Jan 20

DDoS Mitigation Firm Founder Admits to DDoS

A Georgia man who co-founded a service designed to protect companies from crippling distributed denial-of-service (DDoS) attacks has pleaded to paying a DDoS-for-hire service to launch attacks against others.

Tucker Preston, 22, of Macon, Ga., pleaded guilty last week in a New Jersey court to one count of damaging protected computers by transmission of a program, code or command. DDoS attacks involve flooding a target Web site with so much junk Internet traffic that it can no longer accommodate legitimate visitors.

Preston was featured in the 2016 KrebsOnSecurity story DDoS Mitigation Firm Has History of Hijacks, which detailed how the company he co-founded — BackConnect Security LLC — had developed the unusual habit of hijacking Internet address space it didn’t own in a bid to protect clients from attacks.

Preston’s guilty plea agreement (PDF) doesn’t specify who he admitted attacking, and refers to the target only as “Victim 1.” Preston declined to comment for this story.

But that 2016 story came on the heels of an exclusive about the hacking of vDOS — at the time the world’s most popular and powerful DDoS-for-hire service.

KrebsOnSecurity exposed the co-administrators of vDOS and obtained a copy of the entire vDOS database, including its registered users and a record of the attacks those users had paid vDOS to launch on their behalf.

Those records showed that several email addresses tied to a domain registered by then 19-year-old Preston had been used to create a vDOS account that was active in attacking a large number of targets, including multiple assaults on networks belonging to the Free Software Foundation (FSF).

The 2016 story on BackConnect featured an interview with a former system administrator at FSF who said the nonprofit briefly considered working with BackConnect, and that the attacks started almost immediately after FSF told the company’s owners they would need to look elsewhere for DDoS protection.

Perhaps having fun at the expense of the FSF was something of a meme that the accused and his associates seized upon, but it’s interesting to note that the name of the FSF’s founder — Richard Stallmanwas used as a nickname by the co-author of Mirai, a potent malware strain that was created for the purposes of enslaving Internet of Things (IoT) devices for large-scale DDoS attacks.

Ultimately, it was the Mirai co-author’s use of this nickname that contributed to him getting caught, arrested, and prosecuted for releasing Mirai and its source code (as well as for facilitating a record-setting DDoS against this Web site in 2016).

According to a statement from the U.S. Justice Department, the count to which he pleaded guilty is punishable by a maximum of 10 years in prison and a fine of up to $250,000, or twice the gross gain or loss from the offense. He is slated to be sentenced on May 7.

Tags: , , , , , ,


  1. The Sunshine State

    At 22 years old he should have stuck to making gaming videos on Twitch or whatever these young kids are doing today to make money off video content.

  2. When I first saw the title, I thought it was Cloudflare, the other shady DDoS mitigation firm. Very interesting story though.

    • How are Cloudflare shady?

      • Because they don’t judge their customers 😉

      • Because cloudflare protects rapists and terrorists, but won’t protect political free speech.

      • For some reason there’s a hubbub about Cloudflare in Australia. I think it stems from the fact that Cloudflare hosted the website of a shooter in New Zeland and they all got upset over it. People need to understand that they are a CDN and can’t sensor people’s content. Otherwise we’ll get another YouTube or StackOverflow with 50 gender pronounces or any such nonsense. (They took that website down after people reported it.)

        • the shooting in NZ was live streamed on Facebook but Facebook is still up and protected.

          The other shootings this year they claimed were 8chan and other non-mainstream sites fault(s)… but the manifestos were published on Instagram, Facebook and DrudgeReport… all of which are still up and protected by these firms… 8chan was a patsy.

          The real target: Q

          Doesnt matter what you think (LARP, etc), that was the target. They were aiming to take down 8chan due to Qanon, if they truly cared about the shooting incidents FB, Instagram and Drudge would have all been removed from protection… Heck FB and IG sell more drugs every day than silk road ever did but they are never held accountable. Politicians would rather milk FB with fines, etc

      • You do realize that CloudFlare provides CDN and DNS management for at least 75% or more of the Russian criminal forums and marketplaces. Just do a ‘whois’ on one of the domains. The best part is, is that they say they need a subpoena in order to do anything, including looking into it – even though it’s clearly evident, these market places and forums are dealing in illegal activity. Remember, they are a public company now, so they need to keep the money coming in, even if it’s from criminals.

        • For the longest time they were known for providing DDoS protection for individuals/groups who hosted DDoS attack services – oh, I’m sorry, stress testers, stress booters, etc. – because if they didn’t then other DDoS sites would take their competition offline.

          Not sure if they’re still providing services to criminals, but it wouldn’t surprise me if they were still a primary revenue stream for cloudflare.

  3. I hope he gets the full 10 years.

    • Murderers get less than 10 years. Not sure ruining this idiot’s life at 22 by removing the next decade of it would be appropriate.

  4. well done but only a quick homerun for the DA?

  5. Let’s hope he gets the Max!

  6. how more than idiot this guy can be ?

  7. The story has a factual error in the first sentence.

    He wasn’t a man when the crime was done and he’s not a man now. It’s clear from his actions that he never progressed beyond adolescence.

  8. Lets not forget that these same guys (Marshal Webb, Tucker Preston and Bryant Townsend) also hacked Staminus, the evidence is quite damning https://www.webhostingtalk.com/showthread.php?t=1598981

    These days Marshal Webb (whose fingerprints are all over the FTA zine) is working on a similar DDoS protection scheme “path.net” with Cosmo of UGNazi fame.

  9. another alternative for mitigate cve 2020-0674 refer subject jscript is change in internet options of IE 11 – internet – custom level – disable script. Of course for lover of powershell and cmd then use the first alternative.

  10. There is a new very popular company backed by a very famous hacker that is doing the same thing with anti spear phishing protection

  11. Presidential material?

  12. Talk about drumming up business! This seems to be the thing now a days.

  13. It is sad that these kids who seem to have some intellect and technical skill have wasted their talents with dumb games and online criminal enterprise.

    • Ever been to Macon-Bibb County. GA.

      So ran a “local” (live in a contiguous county to Bibb) search of Tucker Preston on local media outlet here in middle Georgia https://www.macon.com
      Wonder if he’s the same one mentioned in the article EDUCATION – Education Notebook: Northeast High senior finds success at Intel Science Fair
      AUGUST 18, 2014 12:00 AM

  14. Hey Brian, do you have a channel for receiving tips? I seem to remember you having a jabber address. If not, I suppose I can just leave a comment and you can choose not to publish it.

  15. Ok boomer, you guys a bunch of heads. Funny to see all of you squirm and while the patsy makes headlines. Discuss…..

  16. Crime and Punishment.

    Go back to Brian’s story about the neo-Nazi group organising multiple Swat raids against innocent people. Kirby Kelley, if you recall, set up Swat attacks, made bomb threats, stalked potential victims – a racist and a white supremacist. Not a nice person at all. And?

    “The charge against Kelley of conspiracy to make threats carries up to five years in prison.”

    Compare that with Tucker Preston, who “pleaded guilty last week in a New Jersey court to one count” (of making a DDoS attack).

    ” .. the count to which he pleaded guilty is punishable by a maximum of 10 years in prison and a fine of up to $250,000″.

    Those two punishments seem to me to be the wrong way round.

    • I would be very surprised if Mr. Preston gets anything more than a slap on the wrist and some probation/community service. That is, provided he doesn’t violate whatever he agreed to in his plea deal. Very often people who admit guilt or are found guilty of cybercrimes go right back to doing what got them into trouble in the first place.

  17. Is it possible to partition the iOS on a iPhone 8 pluse

  18. If you are getting DDoS attacks. Shoot me a message if you would like to discuss a DDoS Mitigation company trusted by hundreds of the worlds largest ISPs, Hosting Centers and Digital Enterprises.