London Teenager Pleads Guilty to Spamhaus DDoS

Written by

A 17-year-old from London has pleaded guilty to the massive DDoS attack on anti-spam company Spamhaus last year which led to widespread internet disruption.

The teenager, who can’t be named for legal reasons, also admitted DDoS-ing content delivery network CloudFlare – which Spamhaus turned to in order to protect itself from the online blitz – in the same attack.

A Metropolitan Police statement sent to The Register had the following:

“A 17-year-old male from London has this week (Wed 10 Dec) pleaded guilty to [offences under the] Computer Misuse Act, money laundering and making indecent images of children offences, following a National Crime Agency investigation. He was arrested in April 2013 after a series of distributed denial of service (DDoS) attacks which led to worldwide disruption of internet exchanges and services. On his arrest officers seized a number of electronic devices. He has been bailed until 9 January 2015 pending sentencing.”

He was arrested in April 2013 after the attack the month previously which was the largest ever DDoS recorded at the time, peaking at 300 gigabits per second.

The DNS reflection attack was so big that it was said to have inflicted “collateral damage” on other sites.

Soon after, police in the Netherlands arrested Sven Olaf Kamphuis, who claimed to represent bulletproof hoster CyberBunker.

British police then nabbed the teenager after “significant sums of money” were found to be “flowing through his bank account,” according to an Evening Standard report from last year.

Spamhaus generates a list of IP addresses it thinks are responsible for sending spam, which its clients – many of which are ISPs – use to blacklist those web addresses.

Kamphuis spoke out against the firm after CyberBunker was itself blacklisted, claiming those that worked there were “abusing their influence.”

At the time of the attack, hacktivist forum Stophaus – which the 17-year-old Londoner is thought to have been a moderator of – took credit for the DDoS.

What’s hot on Infosecurity Magazine?