‘DerpTroll’ Faces 10 Years in Prison for DDoSing Gaming Sites as a Teen

He admitted to taking Steam, EA Origin and Sony Online Entertainment offline in 2013 and 2014, causing at least $95,000 in damages.

After a short but disruptive career knocking popular online gaming sites offline for sport, Austin Thompson, a.k.a. “DerpTroll,” has pleaded guilty to hacking charges. He faces a maximum penalty of 10 years prison and a $250,000 fine.

Thompson, a 23-year-old Utah resident, made his plea on Tuesday in federal court in San Diego, Calif. admitting that he had carried out a series of DDoS attacks on servers for Valve’s Steam platform, EA Origin and Sony Online Entertainment, between late December 2013 and early January 2014. According to the plea agreement, Thompson’s actions caused at least $95,000 in damages arising from hours of downtime.

Thompson showcased some of his exploits on Twitter via the @DerpTrolling handle, along with jokes about “escaping from the Feds through the window” and so on. At times, he would announce that an attack was imminent, and then sometimes later post screenshots of a crashed servers. The tweets indicate that there were likely other victims for Thompson, who was 17 or 18 at the time. For the most part however, the @DerpTrolling Twitter feed reads like a general log of various gaming servers’ state of availability, with credit taken only here and there.

The tweets also consistently used the plural “we” pronoun, with references to “our boys,” but the indictment did not mention accomplices.

Online gaming and DDoS attacks often go hand-in-hard; players have been known to knock services offline for what they perceive as unfair treatment or after a ban; sometimes rival teams or “clans” will target their opponents, knocking a specific game offline to prevent their progress. In February, an online gaming service itself was even found offering DDoS for hire via the IoT botnet known as JenX.

As researchers earlier in the year pointed out, the barrier to entry is very low for carrying out DDoS offensives, with entry-level hacker forums offering advertisements and reviews of various stresser and booter services available expressly for attacking gaming servers. These go for less than $100, making it possible for disgruntled or bored young people like Thompson to get into the act, even with little or no coding experience. For instance, a raft of teens last year around the world were charged with participating in the Lizard Squad DDoS attacks against Xbox Live and PlayStation Network during the 2014 holiday season. Their motive for the attack was simple: “Chaos is entertainment,” they told news outlets at the time.

Actions have big consequences — Steam alone has more than 125 million registered users and, according to Statista, Steam averages 18.5 million simultaneous users at peak times. That translates into big money for the gaming platform.

“Denial-of-service attacks cost businesses millions of dollars annually,” said U.S. Attorney Adam Braverman in announcing the plea. “We are committed to finding and prosecuting those who disrupt businesses, often for nothing more than ego.”

Sentencing for Thompson is set for March 1.

Suggested articles

ThreatList: Latest DDoS Trends by the Numbers

Trends in DDoS attacks show a evolution beyond Mirai code and point to next-gen botnets that are better hidden and have a greater level of persistence on devices – making them “far more dangerous.”

bit and piece ddos attack

Bit-and-Piece DDoS Method Emerges to Torment ISPs

Perpetrators are using smaller, bit-and-piece methods to inject junk into legitimate traffic, causing attacks to bypass detection rather than sounding alarms with large, obvious attack spikes.

Discussion

  • John Moser on

    Shouldn't be a criminal offense. He caused $95,000 dollars of civil damages to a private computer system without creating a threat to life and limb or committing financial fraud. That's civil. Ten years in prison for being a scary wizard.
  • Richard Beck on

    Definitely a criminal offense, nice to see laws enforced.
  • No One of Consequence on

    +1 for John Moser Ten years in jail is an absurd length of time for what many would consider mischievous activity. Chances are that the DA will be reasonable and not demand the full ten, especially if DerpTroll has no prior record and shows remorse. Unless the judge is a hard-ass or looking to make an example , DerpTroll will probably get probation, or maybe a few months, and be required to pay the damages. Being 95K in debt and legally bound to repay it, is more than enough to make most people think twice about further mischief.

Leave A Comment

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.