At the very least, you can admire the guy’s industriousness. Too bad he didn’t use his powers for good. After a lengthy investigation, Argentine police arrested a 19-year old young man for allegedly running a hacking network that milked money from victims’ online gaming accounts.
The process leading up to the unnamed hacker’s arrest began in 2012, according to an Associate Press report, when police launched “Operation Zombie.” The operation began after a business man reported that servers he used to run a web hosting business had been invaded by someone attempting to intercept money transfers. That investigation, launched by criminal attorney Graciela Gils Carbo (now Argentina’s lead prosecutor), led authorities to discover a larger fraud ring run by the same culprit.
Operating out of his Buenos Aires home, the suspect was able to attach a malware virus to a server that unsuspecting victims used to download online gaming software. That malware was then used to access the victims’ online gaming and money transfer accounts to the tune of $50,000 per month. Officials estimate the hacker stole around $600,000 in total.
To avoid being detected, the hacker used a botnet of thousands of “zombie” computers to initiate a distributed denial of service (DDoS) attack to overwhelm the payment services, making them temporarily inaccessible by customers. What likely appeared to the sort of server downtime we often see on websites (be it planned or not) was actually the hacker buying himself time and cloaking his actions.
To explain further, a botnet is a collection (network) of computers communicating over the internet to carry out tasks. In this case, the “zombie” computer had their security compromised with malware and directed to implement a DDoS attack on the payment platforms to temporarily put them out of the service. In a DDoS attack, the systems under control (the “zombies”) flood the bandwidth of the target system (the payment platform), essentially creating an extreme traffic jam that prevents legitimate traffic from getting through. DDoS attacks are effective because using multitudes of computers can create more traffic than just one, they are stealthier as they do not come from one centralized source, and it is much more difficult to block many attackers as opposed to one.
When authorities detained the hacker in his home, they took the extreme measure of shutting down the electricity to his entire neighborhood in order to prevent him from accessing his computers and potentially deleting evidence. Operation Zombie included a total of five raids in Buenos Aires as well as one in Rosario, a city 190 miles to the north.
The names of the affected gaming sites has not been revealed; it is not known if they are actually online gambling sites, though considering the sums of money involved, it is fairly likely.