A teenage computer hacker in the United Kingdom will not serve time behind bars, a British judge decided this week, for a series of cyber attacks that included a “Denial of Service” attack on the free porn mega-site Pornhub. Jack Chappell, a 19-year-old hacker from a suburb of Manchester, England, was instead hit with a suspended sentence of 16 months for the series of cyber attacks against a wide variety of big businesses and academic institutions.
A DDoS, or “Distributed Denial of Service” attack is a way of shutting down an online service or website by flooding it with traffic, such as bogus emails, coming from a “distributed” network of computers numbering in the hundreds or even thousands—most of which are hijacked by the DDoS hackers without their owners aware that they are being used for the attacks.
Chappell admitted conspiring with an Israeli hacker to shut down numerous sites, including Pornhub, Virgin Media, the Massachsetts Institute of Technology and the NatWest online banking operation.
Chappell’s lawyer said that his client suffers from autism, and was exploited by his Israeli co-conspirators.
The British teen admitted to carrying out the attacks in July. His accused Israeli co-conspirator, Yarden Bidani—who was then only 18 years old—was arrested in 2016.
Chappell was accused of operating an online business known as VDos that carried out the hacks in exchange for payment. He admitted earlier this year to taking part in a money laundering scheme to conceal credit card payments to VDos.
Reportedly, a week-long DDoS attack can be purchased for only about $150 from underground hacker sites.
Chappell reportedly offered Bronze, Silver, Gold and VIP DDoS attack “packages,” each priced differently depending on the customer’s desired severity of the DDoS attack, and even supplied online technical support, allowing individuals who were not themselves hackers—or who may have no real technical knowldege at all—to unleash crippling Denial of Service attacks with just a few clicks.
Though Chappell was not accused of stealing any user information from Pornhub or any of the other sites that he has now confessed to attacking, Pornhub was the target of a year-long malware attack that was uncovered in October of this year.
The culprits behind the latest attack on Pornhub are believed to be part of a cyber-criminal organization known as KovCoreG. Their scheme involved installing a piece of malware on the Pornhub site that would trick users into clicking on a fake software update.
The malware would then download onto Pornhub users computers, causing the computers to click on fake advertisements online without the users’ knowledge. The fraudulent ad clicks would generate revenue for the hackers, but put the privacy and computer security of Pornhub users in danger.
“While the payload in this case is ad fraud malware, it could just as easily have been ransomware, an information stealer, or any other malware,” said Proofpoint, the cybersecurity firm that discovered the Pornhub malware attack. “Regardless, threat actors are following the money and looking to more effective combinations of social engineering, targeting and pre-filtering to infect new victims at scale.”