Notorious Steam Hacker DerpTroll is Facing Prison Time

AlphaAtlas

[H]ard|Gawd
Staff member
Joined
Mar 3, 2018
Messages
1,713
If your PSN, 2K or Windows Live account info got leaked in 2014, you may finally be getting justice. Notorious hacker Derptroll has just plead guilty to denial of service attack charges. Among other things, 23 year old Utah resident Austin Thompson was responsible for taking Steam, Origin and SOE down in 2013 and 2014. He is reportedly facing a maximum penalty of 10 years in prison and a $250,000 fine, and sentencing is set for March 1, 2019.

Thompson's attacks, which flooded his victims' servers with enough internet traffic to take them offline, were directed mainly at online gaming companies and servers, including then San Diego-based Sony Online Entertainment. Thompson typically used the Twitter account @DerpTrolling to announce that an attack was imminent and then posted screenshots or other photos showing that victims’ servers had been taken down after the attack. The attacks took down game servers and related computers around the world, often for hours at a time. According to the plea agreement, Thompson’s actions caused at least $95,000 in damages.
 
How in the hell does a 23 yr old have the hacking skills to take Steam, Origin, SOE down? Its not like there are college courses for hacking. I just can't comprehend how he know's all that stuff at such a you age.

And why did he target gaming companies? What did they do to him? He could have hacked crooked OIL/bank companies or something.
 
IMO, DDoS attacks are talent-less, that's why this guy is not being offered a job from IT security companies or even a plea bargains from the prosecution.
Now, people who can actually hack into servers and steal data... those people get snapped up pretty quickly, instead of going to jail.
 
IMO, DDoS attacks are talent-less, that's why this guy is not being offered a job from IT security companies or even a plea bargains from the prosecution.
Now, people who can actually hack into servers and steal data... those people get snapped up pretty quickly, instead of going to jail.

You provided a great point, didn't think about that...
 
How in the hell does a 23 yr old have the hacking skills to take Steam, Origin, SOE down? Its not like there are college courses for hacking. I just can't comprehend how he know's all that stuff at such a you age.

And why did he target gaming companies? What did they do to him? He could have hacked crooked OIL/bank companies or something.

DDoS isn't that complicated; you can easily do it with a few command prompts pinging a specific IP address over and over again. Nothing stopping you from making a batch file that runs itself a few hundred times to ping Hardocp.com over and over and over again. [Please don't do this].
 
DDoS isn't that complicated; you can easily do it with a few command prompts pinging a specific IP address over and over again. Nothing stopping you from making a batch file that runs itself a few hundred times to ping Hardocp.com over and over and over again. [Please don't do this].

What I've never understood is how that leads to security breaches? I understand it leading to crashing the server (obviously).
 
You provided a great point, didn't think about that...

DDoS basically entails infected computers spamming one or two lines of code.

Computers infected with a virus will allow remote execution of code. (aka zombie computers)
The Virus itself is usually written by someone else entirely, and the Virus writer will then sell the computing power he has gained to script kiddies.

Script kiddies (what the guy being dubbed a "hacker" is) just run a simple command that tells all the infected computers to ping a specific IP address.

The script part is super easy to do.
"-ping certain IP address /repeat forever" .bat

If the virus writer was caught, he'd get hired almost immediately by IT security companies or by Government.
Script kiddies are... yeah, not worth anything.
 
DDoS basically entails infected computers spamming one or two lines of code.

Computers infected with a virus will allow remote execution of code. (aka zombie computers)
The Virus itself is usually written by someone else entirely, and the Virus writer will then sell the computing power he has gained to script kiddies.

Script kiddies (what the guy being dubbed a "hacker" is) just run a simple command that tells all the infected computers to ping a specific IP address.

The script part is super easy to do.
"-ping certain IP address /repeat forever" .bat

If the virus writer was caught, he'd get hired almost immediately by IT security companies or by Government.
Script kiddies are... yeah, not worth anything.
It's even easier these days if you have the money. Just rent a farm to do it all for you.
 
Lol i remember a certain simple .exe one could download and ddos with a few clicks

LOIC ;)
 
Well I work at CenturyLink, (new network engineer job). And we have DDos services here for all our customers. The melicias traffic gets identified and immediately gets blocked, whether its from 10 infected computers, or 10,000.

I don't understand how DDos attacks can occur with companies as big as Steam, and Sony. They should have the ability to block that traffic after its detected.
 
Last edited:
you may finally be getting justice


LOL.. that one has always cracked me up..

not that his "hacks" have affected me.. but lets say it did.

"justice" is now being felt.. by those who get to pay for him to have 3 meals a day, a bed to sleep in.. and better, and free, health care then we get.
 
Well I work at CenturyLink, (new network engineer job). And we have DDos services here for all our customers. The melicias traffic gets identified and immediately gets blocked, whether its from 10 infected computers, or 10,000.

I don't understand how DDos attacks can occur with companies as big as Steam, and Sony. They should have the ability to block that traffic after its detected.
To be fair, when it happens to Steam it is usually only down for a matter of minutes. PSN was down for 23 days at one point and it took Sony half a year to fully bring back services to par.
 
DDoS attacks don't require any great amount of intelligence. You know this guy is dumb for two reasons: 1. He got caught. 2. He's gonna serve an extended prison term for being annoying. Think about that - he could be sentenced to 10 years in prison (10 years!) and he didn't kill anyone. He did not harm anyone. He did not threaten society, he didn't rob anyone, he did not commit grievous acts of assault, minor acts of treason, promote hatred or even pose a menace to someone's health and safety.

He's one of those rare people who are going to serve hard time for being a pissant.

That boy is gonna need a new nickname. 'Derp Troll' isn't gonna cut it with the boys in the block. Right now, my vote is for calling him 'Twinkle Plump'.


P.S. 'Butt Finch' is also an old favorite.
 
Last edited:
So this was crime for crimes sake with nothing but infamy as the reward/ Yeah that's worth a life in prison. Well played, l33t d00d!
 
So this was crime for crimes sake with nothing but infamy as the reward/ Yeah that's worth a life in prison. Well played, l33t d00d!

He can get some 1337 prison tattoos now though.
 
Well I work at CenturyLink, (new network engineer job). And we have DDos services here for all our customers. The melicias traffic gets identified and immediately gets blocked, whether its from 10 infected computers, or 10,000.

I don't understand how DDos attacks can occur with companies as big as Steam, and Sony. They should have the ability to block that traffic after its detected.
The thing is that blocking traffic doesn't necessarily stop the traffic, depending on the type of DDoS. It's why entire CDNs can get taken down if someone's motivated enough.
 
I am here for the #cinnamonringprisonstretching that he is going to get while in the SAPP/FAPP program...
 
The thing is that blocking traffic doesn't necessarily stop the traffic, depending on the type of DDoS. It's why entire CDNs can get taken down if someone's motivated enough.

True, what does it matter if you drop all DDoS traffic if it's filling your pipe?

DDoS prevention needs to start closer to the originating machines than the destination.


Well I work at CenturyLink, (new network engineer job). And we have DDos services here for all our customers. The melicias traffic gets identified and immediately gets blocked, whether its from 10 infected computers, or 10,000.

I don't understand how DDos attacks can occur with companies as big as Steam, and Sony. They should have the ability to block that traffic after its detected.

I'm still trying to find out what melicias traffic is though. I've been spending all these years looking for malicious traffic, guess I've been doing it wrong :)

It's also trivial to do DDoS with valid traffic that doesn't appear malicious. Or even melicias
 
I'm no network engineer, but I believe it's DNS amplification attacks causing pain (1.3 tbps on Akamai). or all the buggy insecure IoT devices spread over a wide amount of IPs?
 
To be fair, when it happens to Steam it is usually only down for a matter of minutes. PSN was down for 23 days at one point and it took Sony half a year to fully bring back services to par.[/QU
True, what does it matter if you drop all DDoS traffic if it's filling your pipe?

DDoS prevention needs to start closer to the originating machines than the destination.




I'm still trying to find out what melicias traffic is though. I've been spending all these years looking for malicious traffic, guess I've been doing it wrong :)

It's also trivial to do DDoS with valid traffic that doesn't appear malicious. Or even melicias

Just block IP subnets from China and Russia, problem solved We do that right now.

All the pirated windows machines in those countries are vulnerable to viruses. In the USA we all have legit copies of windows with security updates and antivirus.
 
Just block IP subnets from China and Russia, problem solved We do that right now.

All the pirated windows machines in those countries are vulnerable to viruses. In the USA we all have legit copies of windows with security updates and antivirus.

Region blocking won't stop a denial of service attack from filling your upstream circuit. If they can send more than your pipe can hold it's a successful attack.

That being said, we region block china, russia, and brazil as we have no customers there and saw that a large percentage of our detected events came from those three countries. Some companies can't region block though, if they have global customer base etc.
 
Region blocking won't stop a denial of service attack from filling your upstream circuit. If they can send more than your pipe can hold it's a successful attack.

That being said, we region block china, russia, and brazil as we have no customers there and saw that a large percentage of our detected events came from those three countries. Some companies can't region block though, if they have global customer base etc.

Yes I agree. Here at Centurylink all our customers with DDos services come through the largest circuits 100+GB Internet. That traffic is scrubbed/verified through our SOC DDos, so bandwidth isn't an issue.
 
It's almost as if there are better things you could be doing with your life than DDOS'ing game servers.
 
Back
Top