The Federal Bureau of Investigations (FBI) has arrested a man for renting out portions of the Xtreme DDoS-for-hire service to conduct distributed denial of service attacks. On 9 December, the FBI arrested and charged Sean Sharma, a 26-year-old graduate student at the University of Southern California, for launching a DDoS attack against the San Francisco-based chat company Chatango. He allegedly did so by purchasing part of Xtreme, a Linux botnet which acts as a DDoS-for-hire service. As explained in court documents (PDF):
"On or about November 6, 2014, through January 20, 2015, in the Northern District of California and elsewhere, the defendant, SEAN KRISHANMAKOTO SHARMA, did knowingly cause the transmission of a program, information, code, and command, and as a result of such conduct, intentionally caused damage without authorization to a protected computer, to wit, the defendant caused the transmission of the Xtreme Fire DDoS tool to Chatango's web servers, a computer used in interstate and foreign commerce and communication, and, by such conduct caused loss to 1 or more persons during a I-year period from the defendant's course of conduct affecting protected computers aggregating at least $5,000 in value."
Xtreme Stresser website (Source: Bleeping Computer) If found guilty, Sharma could face 10 years in prison, three years of supervised release, and/or a fine. As reported by Bleeping Computer, the suspect is free on 100,000 USD bail as of this writing. While he awaits trial, the court has forbidden him from visiting websites such as HackForums and using tools such as virtual private networks (VPNs). The FBI arrested Sharma as part of Operation Tarpit, an international takedown led by Europol which arrested 34 individuals for having used DDoS-for-hire services like Xtreme. Many of those users were under 20 years old, something which Steve Wilson, head of Europol's European Cyber Crime Center (EC3) says is a growing trend in today's world. As quoted by the FBI:
"Today’s generation is closer to technology than ever before, with the potential of exacerbating the threat of cyber crime. Many IT enthusiasts get involved in seemingly low-level fringe cyber crime activities from a young age, unaware of the consequences that such crimes carry."
That said, it's important to note that arresting young offenders isn't always the answer. Sometimes judges decide in favor of rehabilitation, as one did in this case. Other times, all it takes is a stern warning from law enforcement, as investigators did with 100 individuals in Operation Tarpit. Let's hope those young people get the hint and quickly steer clear of computer crime. The last thing anyone wants is for them to end up facing jail time for similar actions when they're older.
