THE
CASE OF THE HIRED HACKER
Entrepreneur
and Hacker Arrested for Online Sabotage
04/18/05
Our "Entrepreneur" was still living at home with his parents
when he launched two online sports apparel businesses specializing in “retro” or “throwback” sports
jerseys. These jerseys are a booming, multi-billion dollar industry,
crowded with competitors, and in the early going he was selling only
a couple shirts a day—at $200 to $300 a pop.
Then he
allegedly came up with a plan to jumpstart sales. Did it involve
expanding his inventory? Overhauling his web sites? Launching a marketing
blitz? Nope. Our Entrepreneur took another tack entirely. He went out
and hired a hacker.
Why? Because he figured that his own sales would take off if he disabled
the web sites of his major competitors. Using an online instant messaging
service, he recruited a 16-year-old New Jersey hacker and gave him a
list of 10 sites to attack. The agreed-upon payment for his services?
A watch and several pairs of knock-off designer sneakers.
Last July, the attacks
began. From his home computer, the Hacker infected as many as 2,000
unprotected
computers across the country with “bots”—software
programs that allowed him to remotely control the PCs. He then rigged
these computers to bombard the competitor sites with data requests. The
attacks—known as distributed denial of service, or “DDoS,” attacks—quickly
overloaded the sites’ servers and knocked many of them offline
for days. The Hacker launched the attacks repeatedly for five straight
months. One company was hit more than 30 times and suffered $600,000
in total losses.
But the
damage didn’t stop there. The attacks also brought down
the companies that hosted the sites’ servers and at least 1,000
other unrelated businesses as far away as Europe. Overall, the attacks
caused at least $2.5 million in damage.
Last summer, one
of the jersey retailers reported the attacks to law enforcement. Our Newark
office began
a joint investigation with the New
Jersey State Police and our Atlanta and Detroit offices. We even posed as a hacker in an online instant-message service,
and the Entrepreneur soon tried to hire us to commit even more attacks.
The upshot? On March 18, we simultaneously arrested the Entrepreneur
and the Hacker. Both are awaiting trial. Prosecutors plan to charge the
Hacker as an adult and try him under state statutes.
The moral
of the story? If your business is hacked, report it immediately!
Contact your local
FBI office or Legal Attaché,
or file a complaint through the Internet
Crime Complaint Center.
Links: Department
of Justice Press Release | FBI
Cyber Investigations