Feeds

Portrait of an (alleged) cyber bully as a young man

Accused CastleCops nemesis didn't get mad. He got bots.

The essential guide to IT transformation

Late in the evening of February 13, Paul and Robin Laudanski were planning the following day's Valentine's celebration when they received word that CastleCops, the volunteer security website they run, was under assault.

Greg C. King in a photo from his Yahoo Profile.

At its peak, the five-day attack flooded CastleCops with close to 1 gigabyte of data every second. The distributed-denial-of-service deluge was so severe that the husband-and-wife team were forced to take their site offline 15 minutes after it started. It also knocked CastleCops' webhost offline for two days, causing more than $160,000 worth of damage to the company and its customers.

"We were planning on having a family Valentine's event," said Paul Laudanski, who along with Robin was forced to spend the next several days migrating to a new hosting provider. "Then, of course, the DDoS started, which ruined those plans."

The attack, according to federal prosecutors, was the handiwork of Greg C. King, a 21-year-old California resident who at one point maintained a 7,000-node botnet. On Monday, he was publicly charged with four counts of illegal hacking, charges that carry a maximum penalty of 40 years in prison and a $1m fine.

King has pleaded not guilty, and he reiterated his claims of innocence in a telephone interview with The Register. He said he was released on $25,000 bond and is under orders not to use computers outside of his job, which he declined to identify.

The indictment comes three weeks after a yearly report from Arbor Networks found for the first time that internet service providers rated botnets as the top operational threat to their infrastructure.

Revenge of the King

While more and more of today's cyber criminals are driven by financial gain, King's four-year DDoS spree was motivated by revenge for perceived slights, according to court documents and interviews. King's need to lash out ran so deep that his crippling attacks continued even after federal authorities raided his parents' Fairfield, California home in 2004, prosecutors allege. Even a conviction for attempted armed robbery, for which King served seven months jail time earlier this year, didn't weaken his resolve.

King "just continued on and on and on and on," said Tami Quiring, owner of KillaNet Technologies, a British Columbia-based website for high school students preparing for careers in online media. "He would make appearances on IRC and just taunt the kids and threaten them and post links to some really disgusting porn sites."

Quiring says one of her first brushes with King dated back to 2003, before the suspect had even turned 18. A chat server she maintained was subjected to a smurf attack, a particularly powerful type of DDoS that bounces spoofed ping requests off thousands of vulnerable routers and, in the process, significantly amplifies the amount of traffic directed at a victim. As a result, she said, she was forced to pull the plug on her site.

Over the years, Quiring says, she tried all kinds of evasive maneuvers. She repeatedly changed servers. She blacklisted his IP address. She and her employees engaged him in chat dialogs. None of it had any effect. She said the attacks continued through last year, when a site she set up to host a large video game tournament was taken offline, preventing Nvidia, ATI and other partners from accessing the site at a crucial moment.

"We withstood attacks that took Yahoo! down," Quiring said. "For a long time, our servers were locked up like Fort Knox."

The SilenZ Treatment

A key element in the vengeance allegedly meted out by King was acknowledgment from his victims that they were being punished. And as a result, he took few steps to cover his tracks. He frequently taunted his victims in chat rooms before and during his attacks, and on several of those occasions, he dropped hints about his real-life identity, according to court documents.

He went by the same handful of online monikers, including SilenZ, SilenZ420 and Gregk707, and he also used the same several email addresses - including gregk707@yahoo.com and silenz420@gmail.com - to establish accounts on the systems he attacked. He frequently used his parents' SBC DSL line to log in to the accounts and read email. He was partial to using the passwords "1fuckhead" and "1fuckhead1" on many of those accounts.

"My good friend's ISP shut him over this fucking post," a user by the name of SilenZ wrote in a CastleCops forum shortly before the February 13 attack began. "I have the right to be angry. If you edit my post once more, you will be sorry."

SilenZ was banned from the boards at 10:40 that night. About four minutes later, the DDoS started.

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?