Get rekt: Two years in clink for game-busting DDoS brat DerpTrolling
It’s all lulz until someone goes to prison
Austin Thompson, aka DerpTrolling, who came to prominence in 2013 by launching Distributed Denial of Service (DDoS) attacks against major video game companies, has been sentenced to 27 months in prison by a federal court.
Thompson, a resident of Utah, will also have to pay $95,000 to Daybreak Games, which was owned by Sony when it suffered at the hands of DerpTrolling.
Between December 2013 and January 2014, Thompson also brought down Valve’s Steam – the largest digital distribution platform for PC gaming – as well as Electronic Arts' Origin service and Blizzard's BattleNet. Disruption lasted anywhere from hours to days.
The most famous episode, described at length in The Graun, involved DerpTrolling taking down two popular online games, League of Legends and Dota 2, in a sequence, in real-time, while negotiating with a Twitch streamer.
Thompson was aged 18 at the time he carried out the attacks. He would usually announce the next victim on Twitter using the handle @DerpTrolling, and would then post "scalps" – screenshot evidence that services were taken offline.
This impressed no one: gamers were unable to play, causing financial distress to publishers, and everyone was angry.
Thompson was promptly doxed by unknown vigilantes, and reportedly arrested by New York cops in January 2014. The Twitter profile disappeared, and the next time his name surfaced was when he pleaded guilty in November 2018.
"Denial-of-service attacks cost businesses and individuals millions of dollars annually," said US attorney Robert Brewer. "We are committed to prosecuting hackers who intentionally disrupt internet access."
The DoJ insists on calling Thompson a hacker, but launching DDoS attacks isn't actually "hacking" in the classic sense of the term – i.e. gaining unauthorized access to data in a system or computer.
DDoS attacks are some of the easiest to execute: as Reg readers know only too well, these flood the target network with requests from multiple infected machines and overload the servers, bringing them down. All you need to start with a DDoS is a sizeable botnet, and while you can build those yourself quite easily, they are also widely available for hire. ®