January 20, 2020

A Georgia man who co-founded a service designed to protect companies from crippling distributed denial-of-service (DDoS) attacks has pleaded to paying a DDoS-for-hire service to launch attacks against others.

Tucker Preston, 22, of Macon, Ga., pleaded guilty last week in a New Jersey court to one count of damaging protected computers by transmission of a program, code or command. DDoS attacks involve flooding a target Web site with so much junk Internet traffic that it can no longer accommodate legitimate visitors.

Preston was featured in the 2016 KrebsOnSecurity story DDoS Mitigation Firm Has History of Hijacks, which detailed how the company he co-founded — BackConnect Security LLC — had developed the unusual habit of hijacking Internet address space it didn’t own in a bid to protect clients from attacks.

Preston’s guilty plea agreement (PDF) doesn’t specify who he admitted attacking, and refers to the target only as “Victim 1.” Preston declined to comment for this story.

But that 2016 story came on the heels of an exclusive about the hacking of vDOS — at the time the world’s most popular and powerful DDoS-for-hire service.

KrebsOnSecurity exposed the co-administrators of vDOS and obtained a copy of the entire vDOS database, including its registered users and a record of the attacks those users had paid vDOS to launch on their behalf.

Those records showed that several email addresses tied to a domain registered by then 19-year-old Preston had been used to create a vDOS account that was active in attacking a large number of targets, including multiple assaults on networks belonging to the Free Software Foundation (FSF).

The 2016 story on BackConnect featured an interview with a former system administrator at FSF who said the nonprofit briefly considered working with BackConnect, and that the attacks started almost immediately after FSF told the company’s owners they would need to look elsewhere for DDoS protection.

Perhaps having fun at the expense of the FSF was something of a meme that the accused and his associates seized upon, but it’s interesting to note that the name of the FSF’s founder — Richard Stallmanwas used as a nickname by the co-author of Mirai, a potent malware strain that was created for the purposes of enslaving Internet of Things (IoT) devices for large-scale DDoS attacks.

Ultimately, it was the Mirai co-author’s use of this nickname that contributed to him getting caught, arrested, and prosecuted for releasing Mirai and its source code (as well as for facilitating a record-setting DDoS against this Web site in 2016).

According to a statement from the U.S. Justice Department, the count to which he pleaded guilty is punishable by a maximum of 10 years in prison and a fine of up to $250,000, or twice the gross gain or loss from the offense. He is slated to be sentenced on May 7.


48 thoughts on “DDoS Mitigation Firm Founder Admits to DDoS

  1. The Sunshine State

    At 22 years old he should have stuck to making gaming videos on Twitch or whatever these young kids are doing today to make money off video content.

  2. Tony The Tiger

    When I first saw the title, I thought it was Cloudflare, the other shady DDoS mitigation firm. Very interesting story though.

      1. Readership1

        Because cloudflare protects rapists and terrorists, but won’t protect political free speech.

        1. fasgfaaaaaaaa

          This is a lie though, Cloudflare fired Daily Stormer as a customer because DS falsely claimed that CF supports them. CF continues to serve far bigger sites pushing exactly the same political opinions as DS, like stormfront.org for example.

      2. Dennis

        For some reason there’s a hubbub about Cloudflare in Australia. I think it stems from the fact that Cloudflare hosted the website of a shooter in New Zeland and they all got upset over it. People need to understand that they are a CDN and can’t sensor people’s content. Otherwise we’ll get another YouTube or StackOverflow with 50 gender pronounces or any such nonsense. (They took that website down after people reported it.)

        1. TreFunny

          the shooting in NZ was live streamed on Facebook but Facebook is still up and protected.

          The other shootings this year they claimed were 8chan and other non-mainstream sites fault(s)… but the manifestos were published on Instagram, Facebook and DrudgeReport… all of which are still up and protected by these firms… 8chan was a patsy.

          The real target: Q

          Doesnt matter what you think (LARP, etc), that was the target. They were aiming to take down 8chan due to Qanon, if they truly cared about the shooting incidents FB, Instagram and Drudge would have all been removed from protection… Heck FB and IG sell more drugs every day than silk road ever did but they are never held accountable. Politicians would rather milk FB with fines, etc

      3. Franki

        You do realize that CloudFlare provides CDN and DNS management for at least 75% or more of the Russian criminal forums and marketplaces. Just do a ‘whois’ on one of the domains. The best part is, is that they say they need a subpoena in order to do anything, including looking into it – even though it’s clearly evident, these market places and forums are dealing in illegal activity. Remember, they are a public company now, so they need to keep the money coming in, even if it’s from criminals.

        1. SeymourB

          For the longest time they were known for providing DDoS protection for individuals/groups who hosted DDoS attack services – oh, I’m sorry, stress testers, stress booters, etc. – because if they didn’t then other DDoS sites would take their competition offline.

          Not sure if they’re still providing services to criminals, but it wouldn’t surprise me if they were still a primary revenue stream for cloudflare.

    1. MattyJ

      Murderers get less than 10 years. Not sure ruining this idiot’s life at 22 by removing the next decade of it would be appropriate.

      1. Carl Kreider

        I don’t know how. My son got 8 years for attempted breaking and entering.

      2. Nunya

        Some child molester in El Paso got off with probation after molesting a 4 year old. The scales of the justice system are definitely not well balanced…

      3. Dave Horsfall

        That’s his problem; do the crime, do the time.

  3. Readership1

    The story has a factual error in the first sentence.

    He wasn’t a man when the crime was done and he’s not a man now. It’s clear from his actions that he never progressed beyond adolescence.

  4. ev0

    Lets not forget that these same guys (Marshal Webb, Tucker Preston and Bryant Townsend) also hacked Staminus, the evidence is quite damning https://www.webhostingtalk.com/showthread.php?t=1598981

    These days Marshal Webb (whose fingerprints are all over the FTA zine) is working on a similar DDoS protection scheme “path.net” with Cosmo of UGNazi fame.

    1. unk

      Lets also not forget that you (ev0) were the person who leaked Thr & Litespeeds qBot (publicly named lizkebab) to the public, allowing every other 14 year old and his mother to exploit vulnerable systems and collect bots for their botnet.

      1. Mir Islam

        You know you can write literally anything in the “name” field here, right?

  5. pormenous

    another alternative for mitigate cve 2020-0674 refer subject jscript is change in internet options of IE 11 – internet – custom level – disable script. Of course for lover of powershell and cmd then use the first alternative.

  6. BlueTomato

    There is a new very popular company backed by a very famous hacker that is doing the same thing with anti spear phishing protection

  7. JCitizen

    Talk about drumming up business! This seems to be the thing now a days.

  8. Mark

    It is sad that these kids who seem to have some intellect and technical skill have wasted their talents with dumb games and online criminal enterprise.

    1. WarnerVega$

      Ever been to Macon-Bibb County. GA.

      So ran a “local” (live in a contiguous county to Bibb) search of Tucker Preston on local media outlet here in middle Georgia https://www.macon.com
      Wonder if he’s the same one mentioned in the article EDUCATION – Education Notebook: Northeast High senior finds success at Intel Science Fair
      AUGUST 18, 2014 12:00 AM

  9. tips

    Hey Brian, do you have a channel for receiving tips? I seem to remember you having a jabber address. If not, I suppose I can just leave a comment and you can choose not to publish it.

    1. tips

      Hmm, I thought all comments were being screened in advance. Guess that won’t work then.

    2. Readership1

      Click “about” in top right corner of this dite.

      He really does reply to tips.

  10. Bo-red

    Ok boomer, you guys a bunch of heads. Funny to see all of you squirm and while the patsy makes headlines. Discuss…..

  11. Hayton

    Crime and Punishment.

    Go back to Brian’s story about the neo-Nazi group organising multiple Swat raids against innocent people. Kirby Kelley, if you recall, set up Swat attacks, made bomb threats, stalked potential victims – a racist and a white supremacist. Not a nice person at all. And?

    “The charge against Kelley of conspiracy to make threats carries up to five years in prison.”

    Compare that with Tucker Preston, who “pleaded guilty last week in a New Jersey court to one count” (of making a DDoS attack).

    ” .. the count to which he pleaded guilty is punishable by a maximum of 10 years in prison and a fine of up to $250,000″.

    Those two punishments seem to me to be the wrong way round.

    1. BrianKrebs Post author

      I would be very surprised if Mr. Preston gets anything more than a slap on the wrist and some probation/community service. That is, provided he doesn’t violate whatever he agreed to in his plea deal. Very often people who admit guilt or are found guilty of cybercrimes go right back to doing what got them into trouble in the first place.

  12. v cardwell

    Is it possible to partition the iOS on a iPhone 8 pluse

  13. Glenn Cionek

    If you are getting DDoS attacks. Shoot me a message if you would like to discuss a DDoS Mitigation company trusted by hundreds of the worlds largest ISPs, Hosting Centers and Digital Enterprises.

    http://www.corero.com

Comments are closed.