, now 18, sat in the body of the court between his parents and looked nervous.
The court said after his arrest in April 2013 more than £72,000 had been discovered in Mcdonagh’s bank account. Also, source code that were used in the attacks was also found on devices in his house in London.
He also had in his possession 1,000 credit card numbers, apparently from German financial institutions.
He was sentenced at Southwark crown court to 240 hours of community service for the attack.
Mcdonagh had already pleaded guilty to five charges but details could not be reported until today’s sentencing hearing by which time he had turned 18.
He further confessed a charge of transferring criminal property and a charge of possession of 924 indecent photos of children.
According to the evidence presented in the court, it disclosed that Mcdonagh’s criminal activity started when he was 13.
Defending his client, Ben Cooper, said that at the time of the attack, Mcdonagh had suffered from a severe mental illness and he had withdrawn from his own family, school and the wider world.
Since then, his family have played a major role in supporting his recovery to the point where he is now completing his A-levels and hoping to go to university.
Judge Jeffrey Pegden said: ‘Seth Nolan-Mcdonagh you fall to be sentenced for a serious crime committed by you between the beginning of 2011 and April 2013 when you were aged between 13 and 16 years.
‘You are now 18 and a half years of age and you pleaded guilty to these offences in December last year and January this year just before your eighteenth birthday and therefore you fall to be sentenced as a youth.
‘I emphasise at the very outset two matters in particular in respect of your culpability.
‘Firstly your young age when you committed these offences and secondly that at the time you were suffering, as everybody agrees, form a very significant mental illness.’
The judge did not impose a custodial sentence saying Mcdonagh’s rehabilitation since his arrest was “remarkable” and that he had shown “complete and genuine remorse”.
He said there was almost no risk of further harm or re-offending. Chief Information Officer at Spamhaus, Richard Cox thanked the UK’s National Crime Agency for the “enormous effort and resources” it had devoted to inquire Mcdonagh. He said he hoped the case would very clearly show the notable benefit that can result from law enforcement working closely with industry.
“We fully appreciate the difficult predicament with which the sentencing judge was faced, and hope that anyone considering similar attacks will take heed of his remarks, that in any other circumstances such criminality would have resulted in a custodial sentence,” he said.
nice write up
Funny how time erodes truth. Cloudflare published their traffic graphs when this happened, to prove that this attack was so small, it was unnoticeable (it simply took out one spamhaus webserver – you only need a few hundred sockets to do that).
You get better headlines by screaming “biggest ever DDoS” though, which someone did, and it subsequently went viral with no reporter since ever checking the facts.
I find it very strange that if you can DDOS, you somehow become some elite hacker… Nice one.
Glad he got off with it all though.
I guess it is the hoopla behind the attack 😛