back to article Brit teen who unleashed 'biggest ever distributed denial-of-service blast' walks free from court

An 18-year-old Brit dubbed a hacker-for-hire has been spared jail after launching crippling denial-of-service attacks against anti-spam outfit Spamhaus. At one point, the assault in early 2013 reached 300Gbps, somewhat straining the London Internet Exchange (LINX) and other interconnects. Seth Nolan-Mcdonagh, of Stockwell, …

  1. PleebSmash
    Trollface

    it's all true

    >He avoided a stretch behind bars after the court heard the teen suffered from a mental illness at the time of the web assaults, had dropped out of school and shunned his family, but had later showed "complete and genuine remorse."'

    It's a true defense. At least 2/4 to 3/4 of it anyway.

    Getting cuffed at 16 probably helped too. He picked the right time to go black hat, and can expect a lucrative career in the cyber realm soon, making more money than you make.

    1. Matt Bryant Silver badge
      FAIL

      Re: PheebSplash Re: it's all true

      "....He picked the right time...." LOL, like he had any say in when the coppers kicked his door in.

      ".....lucrative career...." Dream on, he got caught with kiddie porn so he's going to monitored for the rest of his life. Any serious career criminal will avoid him like the plague, and that's before they start wondering if he grassed up his chums (which the further arrests mentioned in the article suggests he did). Similarly, since he didn't do any original work on the exploit and just used downloaded tools, the white hat companies will not be interested. His chance of a career in computing probably extend to changing toner at best.

  2. druck Silver badge
    Flame

    Aspergers; the get out of jail free card for any hacking offence.

    1. PleebSmash
      Mushroom

      "hacking offence"

      wot's that, some kind of "crime"?

    2. Anonymous Coward
      Anonymous Coward

      not quite

      Only if your a Brit. He would have gotten 15 years in the states for the images alone. And there is a good reason why Brit hackers fight extradition to the US so ferociously. In the US the only thing even extreme mental illness will get you out of is the death penalty and even that is not a sure thing in many states.

      1. asdf

        Re: not quite

        That whole innocent due to insanity defense pretty much disappeared as a viable defense from the US judicial system after Hinckley shot Reagan and they changed the laws.

        1. Elmer Phud

          Re: not quite

          They had to -- after all, there was a clash of opinion over which one was sane and which one the knuckle-dragging nutcase.

      2. This post has been deleted by its author

      3. This post has been deleted by its author

    3. Peter Sommer

      Not Aspergers

      It wasn't Aspergers or anything like it ; the details of the significant mental illness were not made public and I don't propose to break professional confidences. But don't jump to the conclusion that Seth is having or will have a particularly easy time. Richard Cox got it right when he said that the judge had an unenviable task in balancing the various issues.

  3. Turtle

    Serious.

    "'I said at the outset that these crimes were and are serious and indeed that is so,' said Judge Jeffrey Pegden in summing up the case."

    ... but for some reason the judge doesn't feel like imposing a penalty reflecting that seriousness.

    So really not too serious at all.

    1. Stevie

      Re: Serious.

      You'd think the judge would have consulted The Elders of The Internet before deciding to let him off for nearly breaking it.

      1. 404

        Re: Serious.

        Never mind having him degaussed by Stephen Hawking himself, right?

    2. Anonymous Coward
      Anonymous Coward

      Re: Serious.

      ... but for some reason the judge doesn't feel like imposing a penalty reflecting that seriousness.

      I smell a plea bargain. Somebody may now be joining the ranks of the civil service in Gloucestershire soon.

      1. Turtle

        @Ledswinger Re: Serious.

        "I smell a plea bargain."

        In the US, a plea bargain would be announced as such. But it is *possible* that he plead guilty and threw himself on the mercy of the court.

        If he is receiving leniency because of mental illness then the public has a right to know the details.If British law does not demand that the details be disclosed then, as far as I am concerned, that is a glaring defect in the law. If mental illness is being used as a defense then all the details belong in the public domain. I am pretty certain that resorting to such a defense in the US would require that the defendant forfeit any right to confidentiality of their medical history.

        1. Trevor_Pott Gold badge

          Re: @Ledswinger Serious.

          If he is receiving leniency because of mental illness then the public has a right to know the details

          Not if he was a minor while the crime was committed.

          1. Turtle

            Re: @Ledswinger Serious.

            "If he is receiving leniency because of mental illness then the public has a right to know the details. Not if he was a minor while the crime was committed."

            Oh I doubt that. Minors are tried in closed courts. This kid was apparently being tried as an adult in an open court. His picture was in the paper - which I am not sure would have occurred if he was considered a minor for the purposes of this trial. And it makes no sense whatsoever to refuse to disclose the details of the kid's mental illness after the subject was brought up in open court - especially if that mental illness was the basis for the leniency shown by the judge.

  4. Your alien overlord - fear me
    Flame

    Surely the real criminals here are the stupid DNS server owners who coudn't be arsed to make sure their servers couldn't parcipitate in a DDoS.

    Having worked for a (wannabe 'player') ISP who ran the DNS servers on Linux cause everyone else did it but had no firewall or anything and wondered why FTP servers kept being installed on them remotely...duh !!!

    1. Anonymous Coward
      Anonymous Coward

      Obviously know your stuff

      Want a job Mr Overlord?

    2. Vic

      Surely the real criminals here are the stupid DNS server owners who coudn't be arsed to make sure their servers couldn't parcipitate in a DDoS.

      Given the rest of your comment, it appears you don't know how a DNS amplification attack works. You might like to look that up before calling someone else "stupid". For at least one class of service provider, it's near-impossible[1] to avoid being part of that DDoS.

      Vic.

      [1] Some clever filtering/rate-limiting can help, but that tends to be after-the-fact.

      1. SImon Hobson Bronze badge

        > Given the rest of your comment, it appears you don't know how a DNS amplification attack works.

        Have an upvote for that.

        And IIRC (could be wrong, might have been another reflection/amplification attack I'm thinking of), at the time BIND was only just getting rate-limiting as a feature - I think it was there but hadn't filtered through to all the distro-specific packages yet. If the package you are using doesn't have rate limiting, then that does make such attacks hard to mitigate.

  5. Mark 85

    Interesting sentence... for the "biggest DDOS attack"...

    240 days of "unpaid" work.. but it doesn't say for whom. No cell time.. and not fine. He pocketed a nice chunk of change which he got to keep (and probably to pay the lawyers). Is it something in water or is that judges just don't really understand the costs* of these attack?

    *Costs such as employees trying to work around and subvert the attack, LEA time, the stress for any IT types who were called in because the "network" is having issues. This type attack affected more than just Spamhaus.

    1. Synonymous Howard

      Re: Interesting sentence... for the "biggest DDOS attack"...

      I would hope that any money left over would be taken off him under the proceeds of crime act.

  6. Will Godfrey Silver badge
    Unhappy

    Unbelieveable

    As far as I can see none of that laundry list fits into any recognised mental illness pattern, and it certainly doesn't as a whole.

    Looks to me like an old-fashioned psychopath. I shudder to think what he'll get up to when he thinks nobody is watching any more.

    1. PleebSmash

      Re: Unbelieveable

      "none of that laundry list fits into any recognised mental illness pattern"

      "Looks to me like an old-fashioned psychopath"

      https://en.wikipedia.org/wiki/Psychopathy_Checklist

      https://en.wikipedia.org/wiki/Antisocial_personality_disorder

      https://en.wikipedia.org/wiki/Psychopathic_Personality_Inventory

      https://en.wikipedia.org/wiki/Psychopathy

      Although no psychiatric or psychological organization has sanctioned a diagnosis titled "psychopathy", assessments of psychopathic characteristics are widely used in criminal justice settings in some nations, and may have important consequences for individuals.

    2. Alan Brown Silver badge

      Re: Unbelieveable

      "I shudder to think what he'll get up to"

      You could start by looking at https://en.wikipedia.org/wiki/Ehud_Tenenbaum - and bear in mind that there's a lot that's not on that page.

      Malicious Skiddies don't do well in secretive govt organisations. Mossad found that out when they recruited young Ehud (who was a shedload more talented than some twat using a reflection attack, but was the kind of person who would find the vulnerability and develop tools for click and drool skiddies to launch 'em)

      There's been a steady stream of young criminals convicted of (d)DoS attacks over the years and the general trend is for them to keep offending once released. At least one ended up in USA federal prison virtually indefinitely after attempting to murder the FBI agent investigating his cyber attacks.

  7. Anonymous Coward
    Anonymous Coward

    I'm sure his parents are upper middle class. I'm sure he himself has the "right" accent. If he had come from some "lower" section of the community I'm sure he would have been destroyed.

    1. Anonymous Coward
      Anonymous Coward

      I know the type

      Probably love preaching to others about personal responsibility but the second junior gets in trouble its time to talk to the judge who just happens to be a fellow country club member.

      1. Anonymous Coward
        Anonymous Coward

        Re: I know the type

        Sorry Gentlemen's club in the UK

        1. Ben Tasker
          Paris Hilton

          Re: I know the type

          > Sorry Gentlemen's club in the UK

          Telling a judge you know them from a strip club might be uncomfortable..... might well have the desired effect though.

          Gentleman's club is actually technically right, but most people think strip club nowadays. Better to say you know the judge from Golf

    2. Anonymous Coward
      Anonymous Coward

      If we are going to play on stereotypes, I'd suggest as a counter argument that as he comes from Stockwell in the borough of Lambeth (think Brixton, Vauxhall etc) he's more likely to come from a housing estate and his double barreled surname a result of his parents separating and remarrying than from perpetuating two wealthy families with estates in the country. And the accent is likely to be 'sarf lunnun' rather than RP.

      Which ever is the case, I'm sure one of the redtops will produce a biographical piece in the most lurid terms.

  8. John Tserkezis

    but had later showed "complete and genuine remorse."

    Wow. £70,000 can buy a lot of remorse nowadays, can't it?

    1. Anonymous Coward
      Anonymous Coward

      had to go there

      Would probably get the majority of the population individually to suck your phallus anyway.

  9. Tromos

    I would have thought the illegal child images on top of everything else should have resulted in a custodial sentence in some sort of institution at least.

    1. A Non e-mouse Silver badge

      I hope he was put on the sex offenders register for those pictures. People have been put on for much less.

      1. Anonymous Coward
        Anonymous Coward

        re: A Non e-mouse

        So you want to perpetuate a broken system that encourages vigilantism.

      2. Joe Montana

        They're not specific about exactly what "indecent images of children" were, they might have been of very young kids or they might have been of people barely younger than the defendant himself. Keep in mind he was 16 at the time the images were found, and 13 at the time he started committing the crimes he is accused of...

        "indecent images of children" could mean images of 15 year olds, who could be less than a year younger than him. It's during their teens that most people first develop an interest in sex, and it's perfectly normal for people to be sexually interested in others within a year or two of their own age. It's also possible he may have collected images of 13 year olds when he himself was 13 etc...

        Given the lenient sentencing, it's likely the images were fairly close in age to the defendant and although technically illegal, a 16yr old looking at images of a 15yr old is very different from a 40yr old looking at those same images.

        1. Anonymous Coward
          Anonymous Coward

          teenagers??

          when I was a teen I was looking at images of women in the early twenties within whatever

          glossy porn magazine I could get my hands on - razzle, playboy, penthouse etc... certainly not images of

          teenage girls. ...and thinking back to the first days of dial-up and progressive GIF porn..it was women

          then too.

          ..a thing to think about...yes, he was in his teens...but he wasn't taking these pictures of naked teenage girls...some other sleazy slimeball was...so he was still involved in some of the worst criminal activities.

          1. Anonymous Coward
            Anonymous Coward

            Re: teenagers??

            From what I can gather, most peadophiles have picture collections into the many thousands, not a hundred or so.

            We just don't know enough information to judge. Could they have been cached images from splash pages in some of the more seedier areas of the internet? I stopped going to warez sites years ago for throwing up dodgy looking thumbnails into the browser, I can't imagine it's been cleaned up at all since.

    2. Anonymous Coward
      Anonymous Coward

      Playing devil's advocate...

      The images could have been of his 16 year old girlfriend* in which case I could understand a lack of custodial sentence given the lack of age difference and "consent". If they were of younger kids, or girls being criminally exploited, then the CPS best get appealing against the sentence...

      * Highly unlikely, but we're not told either way, and given there is leniency in sentencing for e.g. underage sex between say, a 16 year old and a 15 year old, it may be similar guidance at play here...

    3. Turtle

      Images.

      "I would have thought the illegal child images on top of everything else should have resulted in a custodial sentence in some sort of institution at least.";

      That depend on the specifics. This little shit was 16 years old when he was collared and the images found. If the images were of girls who were also 16, then that's one thing. If he for example were 23 and the girls in the pictures were 6 years old, then that's something else again. But because he's a minor himself, and if we don't know the age of the girls in the images, there is no basis to form an opinion - other than the fact that the judge didn't think any of this crimes were very serious.

  10. Anonymous Coward
    Anonymous Coward

    Kid

    In the US the lawyers would be trying to send him down for life. They would be treating each Bit sent as a separate crime, and trying to charge him for a gazillion counts of computer hacking.

    I'm thankful that we have a system where sanity can actually come into play.

    1. Anonymous Coward
      Anonymous Coward

      Re: Kid

      Be thankful that we do not have elected judges and prosecutors who stand for election on promises of keeping children (and white folks) safe, and point to the number of convictions as evidence they are doing their jobs.

      So far we have largely avoided a politicised judiciary. In the US, politicisation goes all the way to the Supreme Court - so much for checks and balances when the Supreme Court is dominated by two minority religious groups. [disclaimer - I happen to think that the Jewish Supremes are pretty good. But I still recognise that numeric over-representation of religious groupings in a supposedly secular government is a Bad Thing.]

  11. Anonymous Coward
    Anonymous Coward

    Biggest ever DOS attack?

    I'd have thought Microsoft's Patch Tuesdays have surely come close to this for sheer IT carnage, except the DOS is against the downloader's machine rather than something cloudy and distant.

  12. TeeCee Gold badge
    Mushroom

    Translation required.

    the court heard the teen suffered from a mental illness at the time of the web assaults, had dropped out of school and shunned his family, but had later showed "complete and genuine remorse."

    Translation:

    "Made enough cash from being a rancid shitstain that he was able to hire a decent brief to both bullshit the judge and also coach him in doing so"

  13. Anonymous Coward
    Anonymous Coward

    HACK THE PLANET!

    Oh come on, all seriousness aside, how can *none* of you quote the film Hackers in this thread?

    There are so many parallels! :)

  14. Anonymous Coward
    Anonymous Coward

    Why Spamhaus?

    If he's going to DDoS somebody, at least make it someone like one (or preferably many) of the well known ad-flinging outfits.

    That might make for a more interesting trial too:

    Judge: "what damage did the defendant's work cause?"

    Defence: "None, your honour. The Internet in general ran 20% faster".

    Judge: "Case dismissed. Next defendant: Doubleclick, Outbrain, etc."

  15. Anonymous Coward
    Anonymous Coward

    This is what is wrong with the system...

    ...You have gullible people in the judicial system who are clueless to digital crime. After one ass clown was able to dupe the UK judicial system with AssWipers syndrome, now every crim is using this ruse to escape punishment for their crimes. Does anyone with an F'en clue actually believe that this crim was suffering mental illness when he committed all of these crimes? If you do believe this nonsense then I have some ocean front property in Arizona that you would like to purchase at a very fair price. We can take the mid-night fly over for you to inspect the property. Then you can transfer several billion dollars to my bank account and I'll provide the deed to you.

    Until the European judicial system gets in touch with reality and the digital age of crime, the world populace is going to continually be raped and pillaged by crims who claim AssWipers syndrome or similar. In addition to their crimes these people are insulting those who actually have a serious health issue by falsely claiming they have this illness. The Euro judicial system has failed the people badly, once again. Now you know why Europe is a haven for digital crims. There is no punishment for the crimes.

    1. Sean Timarco Baggaley

      Re: This is what is wrong with the system...

      The UK's statute law system is the exact opposite of the Roman (or Napoleonic) systems used across most of continental Europe.

      In the UK, the fundamental principle is that laws define what is illegal.

      In most of continental Europe, laws define what is legal.

      Harmonising laws across the EU is therefore not a trivial process. British MPs cannot simply copy and paste a translation of the French or German version.

  16. Anonymous Coward
    Anonymous Coward

    no jail? huh?

    okay.. I can understand the judiciary not understanding the total costs and effect of the DDoS -

    but surely having 1000 credit card numbers on him is a major thing.... and if that wasn't a problem

    (because it would have meant jail time for others) then those nigh-on 1000 images of kiddies would have put ANYONE else behind bars. so, how the f%^K did their lawyer pull off 240 hours service??

    1. Anonymous Coward
      Anonymous Coward

      Re: no jail? huh?

      >how the f%^K did their lawyer pull off 240 hours

      Easy the crime happened in a country with a judicial system that cares more for perps than victims.

  17. This post has been deleted by its author

    1. cnd

      headlines were affected more than computers

      LOL - a single spamhaus webserver was down for one day, from an attack so small that the traffic graphs didn't even show the attack - the only "worldwide effect" this had, was on newspaper headlines. Pretty much nobody else noticed or cared.

  18. Anonymous Coward
    Anonymous Coward

    Un-noticed

    Funny how time blurs the truth.

    During the so-call DDoS attack, cloudflare published their traffic graphs to prove that this attack was so small, it was undetectable.

    Nobody writes news about un-noticeable events though, so ever since the fake article about it being a huge DDoS got published, everyone else just amplified that lie ever since.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like