The tale of “Bitcoin Baron” reveals a worrying picture and illustrates how easy it has become to wreak havoc on the internet.
A 23-year-old man from Arizona, USA, was sentenced to 20 months in jail for launching distributed denial of service (DDoS) attacks at the computer networks of Madison, the capital of Wisconsin, three years ago that caused outages to the city’s emergency communications systems and other services, according to a press release by the US Department of Justice.
The prison sentence is part of a plea deal that Randall Charles Tucker, who went by the online moniker “Bitcoin Baron,” closed with prosecutors. The attacks, which made Madison’s government networks inaccessible several times over a span of nearly a week in March 2015, were part of a broader DDoS campaign that Tucker is thought to have waged against various American cities at the time. However, the plea agreement, which also includes an order for Tucker to pay $69,000 in restitution, only covers the attacks at Madison.
It’s not clear what prompted Tucker to attack the city’s municipal services. The attacks came just days after the shooting of 19-year-old Tony Robinson by a Madison police officer, an incident that sparked public outcry.
In April 2015, Tucker was arrested after being under investigation for suspected hacking-related offenses for six months. In addition to the attack at Madison, he was also accused of DDoS-ing the computer systems of the Arizona cities of Mesa and Chandler, as well as of two DDoS attacks against a video-news website. The latter operations were attempts to bring the website’s admins round into releasing one of his “call for arms” videos.
Taking up the cudgels
As Bleeping Computer reports, Tucker began his cybercriminal career in 2014, although he had quite some brush with the law before. He served 18 months in jail for stabbing his father with a kitchen knife in 2013 – a sentence that he began to serve two months after his attacks at the City of Madison, having been released pre-trial.
Back to cybercrime, however: “Bitcoin Baron” started his “career” with a number of website-defacing and DDoS campaigns that were not, however, marked by technical sophistication. Indeed, he went on to earn a number of unflattering monikers by the press, with “the Internet’s most inept criminal” being actually one of the milder ones. Shortly after his arrest, The New York Observer reviewed Bitcoin Baron’s shenanigans in this piece, taking stock of his bungles and noting his reliance on plug-and-play tools, rather than his own technical chops.
Importantly, the bumbling hacker didn’t go to great lengths to hide his identity, which ultimately enabled law enforcement to collect enough evidence in a short period of time. He often bragged about or pre-announced his misdeeds on social media and various online discussion boards. He also claimed to have been part of hacktivist campaigns, such as Anonymous’ operation dubbed #OpSeaWorld, which denounced alleged cruelty against animals in marine parks.
On other occasions, he channeled his rage at news sites, web hosting firms, banks, gaming services, and other targets. In one attack, he reportedly defaced the website of a children’s hospital with child pornography.
written by Tomas Foltyn, ESET