This week, Austin Thompson, a 23-year-old from Utah, US, was sentenced to two years and three months in prison after being charged and found guilty of deploying a series of denial of service (DDoS) attacks against the online video games servers of Sony, Electronic Arts, Microsoft, Nintendo, among others, reported experts in digital forensics.
Thompson, also known as “DeepTrolling”, was the first of many hackers to launch multiple cyberattacks against video game platforms on Christmas Day. These attacks did not appear to have a defined goal; “We did it just to ruin some people’s holydays,” Thompson said in previous times.
DerpTrolling’s first DDoS attack occurred in 2013 and was successfully carried out due to the few cybersecurity measures that the attacked companies had at the time, the experts in digital forensics mention.
Thompson subsequently claimed the attack authorship via Twitter, stating that more online services would be compromised in the future and that he would also receive requests to attack other users and services. Active since 2011, Thompson remained especially busy between 2013 and 2014, during which time DDoS attacks against major video game platforms occurred. A year later, news of DerpTrolling ceased to be heard.
These attacks caused multiple video game servers to go offline. Inspired by the success of DerpTrolling’s attacks, and seeking to generate media impact, some hackers began to imitate Thompson over the next few years.
In 2014, the Lizard Squad hacking group launched DDoS attacks against the same platforms, as did the Phantom Squad group a year later. Digital forensics experts mention that, over time, attacks were becoming less and less successful, as video game platforms implemented better security measures after the first attacks.
U.S. authorities found and arrested Thompson in 2014. Eventually the hacker pleaded guilty of all charges in November 2018, receiving a 27-month prison sentence, and must also pay more than $90k USD as compensation for the losses generated by the attacks.
Researchers at the International Institute of Cyber Security (IICS) say successful DDoS attacks cause million-dollar losses year-on-year, and remain a widely used attack method.