in ,

Security company owner turns out to be the DDOS attacker

Tucker Preston, the former owner of a US company that provided services for protection against DDoS attacks turns out to be an attacker himself, as he has pleaded guilty for organizing custom cyberattacks.

22-year-old Tucker Preston is the former owner of BackConnect, a company that claims to provide protection from distributed denial-of-service (DDoS) attacks, became accused of being part of similar attacks and pleaded guilty in a New Jersey court last week with one count of damaging protected computers by transmission of a program, code or command.

Another hack brings him to the sunlight

The information that Preston himself participated in DDoS attacks in the past surfaced after the vDOS resource was hacked – the most popular service for organizing custom DDoS attacks. As a result of the vDOS hack, data about its owners, as well as a list of customers have been leaked.

The owners were subsequently arrested in Israel. And Preston, as a customer, caught the eye of an information security expert, Brian Krebs.

In one incident, Preston attacked in revenge

According to the customer data, Preston launched attacks on several different organizations at once, both commercial and non-profit including Richard Stallman Free Software Foundation (FSF). It is also known that the foundation considered the possibility of cooperation with BackConnect, but in the end they decided to abandon the idea. Preston apparently launched an attack in revenge.

However, the charges brought against Preston are for a different reason. He was brought on trial for the attack on an unannounced company (stated as Victim 1) which has its headquarters in New Jersey and business units around the US.

Intentionally caused damage on “Victim 1”

“From in or around December 2015, through in or around February 2016, in the District of New Jersey and elsewhere, the defendant, TUCKER PRESTON, knowingly caused the transmission of a program, information, code, and command, and as a result of such conduct, intentionally caused damage without authorization to protected computers of Victim 1 , and caused loss to 1 or more persons during a 1-year period affecting protected computers aggregating at least $5,ooo in value,” the court’s publication says.

There is no other information about Preston’s motives and the activities of the affected company. In a statement by the U.S. Department of Justice, the maximum penalty for an offense in which Preston pleaded guilty is 10 years in prison, a fine of $250,000, or twice the gross gain from the offense.

The sentencing is scheduled for May 7, 2020.