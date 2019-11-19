A teenager from Illinois helped launch cyber attacks against the U.S. Department of Defense, a Pennsylvania school district, a Catholic Diocese and a video game manufacturer.

Now he’s behind bars and out more than half a million dollars.

A federal judge in North Carolina sentenced Sergiy P. Usatyuk, now 21, to 13 months in prison and ordered him to forfeit nearly $543,000 he earned from the attacks, prosecutors said Monday.

Usatyuk pleaded guilty to one count of conspiring to commit computer damage and abuse in February.

“The FBI personally told the defendant that his cyber attacks were illegal and must stop during two interviews concerning his role in an earlier large-scale attack that took down an influential technology website,” federal prosecutors told the court in a sentencing memorandum earlier this month.

But Usatyuk ignored the warning, they said.

Together with an unnamed Canadian co-conspirator, prosecutors said the teen hacker started offering “booter” services that ultimately launched millions of distributed denial of service (DDoS) attacks.

DDoS attacks are used by cyber criminals or hacktivists to overwhelm a computer server or network with “massive amounts of fake or illegitimate traffic” until they’re rendered unavailable, the FBI says.

The chief of the DOD’s Defense Information Systems Agency — which was subject to cyber attacks generated by Usatyuk — said it’s spoof traffic.

“It is as if numerous protesters blocked a store’s entry door, preventing customers from getting in,” he said in a victim impact statement submitted to the court. “When a server is overloaded with connections, new connections can no longer be accepted.”

Usatyuk operated a slew of booter services and websites that earned him at least $542,925, according to the sentencing memorandum.

During the first 13 months of the scheme, prosecutors said the booters were used to launch 3.8 million cyber attacks. Usatyuk even bragged on one booter website that the service had cost users “109,186.4 hours of network downtime (~4,549 days).”

Some of those attacks were launched against more than 150 government agencies and 300 educational institutions, according to the sentencing memorandum.

In November 2016, prosecutors said one of Usatyuk’s booters was used in an attack against the Franklin Regional School District in Pittsburgh.

But the attack had some unintended consequences — court documents show it also took down 17 other organizations, including the Westmoreland County government and the Catholic Diocese of Greensburg, Pennsylvania.

Earlier that same year, another one of Usatyuk’s booters reportedly was used by cybercriminals who launched repeated attacks against a video game’s servers. The attacks cost the game’s manufacturer $164,000.

In the meantime, prosecutors said Usatyuk “deployed a number of sophisticated techniques and fake online personas to evade detection.”

But officials caught up to him last year.

Court documents show FBI agents warned him at age 15 that DDoS attacks were illegal after he reportedly helped take down the technology website KrebsonSecurity run by former Washington Post reporter Brian Krebs.

Krebs said he spoke to the teen and his father — Peter Usatyuk, an assistant professor at the University of Illinois at Chicago — in 2014 after that attack.

“(Usatyuk) has tried to clean up some of his more self-incriminating posts on Hackforums, but he remains defiantly steadfast in his claim that he doesn’t DDoS people,” Krebs said. “Who knows, maybe his dad will ground him and take away his Internet privileges.”

But prosecutors said they were empty promises.

They recommended sentencing Usatyuk to nearly five years in prison — a far cry from the 13 months he received Monday.

“(Usatyuk) was acutely aware and openly dismissive of the FBI’s efforts to combat the precise conduct that he was perpetrating,” prosecutors said. “A significant sentence is needed here to affirm respect for laws barring illegal DDoS attacks, and deter the defendant from further recidivism.”