Titanium's young load server operator got two years in prison

Among the representatives of the cybercrime world there are sometimes very young talents who do not just want to make money, but at their age they have high intelligence and remarkable programming abilities. For example, the British youth Adam Mudd (Adam Mudd) five years ago opened a convenient web service for running stress tests: the load server (stressor) Titanium. The server worked automatically and ran stress tests at an arbitrary address indicated by the client. For new customers offered a few free demo sessions. You could "fill up" any site just for the test. But in the free mode, the attack lasted only 60 seconds.

The bottom line is that the "stressor" allegedly does not do anything illegal. It does not use other people's computers, as is the case with DDoS. This is a normal Linux server connected over a thick channel. His task is to load the victim's server as much as possible using standard queries. But in reality, such activity still violates the law, because the attacker aims to disable the server of the victim or disrupt his work.


Adam Mudd. Now a guy is 20 years old
')
During the work of Titanium Stresser, 1.7 million attacks were conducted against sites around the world, according to court documents on the case, writes Brian Krebs.


Geography of attacks conducted from the Titanium server load

The court found that the young man created and launched a stressor five years ago at the age of 15, and earned more than $ 300,000 on it. The court nevertheless recognized the work of such a server as illegal and sentenced the administrator to imprisonment. In October 2016, Adam was convicted in three cases of violations under the Computer Abuse Act (UK Computer Misuse Act) and money laundering under the Proceeds of Crime Act.

Clients of a stresser described its merits this way: it is one of the best IP bootlers / stressors on the Internet that loads the victim through a channel, on average, 5 Gbit / s with a maximum load of 20 Gbit / s.

Stresser supported attack methods at Layer 4 and Layer 7 levels:

Layer 4

• UDP
• UDP-LAG
• ESSYN

Layer 7

• RUDY
• SLOWLORIS

In the free mode, the attack was carried out only on Layer 4 UDP.

The site also provided the villains with eight useful tools (only for paid accounts):

• Skype Resolver
• Steam resolver
• Cloudflare Resolver
• Friends & Enemys
• Geolocation
• Ip logger
• Pinger
• Email bomber

Payment was accepted by Bitcoins, via PayPal and prepaid PaySafeCard cards.

Adam sold paid accounts, depending on the duration of the stress testing sites:

100 seconds each - $ 2.99
180 seconds each - $ 4.99
500 seconds each - $ 9.99
1500 seconds each - $ 14.99
For 3500 seconds - $ 19.99
For 7200 seconds - $ 29.99
10800 seconds - $ 49.99
For 30,000 seconds - $ 69.99

Per second rates are a standard option for a stressor. Below are the rates for another such Netspoof service.



The business worked as expected: with round-the-clock technical support and premium services (such as parallel dual workloads).

Despite several years of successful work and $ 300,000 in earnings, a criminal case was brought against the owner of the load server and was given a deadline: “Today we are sentencing him to 24 months in prison for conducting DDoS attacks, nine months for supporting the work of Titanium and the stressor 24 months for laundering money received as income from the work of a stressor, all terms are served simultaneously, ”said a press release from the Eastern Operations Special Operations Division (ERSOU), which was involved in the hacker’s case.

Perhaps, the load server would continue to work in the previous mode and would bring money, but among the victims of the load tests were large fish - game servers from Sony and Microsoft. From December 2013 to March 2015, the PSN and Xbox Live servers went offline as a result of DDoS attacks. As shown by the investigation, the Titanium stressor also participated in this: attacks were carried out from it, including on Minecraft, Xbox Live, Microsoft, Runscape and TeamSpeak servers.

Formally, load servers allegedly do not violate the law. The operator may think: "This is my computer, I run requests from it, which I want," but no. Operators of such servers have repeatedly been brought to justice. In December 2016, 34 operators of boaters and stressors in Europe and the USA were detained as part of Operation Tarpit.

“The case of Adam Mudd is very regrettable, since the young man obviously has great abilities, but he used his talent for personal gain at someone else’s expense,” said an ERSOU press release. “We want to emphasize that we don’t want to punish the young man too much, but we are trying to curb his abilities before they turn into a crime.” Law enforcement officials say they also want to convey this message to all parents who do not know what the child is doing in the nursery. You have to watch over your children.