November 9, 2018updated 03 Jan 2019 3:14pm

DerpTrolling DDoS court case highlights “eye-opening” conviction pace

By Lucy Ingham

The man behind the DerpTrolling distributed denial of service (DDoS) attack on gaming companies including Sony Online Entertainment, Valve and EA has plead guilty in US federal court half a decade after the campaign began.

Austin Thompson, a 23-year-old resident of Utah, the US, admitted to his role in DDoS attacks that saw key online gaming services, including Valve’s Steam platform and Varga’s League of Legends taken offline – sometimes for hours at a time. The damages associated with the attacks totals at least $95,000.

The attack campaign ran between 2013 and 2014, and although Thompson ceased activities after that, law enforcement continued to pursue him.

However, the time between the campaign ceasing and the court case this week highlights the fact that companies cannot simply expect law enforcement to resolve ongoing cybersecurity campaigns.

DerpTrolling court case highlights slow pace of convictions

The five year gap between the campaign’s commencement and this week’s guilty plea highlights how challenging it is for law enforcement to identify and bring a case against cyberattackers.

“It’s rather eye-opening to see that a cybercriminal allegedly behind attacks on Sony, EA, and other gaming providers, almost five years ago, is only just being brought to justice,” said Sean Newman, director product management at Corero Networks.

“This certainly shows that you can’t sit back and do nothing with respect to DDoS protection and hope law enforcement will address this growing problem for you.”

Length of investigation signals law enforcement commitment to cybercrime

Conversely, the time US law enforcement committed to bringing Thompson to justice also indicates a commitment to tackling cybercrime. And given the frequency and potential severity of cyberattacks, this is a very welcome sign.

“It is somewhat comforting that enforcement agencies are pursuing cybercrime cases for such extended periods of time, as was also recently demonstrated with the conviction of those behind the Mirai botnet,” said Newman.

“Although, when those criminals can simply turn informers, then quite literally be handed a get out of jail free card, you have to question how much of a deterrent the risk of being caught actually is?”