In a notable case underscoring the ongoing threat of cyberattacks, a 23-year-old hacker from Utah, identified as Austin Thompson, also known by his online alias “DerpTroll,” has pleaded guilty to orchestrating a series of denial-of-service (DoS) attacks targeting various online services, websites, and gaming companies from 2013 to 2014. According to a recent statement from the Department of Justice, Thompson’s actions included significant disruptions to major gaming platforms, such as Electronic Arts’ Origin service, the Sony PlayStation Network, and Valve Software’s Steam service, utilizing a flood of internet traffic to incapacitate their servers.
Thompson’s modus operandi typically involved disseminating notifications of his attacks via his Twitter handle, @DerpTrolling, where he would subsequently share images evidencing the unavailability of affected servers post-attack. The disruptions from these attacks were severe, often taking gaming servers offline for several hours and resulting in an estimated $95,000 in damages to the targeted companies worldwide.
U.S. Attorney Adam Braverman remarked on the financial impact of such cyberattacks, noting that they cost businesses millions of dollars each year. Braverman emphasized law enforcement’s commitment to identifying and prosecuting those responsible for these disruptive acts, which are frequently motivated by personal ego rather than financial gain. Thompson faces serious legal repercussions, with potential penalties including up to ten years in federal prison, a $250,000 fine, and a three-year period of supervised release.
In a broader context, this incident forms part of a troubling trend in the cybersecurity landscape, particularly as the DerpTrolling group, reportedly run by Thompson, gained notoriety for its disruptive activities starting in 2011. The group has been linked to several significant service interruptions, targeting industry giants such as Sony, Riot Games, Microsoft, Nintendo, Valve, and Electronic Arts during the height of their online gaming seasons in late 2013 and early 2014.
Thompson is scheduled to be sentenced on March 1, 2019, by U.S. District Judge Jeffrey Miller. As this case unfolds, it is essential for business owners and cybersecurity professionals to recognize the methods employed by such threat actors. The tactics utilized in these DoS attacks align with several frameworks from the MITRE ATT&CK Matrix, including initial access through social engineering and infrastructure exploitation, alongside possible persistence mechanisms such as the creation of compromised servers to maintain a foothold for future attacks.
In tandem with this incident, the infamous Lizard Squad hacker group also made headlines during the same period for executing DDoS attacks against Microsoft’s Xbox Live and Sony’s PlayStation Network, significantly impacting user experiences during the holiday season. As investigations continue into these widespread attacks, it is imperative that organizations strengthen their cybersecurity frameworks, educating their teams on the potential tactics and techniques that malicious actors may employ to compromise their systems.
This case serves as a reminder of the evolving landscape of cyber threats and the critical importance of robust defenses against such disruptive attacks. With the increasing sophistication of cybercriminals, remaining vigilant and proactive in security measures is vital for safeguarding operational continuity and minimizing potential financial losses.
