Microsoft hacker avoids jail time over multiple cyber attacks – BBC News

A County Antrim man has been given a suspended sentence for his role in a series of cyber attacks when he was a teenager.

Aaron Sterritt, 24, of Brookfield Gardens in Ahoghill, was sentenced to 26 months suspended for three years when he appeared at Antrim Crown Court.

The charges related to a series of distributed denial-of-service (DDoS) attacks in 2016 against Flowplay, Microsoft (Xbox Live), Rockstar Games, Tumblr and Ottawa Catholic School Board.

Judge Roseanne McCormick KC told the defendant that any further offense would land him in prison.

A distributed denial of service (DDoS) attack is an attempt to take a website offline by flooding it with internet traffic.

They have the power to take entire sites offline and are usually carried out by automated bots or programs.

To the average user, it appears that the site simply stops displaying content.

For businesses, this could mean that the online systems they depend on become unresponsive and they may no longer be able to perform time-critical actions.

Attacks often involve analyzing how a website functions before launching an attack.

Past victims include British Airways, the BBC and the Irish National Lottery.

The 24-year-old was also accused of refusing to reveal passwords for his laptop, hard drives and an iPhone on dates between December 2017 and June 2020.

The court heard he was linked to the charges through communications, activity on his devices and by a forensic speech examiner who was able to link him to YouTube videos.

Judge Roseanne McCormick KC said an aggravating factor in the case was that the majority of the offenses were committed while the suspect was on bail for a similar incident.

In 2015, when he was just 15, Aaron Sterritt was arrested for his role in hacking telecom giant TalkTalk.

The fallout from the attack cost the company £77 million.

A pre-sentencing report outlined how Sterritt was diagnosed with ADHD and autism as a child and faced challenges in his family life.

The court determined that he is unlikely to reoffend and that he has followed a cyber awareness program.

Judge McCormick QC said she was “aware of the fact that this is a young offender with specific challenges in his life.

“And bearing in mind that most of them were committed when he was a child.”

She also took into account that it had taken a long time for the case to reach the court and that the suspect used that time to “improve himself”.

Judge McCormick said the offenses were “hugely damaging” and “easily exceeded the threshold for custody”.

But there were exceptional circumstances: his guilty pleas, the time the case was “hanging over his head” and his low likelihood of recidivism led her to suspend the sentence.

After the conviction, the Police Service of Northern Ireland said the case warranted two investigations: one by the PSNI and the other by the National Crime Agency.

Chief Inspector Paul Woods said the 2016 cyber attacks were “large-scale” and affected websites and services in the US.

“Aaron Sterritt, a teenager at the time, was one of the suspects, and the only one of the group from Northern Ireland.

“The [PSNI] The investigation focused on Sterritt’s role in the development of malicious software used to attack networks of vulnerable computer systems worldwide.

“Another version of malicious software developed by Sterritt exploited device vulnerabilities for the purpose of mining Ethereum cryptocurrency.”

Steve Laval, from the NCA’s National Cyber ​​Crime Unit, added: “DDoS attacks can have devastating consequences for victims and have become an attractive entry-level crime for offenders like Aaron Sterritt, who require little technical knowledge.”