A teenager behind cyber attacks that crashed “a vast range of websites worldwide” was spared jail on Wednesday.
Josh Maunder was handed a 20-month prison sentence suspended for three years for creating a computer virus which attacked police and financial institution websites as well as a a pay-per-view celebrity boxing event.
The 19-year-old, of Abbey Park in Bangor, Co Down, had pleaded guilty to a total of 19 charges which included 13 counts of an unauthorised act impairing the operation of a computer, making an article intended to be used for computer misuse, obtaining an article to commit an offence and possessing articles in connection with fraud.
Read more: Fight against NI Cyber attacks being headed up by Iraq War veteran
Maunder also admitted single counts of conspiring to commit an unauthorised act and supplying an article to be used in computer misuse. All of the offences were committed between December 1, 2017 and September 13, 2018 when he was aged 15.
Downpatrick Crown Court, sitting in Belfast, heard how Maunder created a ‘distributed denial of service (DDOS) attack’ which is a form of cyber attack in which target websites are “flooded with requests so they become overloaded and cease to function”.
Prosecution counsel David McNeill told the court that the investigation was sparked after online gaming company Torn.com had been bombarded with DDOS attacks in 2018 which cost them $61,000 US dollars.
“The company identified the attacker as using the name ‘Metzi’ who posted abuse and threats on Torn.com’s chatroom.”
Internet research by the company found YouTube videos of the defendant using the ‘Metzi’ name and “speaking with a Northern Ireland accent”. It made a complaint to Action Fraud who passed it to the PSNI.
Mr McNeill said that on September 13, 2018, police searched Maunder’s home. The court heard he was “at his computer and in control of the online programme ‘Stress.wtf’ which co-ordinated the DDOS attacks”.
Police seized his computer and his phone and during interviews he made “full and frank admissions” to his offences, admitting he knew DDOS attacks were illegal and that he had carried out “hundreds of attacks”.
One data file showed that ‘Stress.wtf’ had been used in 10,763 DDOS attacks between January and March 2018 by 857 users, which included his customers who paid money into his Paypal account.
“Police assess he was motivated by online fame or kudos amongst his peers,” the prosecution lawyer said.
The prosecution lawyer added that other websites targeted for DDOS attacks were the Nationwide Building Society, Police.uk, the US Department of Justice, Nuclear Fallout servers, a Czech police force and a server hosting an amateur boxing match.
Maunder told the Probation Service that he was not motivated by financial greed, that he only made a small amount of money which he spent on “running the website and on takeaway food”.
Defence counsel David McDowell KC said Maunder had a previous clear record and has no matters pending.
He told the court that Maunder is “attempting to gain employment on the lawful side of cyber security” and had been interviewed by a California-based cyber security company.
“His application was unsuccessful but representatives of the company flew from the USA to Northern Ireland to meet him which underscores the value of his skills for legitimate uses.”
Judge Geoffrey Miller KC acknowledged Maunder had been “frank and honest” at police interview during which he expressed remorse for his crimes.
“These were malicious attacks and carried out without permission but I accept he was not motivated by revenge,” said Judge Miller.
“Had the attacks on the Nationwide Building Society proved fully successful, the cost implications to its business and its customers would have been considerable.”
The police welcomed the conclusion of the case. Detective Sergeant McCarragher said: “Today’s sentencing is the result of a complex investigation into a vast range of cyber-attacks with a domestic and international dimension by investigators and technical officers from the Police Service’s Cyber Crime team.
“In this case, the Defendant was involved in targeting and crashing a vast range of websites worldwide, including a gaming company causing a substantial loss, a financial company, numerous police public information websites, a human rights group and also had involvement in organising an orchestrated Cyber-attack on a pay-per-view celebrity boxing event.
“Further to this, he was in possession of malicious software and managed an online community of peers engaged in prolific computer misuse offences which was also successfully impacted by the investigation.
“This should send a clear message to those involved in this type of crime that they will be vigorously pursued and brought before the courts to face the consequences of such activity.”
READ NEXT:
Northern Ireland Affairs Committee told young people getting drug debts cut if they riot
Shankill research project gives voice to district's children and young people
West Belfast youth centre facing budget cut of almost 25% says move is 'callous and cruel'
For all the latest news, visit the Belfast Live homepage here. To sign up to our FREE newsletters, see here.