Data Breach News

Irish Hacker Avoids Jail For Teenage Cyberattacks On XBox

The hacker had launched DDoS attacks that cost millions. Now reformed, the court suspended his sentence due to his age at the time and efforts to change.

by Krishna Murthy June 19th, 2024

Share on LinkedInShare on Twitter

An Irish hacker, who was involved in cyberattacks at the age of 13, has now walked free from court after his sentence was suspended.

Aaron Sterritt, now 24, of Brookfield Gardens in Ahoghill, was part of an international computer hacking gang in 2016 and became notoriously famous for attacking multinational companies. Aaron walked free on Tuesday after the Antrim Crown Court suspended his 26-month jail sentence for three years.

Why Was Irish Hacker Arrested?

Aaron was charged for carrying out a Distributed Denial of Service (DDoS) attacks that occurred between December 2, 2016 and December 21, 2016. He was part of a gang known as “starpatrol” whose DDoS cyberattacks targeted Flowplay Incorporated, Microsoft Corporation (XBox live), Ottawa Catholic School Board, Rockstar Games Incorporated and Tumblr Incorporated.  Aaron was using the pseudonyms ‘Victor’ and ‘Vamp’ while being part of the gang.

Aaron Sterritt walks out of court. Source: Belfast Telegraph

The first company targeted by the gang was Flowplay Inc., who had 75 million online gamers across the world in 2016, according to a report by the Northern Ireland World. The attack by “starpatrol” gang between December 3 and 11 in that year caused their servers to “lock up” for the entire duration of the attack. Customers were unable to access their accounts or play online due to the attack and thus, Flowplay had to refund tens of thousands of dollars of purchases and subscription fees. The company was also forced to shell out “hundreds of thousands of dollars” to migrate their services to a new server.

Similarly, there was a series of similar attacks on Microsoft’s Xbox live and Rockstar games between December 3 and 21 while in the offences relating to Ottawa Catholic School Board, a school in Ontario experienced many DDoS attacks between 2015 and 2016.

While suspending the sentence, Justice Roseanne McCormick warned Aaron that any repeat of such acts would attract imprisonment.

Irish Hacker’s Cyberattack Cost Millions

According to a BBC report, Aaron was also charged for not disclosing the passwords for his laptop, hard drives and iPhone between December 2017 and June 2020. He was tied to the charges through association, communication, device activity, and by a forensic speech investigator who could connect him to YouTube videos. The self-confessed criminal, now a reformed computer expert, was sentenced by Judge Roseanne McCormick KC. She observed that most of the offences were committed while Aaron was on bail for a similar offence in 2015 that targeted telecom behemoth TalkTalk, costing £77m.

While working on a pre-sentencing report, the court noted that Aaron was diagnosed with ADHD, required assessment for autism as a child, and used to face issues at home. Hearing that he is low-risk to reoffend and has undergone a cyber-awareness program, the court decided to suspend his sentence.

Judge McCormick KC said that considering the above factors, the length of Aaron’s trial and his attempts at starting to change for the better allowed her to suspend the sentence even given the gravity of the offenses.

After the trial, the Police Service of Northern Ireland (PSNI) said the case warranted two investigations, one by the PSNI and the other by the National Crime Agency. Detective Chief Inspector Paul Woods shared that the cyberattacks involving Aaron in 2016 were massive and affected websites and services in the US.

“Aaron was 16 years old during the incident and was one of the suspects, being the only individual from Northern Ireland in the group. PSNI’s investigation focused on Aaron’s role in the creation of malicious software for global network attacks and Ethereum cryptocurrency mining work.

Steve Laval of The National Cyber Crime Unit underlined grave consequences of DDoS attacks that are easy to conduct, pointing out that basic degree of technical skill is sufficient.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button