ETA Hacking Group Member Pleads Guilty for DDoS Attacks on a Researcher’s Site
Last week, a member of the hacking group Electronik Tribulation Army (ETA) pleaded guilty for “knowingly and purposefully launching a distributed denial of service (DDoS) attack” against a site ran by a security researcher. In a statement released by U.S. Attorney ‘s office, Benjamin Earnest Nichols, a 37-year-old Oklahoma City-based hacker, admitted to spearheading the transmission of a malicious code to a protected computer owned by R. Wesley McGrew of mcgrewsecurity.com
Before U.S. Magistrate Judge David L. Horan, Nichols conceded to causing system damage amounting up to $6,500 by denying access and service to the site owner in a span of a year. DDoS attacks, as defined, are designed to disrupt normal system operations, and driven by motives that range from espionage and activism to financial gain.
DDoS attacks involve the use of a large network of remote PCs, otherwise known as botnets, to overwhelm another system’s connection or processor. Once successful, the attack makes the websites of the target server unavailable to legitimate traffic requests.
Reported cases of DDoS attacks have shown a significant increase in size in terms of bandwidth. According to a security report, DDoS attacks in the third quarter of 2015 alone have increased 180%, compared to the same quarter in 2014.
The McGrew Connection
Nichols, charged for staging the attack on McGrew on or before May 2010, has yet to be sentenced, but is already facing “maximum statutory penalty of 10 years in federal prison” and a fine amounting to $250,000.
McGrew immediately became the subject of the ETA’s online assault after playing witness in the arrest of the then ETA leader, Jesse McGraw (a.k.a. GhostExodus), in 2009. McGraw, a former security guard at the North Central Medical Plaza in Dallas, was convicted of two counts of transmitting malicious code used in protected computers of the medical facility he was working for. This was done in order to use the remotely-controlled systems to perform a DDoS attack on a rival hacker group. In 2010, he pleaded guilty and sentenced to serve for over 9 years in federal prison in March, 2011.
The DoJ press release furthers that Nichols and McGrew interacted online via blogs and chat rooms, where McGrew posted remarks that Nichols deemed “false and disparaging” at mcgrewsecurity.com. This prompted Nichols, who also goes by a number of aliases like “thefixer25,” ”fixer,” “fix,” ”c0aX,” and “ballsdeep,” to find all means necessary to harass and humiliate the Mississippi-based researcher, beyond the DDoS attacks that he is currently in court for.
In a statement, McGrew shared, “They set up a website in my name to pose as me, and put up embarrassing content or things they thought would embarrass me, including a call-to-action to buy sex toys, and fake pornographic images.” He added, “They harvested e-mail addresses from the university I work at and e-mailed it out to those.” Apart from these, Nichols also “created/repurposed a bot that used computer code to respond to certain keywords by transmitting random insults and profanity to McGrew’s internet relay chat (IRC) channel.”
The Federal Bureau of Investigation stepped in and raided Nichols’ home as McGrew is regarded as a key witness, and witness intimidation is considered a federal crime. Assistant U.S. Attorney C.S. Heath is in charge of the prosecution, closely working hand in hand with the bureau in its ongoing investigations.
This is not the first time that such a case of hacker harassment has made the news. Recently, Donald Trump was tagged as a “juicy target” by the hacking group Anonymous in an attempt to expose the U.S. Presidential candidate’s “hypocrisy and more wrong doing”. In December 2015, the Trump Tower New York was shut down. This was shortly followed by a Tweet from an account directly associated to the hacktivist group, claiming full responsibility for the disruption.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report