December 1, 2020

A 22-year-old North Carolina man has been sentenced to nearly eight years in prison for conducting bomb threats against thousands of schools in the U.S. and United Kingdom, running a service that launched distributed denial-of-service (DDoS) attacks, and for possessing sexually explicit images of minors.

Timothy Dalton Vaughn from Winston-Salem, N.C. was a key member of the Apophis Squad, a gang of young ne’er-do-wells who made bomb threats to more than 2,400 schools and launched DDoS attacks against countless Web sites — including KrebsOnSecurity on multiple occasions.

The Justice Department says Vaughn and his gang ran a DDoS-for-hire service that they used to shake down victims.

“In early 2018, Vaughn demanded 1.5 bitcoin (then worth approximately $20,000) from a Long Beach company, to prevent denial-of-service attacks on its website,” reads a statement from Nicola Hanna, U.S. attorney for the Central District of California. “When the company refused to pay, he launched a DDoS attack that disabled the company’s website.”

One of many tweets from the attention-starved Apophis Squad, which launched multiple DDoS attacks against KrebsOnSecurity over the past few months.

Dalton, whose online aliases included “WantedbyFeds” and “Hacker_R_US,” pleaded guilty last year to one count of conspiracy to convey threats to injure, convey false information concerning use of explosive device, and intentionally damage a computer; one count of computer hacking; and one count of possession of child pornography.

Federal judge Otis D. Wright II sentenced Vaughn to 95 months for possessing 200 sexually explicit images and videos depicting children, including at least one toddler, the Justice Department said. Vaughn was sentenced to 60 months in federal prison for the remaining charge. The sentences will be served concurrently.

As KrebsOnSecurity noted in 2019, Vaughn’s identity was revealed by following the trail of clues from a gaming website he used that later got hacked.

Vaughn used multiple aliases on Twitter and elsewhere to crow about his attacks, including “HDGZero,” “WantedByFeds,” and “Xavier Farbel.” Among the Apophis Squad’s targets was encrypted mail service Protonmail, which reached out to this author in 2018 for clues about the identities of the Apophis Squad members after noticing we were both being targeted by them and receiving demands for money in exchange for calling off the attacks.

Protonmail later publicly thanked KrebsOnSecurity for helping to bring about the arrest of Apophis Squad leader George Duke-Cohan — a.k.a. “opt1cz,” “7R1D3n7,” and “Pl3xl3t,” — a 19-year-old from the United Kingdom who was convicted in December 2018 and sentenced to three years in prison. But the real-life identity of HDGZero remained a mystery to both of us, as there was little publicly available information at the time connecting that moniker to anyone.

The DDoS-for-hire service run by Apophis Squad listed their members.

That is, until early January 2019, when news broke that hackers had broken into the servers of computer game maker BlankMediaGames and made off with account details of some 7.6 million people who had signed up to play “Town of Salem,” a browser-based role playing game. That stolen information has since been posted and resold in underground forums.

A review of the leaked BlankMediaGames user database shows that in late 2018, someone who selected the username “hdgzero” signed up to play Town of Salem, registering with the email address xavierfarbel@gmail.com. The data also showed this person registered at the site using a Sprint mobile device with an Internet address that traced back to the Carolinas.


26 thoughts on “Bomb Threat, DDoS Purveyor Gets Eight Years

  1. Bob

    Unfortunately once again, DDos and other related crimes bring relatively light sentences. I was also surprised how lightly he got off for the child porn charges. At least he will be out of circulation for a while.

    1. Geoff

      Especially with the thousands of bomb threats as well, I’m surprised he wasn’t given a much harsher sentence.

    2. Jon Marcus

      Eight years in prison ain’t nothing. And he pled guilty, which might mean he cooperated with further investigations?

      Don’t get me wrong, this guy sounds like real slime. But he didn’t get a slap on the wrist.

      Great illustration of how much harder it is to defend. His OPSEC must’ve been pretty good if he withstood Mr. Krebs’ attentions for so long. But he messed up once, and that can be all it takes…

      1. Mr. Morningstar

        8 years as a child molester in prison is a whole different matter. Prisoners will be hard on him, some literally.

  2. Scott Schober

    Hi Brian- great reporting….

    since you were a victim of the DDoS attacks also hopefully this provides some relief and a sense of justice. Frustrating they are not given more time behind bars.

    Keep up the great work in keeping us informed and safe !

    Thank you

    Scott
    http://www.ScottSchober.com

  3. Chris Holland

    He’d have had a relatively easy time in the Big House if his only charges had been for the (wrongly perceived) ‘victimless’ crime of hacking and sticking it to “the man”. He’d have likely been in a Club Fed before the powers that be can even say “25th Amendment” and pension off old Joe.

    However, the kiddie porn charges transform this idiot’s inside experience into a whole new universe. I wouldn’t even be surprised if the Feds accidentally on purpose dropped some photos on the kid’s computer. Regardless though, the boys on the yard, many of whom will be loving dads missing their kids, are highly unlikely to give him the warmest of receptions. Eight years, with no parole in the Federal prison system, is going to seem like a hundred lifetimes.

    1. bette

      loving dads missing their kids?

      also likely former victims of abuse themselves.

    2. Ed Marks

      My first job involved working with prison/jail security systems. Like the military – the big house regulates itself.

    3. George G.

      “the boys on the yard, many of whom will be loving dads missing their kids, are highly unlikely to give him the warmest of receptions. ”
      Those boys on the yard are very hard on pedophiles, so I wonder if they do the same for child porn.

  4. Bill

    “a gang of young ne’er-do-wells”….that’s putting it mildly. I can think of much more fitting monikers for him/them.

    1. Mahhn

      yeah, the definition is Lazy & irresponsible.
      I think threatening to kill people is beyond that, especially on the scale they did. I have a real dislike for “soft” terms for bad people. But I get that Brian isn’t as hate filled at some of these scum as many of us are. He’s been living surrounded by so much crime, it becomes normal and less offensive. But he also has more interaction at a personal level with these people and sees some of them beyond their bad choices. – Yet still does great for the world with his investigations helping to take them off the street. I get it.

  5. JCitizen

    Absolutely Stirling gumshoe work Brian! I hope he rots in hell too!

  6. Jay

    Great News on convictions, but certainly not enough of a deterrent to discourage the attention seekers out there.

  7. PetePall

    Oh, and Dude, “ne’er-do-wells” isn’t the proper nomenclature. “Miscreants,” please.

  8. Lindy

    I don’t understand why the sentences are allowed to be served concurrently…. they are not related charges. Also I hope he has to register (if he gets out of prison in one piece) as a sex offender AND parole denies him access to computers for …um… 10 years sounds good.
    Thanks. Brian, for doing the work you do to keep the internets ( sic) safer.

    1. W

      CP does not require sex offender registration in NC/Federal.

  9. Steve

    If he was demanding payment to stop the DDoS attacks, why was he not also charged with extortion?

  10. Sam

    Only 8 years for bomb threats, computer hacking AND child porn…how does THAT happen?

    So he’ll probably be under 30 when released from prison. Still plenty of time to crime in this young man’s future.

  11. mealy

    “Timothy Dalton Vaughn” is the most Winston-Salem name..

    in history? At least since the movie Roadhouse.

  12. BS

    It sounds like Vaughn made a plea deal. Although he allegedly made 2400 bomb threats, launched countless DDOS attacks, and possessed 200 pieces of kiddie porn., he only “pleaded guilty last year to one count of conspiracy to convey threats to injure, convey false information concerning use of explosive device, and intentionally damage a computer; one count of computer hacking; and one count of possession of child pornography.”

    So the light-sounding sentence is for the handful of counts that he pled guilty to, not for every crime that he allegedly committed.

    He’ll be a registered sex offender when he gets out, so that should make the rest of his life uncomfortable.

Comments are closed.