A 21-year-old California man has been arrested and charged with launching a distributed denial-of-service (DDoS) attack against CastleCops, an online forum and Web site that specializes in rooting out Internet scams.
Gregory King, of California, was arrested last Thursday and arraigned Monday on four federal counts of attacking servers that hosted CastleCops and KillaNet, a Canadian Web and graphics design community. If convicted, King faces up to 10 years in prison and a US$250,000 fine.
Last February, CastleCops, which is run by volunteers, was knocked offline by a DDoS attack King instigated, prosecutors said in the indictment filed in a federal court. King used a botnet -- a collection of previously compromised computers -- to attack CastleCops and launch numerous other sustained assaults against KillaNet beginning in July 2004.
King, who went by the online nicknames "Silenz," "sZ" and "Gregk707," reportedly amassed a botnet of about 7,000 infected machines. He used a variety of Gmail and Yahoo e-mail addresses, and even posted a photo of himself to his Yahoo profile. Also on the profile, King listed his latest news as "I learned a little bit of Visual Basic .Net in school, but I still suck at it."
"All too often, victims of DDoS attacks are left feeling let down and with a sense that the system fails," said Robin Laudanski in a message posted to CastleCops' front page. "Today, the system didn't fail." Laudanski and her husband Paul run CastleCops.
When FBI agents went to arrest King at his home last week, he fled out the back door with his laptop, which he tossed in bushes in the backyard. Agents recovered the laptop. According to arraignment papers, King launched the DDoS attacks from locations that included his parents' home, the local public library, a McDonald's restaurant and even a Best Buy store.
King was released Monday after his mother posted a US$25,000 bond. A trial date has not been set.
CastleCops has been an ongoing target for cybercriminals. Last month, for example, attackers used hacked PayPal accounts to send bogus donations to the site, making it appear that CastleCops was behind the thefts. CastleCops is working with both PayPal and the FBI to put a stop to the donations, according to Brian Krebs, the technology reporter for The Washington Post.
Starting in late August, CastleCops weathered another weeks-long DDoS attack.