LONDON (Reuters) - A British student who ran a web business offering what police called “tailor-made cybercrime solutions” to enable hackers to attack some of the world’s leading companies has been given a suspended prison sentence.
Jack Chappell, 19, helped crooks attack millions of websites around the world, including a 2015 attack on NatWest that brought down the firm’s online banking systems.
Police said his web enterprise vDos-s.com offered Bronze, Silver, Gold and VIP hack packages on a sliding price scale depending on the severity of damage customers wanted to inflict on target websites.
Working from his bedroom at his parents’ house, he supplied Distributed Denial of Service (DDoS) software that crashes websites by flooding them with huge volumes of data.
He even offered an online helpdesk as part of the operation which meant people with little or no IT knowledge could launch crippling digital attacks at the push of a button, police added in a statement.
But Chappell, from Stockport in Greater Manchester, also conducted thousands of web assaults himself aimed at companies including T-Mobile, EE, Vodafone, O2, Amazon, Netflix and Virgin Media, plus the BBC and National Crime Agency.
At Manchester Crown Court on Tuesday he was given 16 months’ detention, suspended for two years, after admitting Computer Misuse Act offences.
“Cybercrime is largely seen as being committed by hackers with technical skills but stresser services like vDos allow amateurs, sometimes motivated by a grudge, to launch attacks easily and with little or no specialist knowledge,” said Detective Sergeant Simon Biggs from the West Midlands Regional Cyber Crime Unit.
“He even offered customer support on how to pick the right malware for the site they wanted to crash - it was tailor-made cybercrime solutions.
He added: “The site was responsible for facilitating more than one million attacks on businesses ranging from SMEs to multi-national household names.”
Biggs said however that none of the Denial of Service attacks launched by Chappell had led to the theft or loss of any customer data.
Reporting by Stephen Addison, editing by Estelle Shirbon