2 
Remember Operation Payback, back in 2010? Anonymous got all pissy about the Wikileaks thing, so they hit PayPal and Visa (among others), DDoSing them to hell. Well, the crack team of hacktivists behind Op Payback are finally facing the music – some pretty serious jail time.
Northumberland University student Christopher Weatherhead, known as Nerdo to his friends (and presumably a lot of bullies too), was one of the ‘masterminds’ behind the attacks, which left PayPal £3.5 million out of pocket, and with damage that took 100 employees weeks to fix. The judge didn’t like that, and although he pleaded to being ‘just another idealistic student’, he’s been sentenced to 18 months in jail. Ouch. [The Register]
UK's Facebook Hacker Jailed for Eight Months
Jacko Hackers Spared Jail Over Sony Music Hack
"Elves and Pixies" Cartoon Porn Earns Man Three Month Jail Sentence
the first thing that went through my mind when reading that headline, was how the hell can they jail him if he is anonymous
Turns out they’re not so anonymous after all. Hope he enjoys his time behind bars.
Could have been your neighbour mate.
Nah, she has difficulty working her gas meter so I doubt she could plan any kind of organised DDoS against a large multinational corporation. She does make awesome pasties though, which is a fair trade for making sure her gas meter is topped up and her heating is set correctly.
ditto and upon reading the story I can only still remember his nickname
This is shocking, if I were to prevent you accessing your drive way, would I face jail — or — if I and 100 others, had a sit-in to prevent people getting into a shop on the high-street; would we go do jail? No. People commenting and making it sound like DDoS is a way of ‘hacking’ are out of their mind, a clear representation of their education. DDoS floods a server’s connection, nothing else. Jail time for this is shocking and is a clear indication of the old men who continue to run our out-dated justice system.
and how does DDoS’ing work? I understood the ‘hackers’ used hacked infected “zombie” computers to send all the data requests in which case they deserve jail time unless they had permission of the computer owners.
If, on the other hand it was just his computer (somehow) doing all the DDoS’ing on his own then I’m more inclined to agree with you.
DDoS’ing works by sending ‘packages’ to a certain website domain or IP address I think. It pretty much just brings a huge load of traffic to the page, depending on how many people or computers you have doing it…
Some say, botnets could be hired out.
It costs virtually nothing to get a few VPS running with decent connections out these days, along with a few 100 volunteers, traffic to a site can be jammed fairly easy. Most 13 year olds know how to do it, maybe use a low-orbit Ion canon, very easy kit to get your hands on. Doesn’t grant you the title of ‘hacker’ because you, and in essence the easiest way to explain, hit the refresh button on your browser a couple hundred times a minute. Again, taking a site ‘offline’ due to a DDoS isn’t a ‘hack’. It’s the cheap servers and/or cheap DNS. Slowing traffic down or preventing altogether again, isn’t a hack. It’s just preventing traffic. Again, in real world situations, you wouldn’t get jailed for it. So why would you in this situation.
lets not forget, PayPal can say they ‘lost £3.5 million’ my ar$e they lost nothing, that’s why they’re insured. We’re still getting the anti-piracy screen at the cinema, regardless of their billions throughout 2012; PayPal are just playing the world at the same game. (http://www.mcleary.co/2012/12/31/most-downloaded-films-of-2012/)
True, compare to brute force, DDoS is just a minor inconvenience.
I can see how that would work for smaller companies but somebody or Paypal or Visa surely you’re talking orders of magnitude which would require more than a few VPS’s and some volunteers?
there are 2-10 ways of doing it
https://www.google.co.uk/search?q=ddos+attack
DOS send lots of malformed data to an service on the target server that gets the server tied up does not require a lot of pcs (CPU maxed out so stops or goes very slow at processing legit requests or the server crashes) {this can happen legitimately as well for example ticket sites when every one is trying to get an ticket at the same time when they go on sale the site gets drowned in requests}
DDOS tends to be flood the server with large amount of random data from lots of zombie pcs/servers to max there backhaul out so they run out of bandwidth
dns amplification requires very little amount of computers to do (think 1 computer can do it if you have enough incorrectly configured DNS servers)
https://www.google.co.uk/search?q=dns+amplification+attack
I understood some of that because I dealt with the Nexus 4 bunfight!
Sometimes I wonder why big brands like Paypal didn’t go cloud and reduce these threats, instead play the victim card.
If a website is accessible to users, then it can be a victim of a DDOS attack. Being a cloud service doesn’t make it any less vunerable.
My understanding was that cloud upscales and downscales bandwidth depending on the traffic volume, does that not help against DDoS?
There are some methods to minimize it, but everything is vulnerable. But large companies would probably be able to take a typical DDOS attack and its users not really notice.
If you and 100 others wilfully blocked access to a shop, you could very well expect to be arrested. You probably wouldn’t get jail time, more like a public order offence, but what this guy did doesn’t have a real-world analogy. It’s far larger in scale.
He wilfully caused financial damage to Mastercard, Visa and PayPal, and certainly cost them large amounts of money in custom. That £3.5m figure is probably heavily exaggerated, but the true figure will be considerable nonetheless. Regardless of the methods involved, this constitutes serious criminal behaviour.
You could argue that 18 months is a bit harsh, but this guy certainly deserved some sort of punishment.
Have to agree with that
I can’t even believe that you think that they shouldn’t be punished at all… They were intentionally disruptive and deserve to be punished.
This is the perfect example how the system works. “If you try to fight it, WE WILL DESTROY YOU!”
Play by the rules though (however immoral your actions might be) and you’ll get a great big pat on the back.
“We have survived by hiding from them, by running from them, but they are the gatekeepers. They are guarding all the doors, they are holding all the keys, which means that sooner or later, someone is going to have to fight them.”
Gatekeeper was the best software of pre windows XP era