Home News Stories 2005 April The Case of the Hired Hacker
Info
This is archived material from the Federal Bureau of Investigation (FBI) website. It may contain outdated information and links may no longer function.
 

The Case of the Hired Hacker

The Case of the Hired Hacker
Entrepreneur and Hacker Arrested for Online Sabotage

04/18/05

Cyber Shield graphic with handcuffs

Our “entrepreneur” was still living at home with his parents when he launched two online sports apparel businesses specializing in “retro” or “throwback” sports jerseys. These jerseys are a booming, multi-billion dollar industry, crowded with competitors, and in the early going he was selling only a couple shirts a day—at $200 to $300 a pop.

Then he allegedly came up with a plan to jumpstart sales. Did it involve expanding his inventory? Overhauling his web sites? Launching a marketing blitz? Nope. Our entrepreneur took another tack entirely. He went out and hired a hacker.

Why? Because he figured that his own sales would take off if he disabled the web sites of his major competitors. Using an online instant messaging service, he recruited a 16-year-old New Jersey hacker and gave him a list of 10 sites to attack. The agreed-upon payment for his services? A watch and several pairs of knock-off designer sneakers.

Last July, the attacks began. From his home computer, the hacker infected as many as 2,000 unprotected computers across the country with “bots”—software programs that allowed him to remotely control the PCs. He then rigged these computers to bombard the competitor sites with data requests. The attacks—known as distributed denial of service, or “DDoS,” attacks—quickly overloaded the sites’ servers and knocked many of them offline for days. The hacker launched the attacks repeatedly for five straight months. One company was hit more than 30 times and suffered $600,000 in total losses.

But the damage didn’t stop there. The attacks also brought down the companies that hosted the sites’ servers and at least 1,000 other unrelated businesses as far away as Europe. Overall, the attacks caused at least $2.5 million in damage.

Last summer, one of the jersey retailers reported the attacks to law enforcement. Our Newark office began a joint investigation with the New Jersey State Police, and our Atlanta and Detroit offices. We even posed as a hacker in an online instant-message service, and the entrepreneur soon tried to hire us to commit even more attacks.

The upshot? On March 18, we simultaneously arrested the Entrepreneur and the Hacker. Both are awaiting trial. Prosecutors plan to charge the hacker as an adult and try him under state statutes.

The moral of the story? If your business is hacked, report it immediately! Contact your local FBI office or Legal Attaché, or file a complaint through the Internet Crime Complaint Center.

Links: FBI Cyber Investigations

 

07.13.10

07.13.10

 
Accessibility | eRulemaking | Freedom of Information Act | Legal Notices | Legal Policies and Disclaimers | Links | Privacy Policy | USA.gov | White House
FBI.gov is an official site of the U.S. government, U.S. Department of Justice