Skip to content
Naked Security Naked Security

New Year’s eve gaming DDoSer lulz himself into a 27-month sentence

Back in 2014, @DerpTrolling said he attacked sites simply based on requests from people who tweeted suggested targets.

Back in 2014, an entity calling itself @DerpTrolling was one of a bunch of squabbling steamrollers that just about pancaked the gaming world with multiple distributed denial-of-service (DDoS) attacks before, during and after New Year’s Eve.

At the time, @DerpTrolling called itself a group of hackers and, in a chat with the YouTube gaming channel #DramaAlert, said that he/she/they simply attacked sites based on requests from people who tweeted suggested targets.

In other words, it was all just a game, and it was all for the lulz.

In November 2018, one of the “gang” of hackers – possibly the only one – behind the @DerpTrolling moniker got busted. Austin Thompson, a 23-year-old from the US state of Utah, pleaded guilty on 6 November 2018 in a San Diego Federal court to knowingly causing damage to third-party computers.

There’s no lulzing now: on Tuesday, Thompson was sentenced in federal court to 27 months in prison for carrying out a series of DDoSes against multiple victims between 2013 and 2014.

He was also ordered to pay $95,000 in restitution to one of the victims, Daybreak Games, formerly Sony Online Entertainment.

As is typical in online gaming, this was a tit-for-tat battle. Another Twitter user who claimed responsibility for attacking the digital gaming service Steam, @chFtheCat, said in one tweet that the reason she/he/they “hit Steam off” is because @DerpTrolling hit off servers for the Electronic Arts (EA) game service Origin.

The gaming servers that were knocked offline included World of Tanks, RuneScape, Battlefield 3 and 4, EverQuest and EverQuest2, Club Penguin, Fifa Soccer 13 and 14, League of Legends, Minecraft, the Sony Playstation Network, EA, and even North Korea’s state-run news agency, kcna.kp.

According to the plea agreement, @DerpTrolling mainly launched the attacks at online gaming companies and servers. Thompson typically used the Twitter account @DerpTrolling to announce that an attack was coming and then posted “scalps” (screenshots or other photos showing that victims’ servers had been taken down) after the attack. The attacks took down game servers and related computers around the world, often for hours at a time, causing what the plea agreement estimated was at least $95,000 in damages.

Thompson, now free on bond, has been ordered to surrender to authorities on 23 August 2019 to begin his sentence.

2 Comments

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?