Minor Behind 2016 PlayStation DDoS Attacks

Written by

An unnamed individual in the United States has pleaded guilty to creating a botnet and using it to launch a series of cyber-attacks against the gaming community before reaching their 18th birthday.

The Distributed Denial of Service (DDoS) attacks, carried out in October 2016, caused what the United States Department of Justice described as "massive disruption to the internet."

As a result of the attacks, websites, including those pertaining to Sony, Twitter, Amazon, PayPal, Tumblr, Netflix, and Southern New Hampshire University (SNHU), became either completely inaccessible or accessible only intermittently for several hours on October 21, 2016. 

"As a result of the individual’s DDoS attacks, Dyn, Sony, SNHU, and other entities and individuals suffered losses including lost advertising revenues and remediation costs," said the DOJ. 

"Sony estimated that its resultant losses included approximately $2.7 million in net revenue."

On December 9, the Department announced that an individual, formerly a juvenile, had pleaded guilty to committing acts of federal juvenile delinquency in relation to the 2016 cyber-attacks.

Unsealed court documents revealed that from approximately 2015 until November 2016, the individual conspired with others to build and operate at least one online botnet, which they then used to launch DDoS attacks against multiple victim computers.

The botnet was a variant of the Mirai botnet that infected Internet-of-Things devices, such as internet-connected video cameras and recorders, turning them into bots that could launch DDoS attacks.

The individual and their co-conspirators specifically targeted computers belonging to online gamers or to gaming platforms, knocking then offline completely or otherwise significantly impairing their functionality.

On October 21, 2016, the individual and others launched multiple DDoS attacks against the Sony PlayStation Network's gaming platform in an attempt to knock it offline for a sustained period.

According to the plea agreement, the individual conspired to commit computer fraud and abuse by operating a botnet and by intentionally damaging a computer. Because the individual was aged under 18 when they committed the offenses, their identity is being withheld pursuant to the Juvenile Delinquency Act.

The guilty plea was entered in a closed proceeding before Chief Judge Landya McCafferty in the District of New Hampshire. Judge McCafferty scheduled the individual’s sentencing to take place on January 7, 2021.

What’s hot on Infosecurity Magazine?