Attacks/Breaches

6/19/2018
02:26 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Arizona Man Sentenced to Prison for Distributed Denial of Service Attacks Against Emergency Communications System and Other Municipal Websites

An Arizona man was sentenced yesterday in Phoenix, Arizona, for directing distributed denial of service (DDoS) attacks at the computer networks of the City of Madison, Wisconsin, announced Acting Assistant Attorney General John P. Cronan of the Justice Department’s Criminal Division and First Assistant U.S. Attorney Elizabeth A. Strange for the District of Arizona.

Randall Charles Tucker, aka “Bitcoin Baron,” 23, of Apache Junction, Arizona, was sentenced to serve 20 months in prison by U.S. District Judge Douglas L. Rayes of the District of Arizona.  He was also ordered to pay restitution in the amount of  $69,331.56 to the victims of his computer attacks. Tucker pleaded guilty on April 17, 2017 to one count of intentional damage to a protected computer.

According to admissions made in connection with his plea, between March 9 and March 14, 2015, Tucker executed a series of DDoS attacks against various city websites, including Madison, Wisconsin. A DDoS attack is a malicious attack where illegitimate network traffic is used to slow down or altogether crash a computer server, thereby denying service to legitimate users of the server.  In addition to disabling the City of Madison’s website, the attack crippled the city’s Internet-connected emergency communication system, causing delays and outages in the ability of emergency responders to connect to the 911 center and degrading the system used to automatically dispatch the closest unit to a medical, fire, or other emergency. Tucker, referring to himself as the “Bitcoin Baron,” boasted about his attacks via social media.

This case was investigated by FBI’s Milwaukee and Phoenix Field Offices and Arizona’s Department of Public Safety.  Assistant U.S. Attorney James R. Knapp of the District of Arizona and Trial Attorney Laura-Kate Bernstein of the Criminal Division’s Computer Crime and Intellectual Property Section are prosecuting the case.  The U.S. Attorney’s Office for the Western District of Wisconsin also provided substantial assistance in this manner.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...
CVE-2018-16515
PUBLISHED: 2018-09-18
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
CVE-2018-16794
PUBLISHED: 2018-09-18
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.