Teen pleads guilty to hacking spree

Stole data over Net for 3 years, indictment says

By Milton J. Valencia, Globe Staff  |  November 19, 2008

From his home in Worcester, he called 911 in Seattle and Georgia, reporting nonexistent crimes that resulted in SWAT teams being dispatched.

He used stolen credit card numbers to shop online, at one point buying a Sony PlayStation 3. He hacked into computer networks at major companies, stealing information and wreaking havoc.

For a teenager, he caused a lot of damage.

Yesterday, the 17-year-old known online as "Dshocker," pleaded guilty in federal court to computer intrusion, interstate threats, and wire fraud.

The teen, who was identified in court papers by his initials, N.H., is expected to be sentenced at a later date, but has agreed to a plea agreement that calls for an 11-month sentence in a juvenile detention facility. As an adult, he could have faced 10 years in prison and a $250,000 fine.

Federal officials would not identify him yesterday. They would not comment on the case, because he is a juvenile.

But a federal indictment alleges Dshocker engaged in computer and wire fraud over a three-year period, terrorizing police departments with scams and computer networks with viruses.

From November 2005 to January 2008 he had controlled "botnets," networks of thousands of computers infected with a malicious software code, according to the indictment. Using the Internet to control the botnets without the knowledge of the machines' owners, he would perform attacks on other computers with the aid of a control server that would command thousands of infected machines to flood other networks with requests, causing them to crash.

Dshocker obtained stolen credit card numbers and purchased items over the Internet. To evade arousing suspicion of credit card companies, he had packages sent to the homes of the card holders whose identities he had stolen. But before the packages arrived at their destinations, a confederate who worked at a major shipping company would reroute the packages to Dshocker's home, the indictment said.

From January 2008 to May 2008, he made 911 calls to police departments across the country, reporting bomb threats or that an armed gunman was at a school - hoaxes known as "swatting." To disguise his identity on those calls, he used a process of fooling caller identification equipment with stolen names and phone numbers, known as caller ID spoofing, the indictment said. He obtained addresses and phone numbers for the hoax by hacking into the records of Internet service providers.

Court records said he gained access to corporate computer systems, including the networks of Charter Communications, Road Runner, and Comcast, and would steal information about customers. In one case, he obtained information about software from an unidentified large electronics company and used those data to modify his own cable modem to get free Internet access.

In a written statement, prosecutors denounced the teen's alleged activities as a "serious risk of physical harm" to victims and a disruption of public services.

"Furthermore," the statement said, "the defendant's hacking activities were disruptive to major companies' computer systems, and they wreaked havoc on tens of thousands of computers that were compromised."

Milton Valencia can be reached at mvalencia@globe.com.