Notorious Steam Hacker DerpTroll is Facing Prison Time

Discussion in '[H]ard|OCP Front Page News' started by AlphaAtlas, Nov 9, 2018.

  1. AlphaAtlas

    AlphaAtlas Gawd Staff Member

    Messages:
    1,014
    Joined:
    Mar 3, 2018
    If your PSN, 2K or Windows Live account info got leaked in 2014, you may finally be getting justice. Notorious hacker Derptroll has just plead guilty to denial of service attack charges. Among other things, 23 year old Utah resident Austin Thompson was responsible for taking Steam, Origin and SOE down in 2013 and 2014. He is reportedly facing a maximum penalty of 10 years in prison and a $250,000 fine, and sentencing is set for March 1, 2019.

    Thompson's attacks, which flooded his victims' servers with enough internet traffic to take them offline, were directed mainly at online gaming companies and servers, including then San Diego-based Sony Online Entertainment. Thompson typically used the Twitter account @DerpTrolling to announce that an attack was imminent and then posted screenshots or other photos showing that victims’ servers had been taken down after the attack. The attacks took down game servers and related computers around the world, often for hours at a time. According to the plea agreement, Thompson’s actions caused at least $95,000 in damages.
     
    Armenius likes this.
  2. Cyraxx

    Cyraxx [H]ardness Supreme

    Messages:
    4,555
    Joined:
    Feb 21, 2005
  3. Gweenz

    Gweenz [H]ard|Gawd

    Messages:
    1,204
    Joined:
    Dec 18, 2003
    Couldn't have happened to a nicer guy.
     
    Sikkyu and Armenius like this.
  4. DPI

    DPI Nitpick Police

    Messages:
    10,907
    Joined:
    Apr 20, 2013
    Harsh, that his cellmate will get him pregnant night after night, but then he volunteered to be the example.
     
    Last edited: Nov 9, 2018
  5. Motley

    Motley 2[H]4U

    Messages:
    2,393
    Joined:
    Mar 29, 2005
    How in the hell does a 23 yr old have the hacking skills to take Steam, Origin, SOE down? Its not like there are college courses for hacking. I just can't comprehend how he know's all that stuff at such a you age.

    And why did he target gaming companies? What did they do to him? He could have hacked crooked OIL/bank companies or something.
     
  6. MrDeaf

    MrDeaf Limp Gawd

    Messages:
    403
    Joined:
    Jun 9, 2017
    IMO, DDoS attacks are talent-less, that's why this guy is not being offered a job from IT security companies or even a plea bargains from the prosecution.
    Now, people who can actually hack into servers and steal data... those people get snapped up pretty quickly, instead of going to jail.
     
  7. Motley

    Motley 2[H]4U

    Messages:
    2,393
    Joined:
    Mar 29, 2005
    You provided a great point, didn't think about that...
     
  8. gamerk2

    gamerk2 [H]ard|Gawd

    Messages:
    1,397
    Joined:
    Jul 9, 2012
    DDoS isn't that complicated; you can easily do it with a few command prompts pinging a specific IP address over and over again. Nothing stopping you from making a batch file that runs itself a few hundred times to ping Hardocp.com over and over and over again. [Please don't do this].
     
  9. Cyraxx

    Cyraxx [H]ardness Supreme

    Messages:
    4,555
    Joined:
    Feb 21, 2005
    What I've never understood is how that leads to security breaches? I understand it leading to crashing the server (obviously).
     
  10. J3RK

    J3RK [H]ardForum Junkie

    Messages:
    8,737
    Joined:
    Jun 25, 2004
    When he was brought to the stand to present his defense, all he had to say was "derp".
     
    PantherBlitz, Trixar and Armenius like this.
  11. MrDeaf

    MrDeaf Limp Gawd

    Messages:
    403
    Joined:
    Jun 9, 2017
    DDoS basically entails infected computers spamming one or two lines of code.

    Computers infected with a virus will allow remote execution of code. (aka zombie computers)
    The Virus itself is usually written by someone else entirely, and the Virus writer will then sell the computing power he has gained to script kiddies.

    Script kiddies (what the guy being dubbed a "hacker" is) just run a simple command that tells all the infected computers to ping a specific IP address.

    The script part is super easy to do.
    "-ping certain IP address /repeat forever" .bat

    If the virus writer was caught, he'd get hired almost immediately by IT security companies or by Government.
    Script kiddies are... yeah, not worth anything.
     
    GoldenTiger and Armenius like this.
  12. Armenius

    Armenius [H]ardForum Junkie

    Messages:
    16,199
    Joined:
    Jan 28, 2014
    It's even easier these days if you have the money. Just rent a farm to do it all for you.
     
    Gweenz likes this.
  13. 86 5.0L

    86 5.0L [H]ardness Supreme

    Messages:
    7,148
    Joined:
    Nov 13, 2006
    Lol i remember a certain simple .exe one could download and ddos with a few clicks

    LOIC ;)
     
    Krazy925 likes this.
  14. Motley

    Motley 2[H]4U

    Messages:
    2,393
    Joined:
    Mar 29, 2005
    Well I work at CenturyLink, (new network engineer job). And we have DDos services here for all our customers. The melicias traffic gets identified and immediately gets blocked, whether its from 10 infected computers, or 10,000.

    I don't understand how DDos attacks can occur with companies as big as Steam, and Sony. They should have the ability to block that traffic after its detected.
     
    Last edited: Nov 9, 2018
  15. katanaD

    katanaD [H]ard|Gawd

    Messages:
    1,790
    Joined:
    Nov 15, 2016

    LOL.. that one has always cracked me up..

    not that his "hacks" have affected me.. but lets say it did.

    "justice" is now being felt.. by those who get to pay for him to have 3 meals a day, a bed to sleep in.. and better, and free, health care then we get.
     
  16. Armenius

    Armenius [H]ardForum Junkie

    Messages:
    16,199
    Joined:
    Jan 28, 2014
    To be fair, when it happens to Steam it is usually only down for a matter of minutes. PSN was down for 23 days at one point and it took Sony half a year to fully bring back services to par.
     
  17. seanreisk

    seanreisk Gawd

    Messages:
    605
    Joined:
    Aug 29, 2011
    DDoS attacks don't require any great amount of intelligence. You know this guy is dumb for two reasons: 1. He got caught. 2. He's gonna serve an extended prison term for being annoying. Think about that - he could be sentenced to 10 years in prison (10 years!) and he didn't kill anyone. He did not harm anyone. He did not threaten society, he didn't rob anyone, he did not commit grievous acts of assault, minor acts of treason, promote hatred or even pose a menace to someone's health and safety.

    He's one of those rare people who are going to serve hard time for being a pissant.

    That boy is gonna need a new nickname. 'Derp Troll' isn't gonna cut it with the boys in the block. Right now, my vote is for calling him 'Twinkle Plump'.


    P.S. 'Butt Finch' is also an old favorite.
     
    Last edited: Nov 9, 2018
    DrLobotomy likes this.
  18. HeadRusch

    HeadRusch Gawd

    Messages:
    1,012
    Joined:
    Jun 8, 2007
    So this was crime for crimes sake with nothing but infamy as the reward/ Yeah that's worth a life in prison. Well played, l33t d00d!
     
  19. J3RK

    J3RK [H]ardForum Junkie

    Messages:
    8,737
    Joined:
    Jun 25, 2004
    He can get some 1337 prison tattoos now though.
     
  20. DPI

    DPI Nitpick Police

    Messages:
    10,907
    Joined:
    Apr 20, 2013
    The thing is that blocking traffic doesn't necessarily stop the traffic, depending on the type of DDoS. It's why entire CDNs can get taken down if someone's motivated enough.
     
    travanx likes this.
  21. YeuEmMaiMai

    YeuEmMaiMai Death Incarnate

    Messages:
    18,120
    Joined:
    Jun 11, 2004
    I am here for the #cinnamonringprisonstretching that he is going to get while in the SAPP/FAPP program...
     
  22. seanreisk

    seanreisk Gawd

    Messages:
    605
    Joined:
    Aug 29, 2011
    "Dude, those 'tear' tats look ghetto, did you actually kill someone on the inside?"

    "Uh, no, I got those from actually crying."
     
    GoldenTiger, travanx and J3RK like this.
  23. Eickst

    Eickst [H]ard|Gawd

    Messages:
    1,764
    Joined:
    Aug 24, 2005
    True, what does it matter if you drop all DDoS traffic if it's filling your pipe?

    DDoS prevention needs to start closer to the originating machines than the destination.


    I'm still trying to find out what melicias traffic is though. I've been spending all these years looking for malicious traffic, guess I've been doing it wrong :)

    It's also trivial to do DDoS with valid traffic that doesn't appear malicious. Or even melicias
     
  24. ChoGGi

    ChoGGi [H]ard|Gawd

    Messages:
    1,284
    Joined:
    May 7, 2005
    I'm no network engineer, but I believe it's DNS amplification attacks causing pain (1.3 tbps on Akamai). or all the buggy insecure IoT devices spread over a wide amount of IPs?
     
    travanx likes this.
  25. thebufenator

    thebufenator [H]ard|Gawd

    Messages:
    1,025
    Joined:
    Dec 8, 2004
    Bunch of experts in here
     
  26. Motley

    Motley 2[H]4U

    Messages:
    2,393
    Joined:
    Mar 29, 2005
    Just block IP subnets from China and Russia, problem solved We do that right now.

    All the pirated windows machines in those countries are vulnerable to viruses. In the USA we all have legit copies of windows with security updates and antivirus.
     
  27. Eickst

    Eickst [H]ard|Gawd

    Messages:
    1,764
    Joined:
    Aug 24, 2005
    Maybe not experts however I'm sure a lot of members here at [H] work in the IT field in some capacity
     
    travanx likes this.
  28. Eickst

    Eickst [H]ard|Gawd

    Messages:
    1,764
    Joined:
    Aug 24, 2005
    Region blocking won't stop a denial of service attack from filling your upstream circuit. If they can send more than your pipe can hold it's a successful attack.

    That being said, we region block china, russia, and brazil as we have no customers there and saw that a large percentage of our detected events came from those three countries. Some companies can't region block though, if they have global customer base etc.
     
  29. Motley

    Motley 2[H]4U

    Messages:
    2,393
    Joined:
    Mar 29, 2005
    Yes I agree. Here at Centurylink all our customers with DDos services come through the largest circuits 100+GB Internet. That traffic is scrubbed/verified through our SOC DDos, so bandwidth isn't an issue.
     
  30. tetris42

    tetris42 [H]ardness Supreme

    Messages:
    4,318
    Joined:
    Apr 29, 2014
    It's almost as if there are better things you could be doing with your life than DDOS'ing game servers.