Student Charged with Using University Computer Network for Denial of Service Attacks and Botnets

Steven M. Dettelbach, United States Attorney for the Northern District of Ohio, announced today that an Information was filed today charging Mitchell L. Frost, age 22, of Bellevue, Ohio, with one count of causing damage to a protected computer system, and one count of possessing 15 or more unauthorized access devices.

The information charges that between August 2006, and March 2007, while enrolled as an undergraduate student at the University of Akron, Mitchell Frost used the University’s computer network to access IRC channels on the Internet to control other computers and computer networks via computers intentionally infected and taken over, known as “BotNet” zombies, which were located throughout the United States and in other countries.

The information charges that Frost gained access to other computers and computer networks by various means, including scanning the Internet searching for computer networks which were vulnerable to attack or unauthorized intrusion, gaining unauthorized access to and control over such computers, and fraudulently obtaining user names and passwords for users on such systems. Frost then used the compromised computers to spread malicious computer codes, commands and information to even more computers, all for the purpose of harvesting and obtaining information and data from the compromised computer networks, including user names, passwords, credit card numbers, and CVV security codes, and for the purpose of launching Distributed Denial of Service (DDoS) attacks on computer systems and Internet websites.
The information further charges that between August 2006 and March 2007, Frost initiated DDoS attacks on numerous computers connected to the Internet hosting various websites, including www.joinrudy2008.com, www.billoreilly.com, and www.anncoulter.com, among others, temporarily interrupting operation of the websites, which required the site owners to intervene and repair their computer systems.

The information also charges that Frost initiated denial of service attacks against the University of Akron computer server on or about March 14, 2007, which caused the entire University of Akron computer network to be knocked off-line for approximately 8 ½ hours, preventing all students, faculty and staff members from accessing the network. The information charges that this denial of service attack required the University of Akron to employ diagnostic and remedial measures to restore computer service causing losses in excess of $10,000.

If convicted, the defendant’s sentence will be determined by the Court after review of factors unique to this case, including the defendant’s prior criminal record, if any, the defendant’s role in the offense and the characteristics of the violation. In all cases the sentence will not exceed the statutory maximum and in most cases it will be less than the maximum.

This case is being prosecuted by Assistant U.S. Attorney Robert W. Kern, Cybercrime Coordinator for the Cleveland U.S. Attorney’s Office, following an investigation by the Akron Office of the United States Secret Service, the Federal Bureau of Investigation and the University of Akron Police Department.

An information is only a charge and is not evidence of guilt. A defendant is entitled to a fair trial in which it will be the government’s burden to prove guilt beyond a reasonable doubt.

—- Update —-
Convicted on 26 May 2010

Steven M. Dettelbach, United States Attorney for the Northern District of Ohio, announced today Mitchell L. Frost, age 23, of Bellevue, Ohio, appeared before U.S. Magistrate Judge Nancy A. Vecchiarelli and pleaded guilty to a two-count Information filed on May 14, 2010, which charged Frost with causing damage to a protected computer system and possessing
15 or more unauthorized access devices.

According to court documents, Frost admitted that between August 2006, and March 2007, while enrolled as a student at the University of Akron, he used the University’s computer network to access IRC channels on the Internet to control other computers and computer networks via computers intentionally infected and taken over, known as “BotNet” zombies, which were located throughout the United States and in other countries.

Frost also admitted gaining access to other computers and computer networks by various means, including scanning the Internet searching for computer networks which were vulnerable to attack or unauthorized intrusion, gaining unauthorized access to and control over such computers, and fraudulently obtaining user names and passwords for users on such systems. Frost admitted using the compromised computers to spread malicious computer codes, commands and information to even more computers, all for the purpose of harvesting and obtaining information and data from the compromised computer networks, including user names,
passwords, credit card numbers, and CVV security codes, and for the purpose of launching Distributed Denial of Service (DDoS) attacks on computer systems and Internet websites.

Frost admitted that between August 2006 and March 2007, Frost initiated DDoS attacks on numerous computers connected to the Internet hosting various websites, including www.joinrudy2008.com, www.billoreilly.com, and www.anncoulter.com, among others,
temporarily interrupting operation of the websites, which required the site owners to intervene and repair their computer systems.

Frost also admitted initiating denial of service attacks against the University of Akron computer server on or about March 14, 2007, which caused the entire University of Akron computer network to be knocked off-line for approximately 8 ½ hours, preventing all students, faculty and staff members from accessing the network. This denial of service attack required the University of Akron to employ diagnostic and remedial measures to restore computer service causing losses in excess of $10,000. Frost will be sentenced on August 5, 2010, by U.S. District Judge Lesley Wells. His sentence will be determined by the Court after review of factors unique to this case, including his prior criminal record, if any, his role in the offense and the characteristics of the violation. In all cases the sentence will not exceed the statutory maximum and in most cases it will be less than the maximum.

This case is being prosecuted by Assistant U.S. Attorney Robert W. Kern, Cybercrime Coordinator for the Cleveland U.S. Attorney’s Office, following an investigation by the Akron Office of the United States Secret Service, the Federal Bureau of Investigation and the University of Akron Police Department.

source: www.cybercrime.gov

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)