Teen spared jail after creating virus used to cyber-attack police and banking companies
Josh Maunder (19) ‘was not motivated by financial greed, he only made a small amount of money which he spent on the website and takeaway food’
A Co Down teenager was handed a 20-month prison sentence suspended for three years today for creating a computer virus which attacked police and financial institution websites.
Josh Maunder (19), of Abbey Park, Bangor, had pleaded guilty to a total of 19 charges which included 13 counts of unauthorised act impairing the operation of a computer, making an article intended to be used for computer misuse, obtaining an article to commit an offence and possessing articles in connection with fraud.
Maunder also admitted single counts of conspiring to commit an unauthorised act and supplying an article to be used in computer misuse.
All of the offences were committed between December 1, 2017 and September 13, 2018 when he was aged 15.
Downpatrick Crown Court, sitting in Belfast, heard how Maunder created a distributed denial of service (DDOS) attack which is a form of ‘cyber-attack’ in which target websites are “flooded with requests so they become overloaded and cease to function”.
Prosecution counsel David McNeill told the court that the investigation was sparked after online gaming company Torn.com had been bombarded with DDOS attacks in 2018 which cost them $61,000 US dollars.
“The company identified the attacker as using the name ‘Metzi’ who posted abuse and threats on Torn.com's chatroom.”
Internet research by the company found YouTube videos of the defendant using the ‘Metzi’ name and “speaking with a Northern Ireland accent”. It made a complaint to Action Fraud who passed it to the PSNI.
Mr McNeill said that on September 13, 2018, police searched Maunder's home who was “at his computer and in control of the online programme ‘Stress.wtf’ which co-ordinated the DDOS attacks”.
Police seized his computer and his phone and during interviews he made “full and frank admissions” to his offences, admitting he knew DDOS attacks were illegal and had carried out “hundreds of attacks”.
One data file showed that ‘Stress.wtf’ had been used in 10,763 DDOS attacks between January and March 2018 by 857 users, which included his customers who paid money into his Paypal account.
“Police assess he was motivated by online fame or kudos amongst his peers.”
The prosecution lawyer added that other websites targeted for DDOS attacks were the Nationwide Building Society, Police.uk, the US Department of Justice, Nuclear Fallout servers, a Czech police force and a server hosting an amateur boxing match.
Maunder told the Probation Service that he was not motivated by financial greed, that he only made a small amount of money which he spent on “running the website and on takeaway food”.
Defence counsel David McDowell KC said Maunder had a previous clear record and has no matters pending.
He told the court that Maunder is “attempting to gain employment on the lawful side of cyber security” and had been interviewed by a California-based cyber security company.
“His application was unsuccessful but representatives of the company flew from the USA to Northern Ireland to meet him which underscores the value of his skills for legitimate uses.”
Judge Geoffrey Miller KC acknowledged Maunder had been “frank and honest” at police interview during which he expressed remorse for his crimes.
“These were malicious attacks and carried out without permission but I accept he was not motivated by revenge,” said Judge Miller.
“Had the attacks on the Nationwide Building Society proved fully successful, the cost implications to its business and its customers would have been considerable.”
Following the sentencing, Detective Sergeant McCarragher said: “This sentencing is the result of a complex investigation into a vast range of cyber-attacks with a domestic and international dimension by investigators and technical officers from the Police Service's Cyber Crime team.
“In this case, the defendant was involved in targeting and crashing a vast range of websites worldwide, including a gaming company causing a substantial loss, a financial company, numerous police public information websites, a human rights group and also had involvement in organising an orchestrated cyber-attack on a pay-per-view celebrity boxing event.
“Further to this, he was in possession of malicious software and managed an online community of peers engaged in prolific computer misuse offences which was also successfully impacted by the investigation.
“This should send a clear message to those involved in this type of crime that they will be vigorously pursued and brought before the courts to face the consequences of such activity.”
suspended sentence | Sudanese man ordered to leave Ireland after sparking second Dublin Airport alert this morning
Toast of the town | Barry Keoghan to be honoured with Dublin Lord Mayor’s Award
'devastated' | Notorious prisoner Charles Bronson to remain behind bars after losing parole bid
unlawful killing | Dublin burglar who set fire to house causing death of resident jailed for eight years
Having a Ball | Robbie Keane and kids spend ‘wonderful’ day hanging out with Steven Gerrard
LATEST | UDA: 10 arrested and two charged in relation to Ards and North Down loyalist gang feud
Hitman | Convicted killer Bernard Fogarty was balaclava-clad gunman in Dublin murder bid, court told
Fatal shooting | Drug dealer found guilty of murdering Olivia Pratt-Korbel (9) in her Liverpool home
remanded | Man charged with manslaughter of Ian McDonnell, fatally injured trying to stop alleged car theft
not looking mack | Kinahan enforcer Gerard Mackin ‘plans to turn life around’ when he gets out of jail