Hacker
A 21-year-old man who tried to take down Pokémon Go and Skype was sentenced to two years in jail. xusenru/Pixabay

A 21-year-old British man has been sentenced to two years in jail after admitting to being responsible for a distributed denial of service (DDoS) attack that attempted to knock a number of services including Pokémon Go, Skype and Google offline.

Alex Bessell of Liverpool pleaded guilty to a number of computer-related criminal offenses, the majority of which stemmed from his more than 100 attempts to attack popular online services and games.

According to British law enforcement, Bessell operated primarily out of his home in Toxteth, Liverpool, where he commanded a virtual army of more than 9,000 computers and internet-connected devices that allowed him to carry out denial of service attacks.

In a denial of service attack like those launched by Bessell, an attacker attempts to overwhelm the systems of its victim by directing a massive amount of traffic at their servers. The attacks are typically carried out by bots or by compromised machines that are infected by malware that gives the attacker control over its activity. Those machines are then directed to send wave after wave of requests to a specific destination in order to knock it offline or make it inaccessible to others.

In the case of Bessell, those targets included the popular video chat application Skype, services offered by Google, and Nintendo’s wildly successful smartphone game Pokémon Go, among others.

In addition to attempting to take down popular online services, Bessell also ran an underground criminal business called Aiobuy—an online marketplace that sold a number of malicious tools to hackers. Among the products offered on Aiobuy were remote access trojans, malware, tools to hide attacks from anti-virus software, and botnet code that could be used to inject devices and use them to launch a denial of service attack.

Aiobuy allegedly had more than 9,000 products for sale and law enforcement discovered evidence of more than 35,000 purchases made from the site. It also garnered more than one million visitors. Bessell earned nearly $70,000 from the sales.

“This is one of the most significant cybercrime prosecutions we’ve seen,” Mark Bird of the West Midlands Regional Cybercrime Unit said in a statement . “He was offering an online service for anyone wanting to carry out a web attack.”

Bird went on to say that Bessell’s services allowed “anyone who had a grudge against an individual or company, or who simply wanted to conduct a cyber-attack” to carry out an attack with little technical know-how. “They simply needed to pick a piece of malware, pay the fee, and Bessell would do the rest.”

When police raided Bessell’s home, they discovered a computer loaded with banking trojans designed to steal the login credentials to a number of financial institutions. The hacker reportedly had more than 750 stolen usernames and passwords stored on the machine.

Bessell has been active in cybercrime since he was 14 years old and has allegedly processed more than $3 million through PayPal and cryptocurrencies. He also held a legitimate job as a delivery driver despite his income from illicit activities.