Oklahoma Man Charged With Creating Malicious Software Used In Attack On Bay Area Company’s Website

SAN JOSE - A federal grand jury in San Jose indicted Travis Cole Malone, Jr., on July 12, 2018, for conspiracy to commit computer fraud and abuse and for causing the transmission of code to damage protected computers, announced United States Attorney Alex G. Tse and Federal Bureau of Investigation Special Agent in Charge John F. Bennett. 

According to the indictment unsealed today, Malone, 20, of McAlester, Okla., is alleged to have coded and developed the “Medusa IRC Botnet DDoS” malicious software (“malware”).  When installed on a victim computer, the malware joined the victim computer to a “botnet” that could be used to conduct distributed denial of service (“DDoS”) attacks against websites.  Malone, using the moniker “stevenkings,” advertised the malware on various internet forums.  He then leased access to the botnet to co-conspirators for the purpose of executing DDoS attacks.  The indictment alleges that the malware was used in a January 2016 DDoS attack on the webservers for a San Francisco digital currency company.

Malone was arrested on August 7, 2018, and made his initial appearance in federal court in Muskogee, Oklahoma, yesterday.  Malone was released on bond and his next scheduled appearance is at 1:30 p.m. on September 12, 2018, for an initial appearance in the Northern District of California before U.S. Magistrate Judge Susan van Keulen.

An indictment merely alleges that crimes have been committed, and all defendants are presumed innocent until proven guilty beyond a reasonable doubt. If convicted, the defendant faces a maximum sentence of ten years’ imprisonment, and a fine of $250,000, restitution, and forfeiture, for each violation of 18 U.S.C. § 1030.  However, any sentence following conviction would be imposed by the court after consideration of the U.S. Sentencing Guidelines and the federal statute governing the imposition of a sentence, 18 U.S.C. § 3553.

This case is being prosecuted by the Northern District of California’s Computer Hacking and Intellectual Property Section with the assistance of Elise Etter and Vanessa Quant.  The prosecution is the result of an investigation by the FBI in San Francisco and Muskogee. The FBI received assistance during the investigation from security researchers at Arbor Networks.