An 18-year-old UK student has been charged by the West Midlands Police with supplying malware and denial-of-service tools to cybercriminals. The criminals allegedly used them to attack websites belonging to T-Mobile, EE, Vodafone, O2, BBC, BT, Amazon, Netflix, Virgin Media and the National Crime Agency (NCA).
Although the Stockport student, Jack Chappell, was charged with multiple counts, the investigation concluded that no customer data was actually lost during any of the attacks.
“He has been charged with impairing the operation of computers under the Computer Misuse Act, plus encouraging or assisting an offence and money laundering crime proceeds together with an American national,” according to a statement from West Midlands Police.
The investigation, led by West Midlands Regional Cyber Crime Unit and assisted by Israeli Police, the FBI, and Europol’s European Cybercrime Centre, also revealed that Chappell took part in a cybercriminal operation in 2015 that took down NatWest’s online banking system. It’s implied that this was possible due to the denial-of-service software distributed by the teenager, for which he also provided an online help desk.
Denial-of-service attacks rely on a large pool of infected computers, controlled by a single bot master, all of which are instructed to flood domains or websites with illegitimate traffic, effectively causing them to stop working properly or taking them completely offline.
Continuous collaboration between law enforcement agencies has brought to justice other cybercriminal groups that have been either been distributing malware or performing cybercriminal operations. A month ago, Europol arrested six people involved in buying counter anti-virus and crypter services used to evade security solutions.
Codenamed the “Neuland” operation, individuals from Germany, Cyprus, Italy, the Netherlands, Norway and the United Kingdom were taken into custody.