Dmitry Guzner will plead guilty to hacking attacks that brought down the Church of Scientology's Web site.
The U.S. Department of Justice filed criminal charges against the 18-year-old New Jersey man, who is part of an underground hacking group called Anonymous. Guzner was charged Friday, and has agreed to plead guilty sometime in the next few weeks. He could spend up -to 10 years in prison on computer-hacking charges.
Guzner began launching attacks against the Church of Scientology's Web site on Jan. 19. The defendant successfully took Scientology.org offline with a series of traffic surges to the site, known as distributed denial of service (DDoS) attacks. According to computer security firm Arbor Networks, Guzner sent as much as 220 Mbps of traffic to Scientology.org, which was sufficient to temporarily disable the site.
Church Speaks Out
The Church of Scientology has been vocal about the case, saying, "Guzner admitted that he acted on behalf of Anonymous, an Internet hate group whose members have in recent years engaged in illegal threats, attacks, criminal harassment, and hate crimes against minorities, religions, media organizations, individuals and other groups in the form of terrorist threats and acts, bomb threats, death threats, acts of vandalism, Web site attacks, and computer hacking."
Since January, the Church of Scientology said that Anonymous has been responsible for more than three million harassing e-mails and 141 million malicious hits against its Web sites, as well as 41 death threats, 56 bomb and arson threats, 103 threats of other violence, and 40 incidents of vandalism against church staff, executives, parishioners and/or facilities.
"The Church of Scientology is by no means the only target of this group," the organization said. "Anonymous has also claimed responsibility for illegal attacks against MySpace, Fox News, The Epilepsy Foundation, prominent hip-hop Web sites, and many other groups and individuals. Some of the actions of Anonymous have had tragic consequences."
Hacking Made Easy
Noteworthy is the fact that Guzner tapped into DDoS attacks. These attacks have been around for many years, but in today's world they are readily available in the cybercriminal underground and easy to deploy, according to Ken Dunham, director of global response for iSight Partners.
"The 21st century is when the bots came on the scene," Dunham said. "We went from Trojans to automated bots and the ability to control malicious code remotely. We see now that DDoS rentals are as cheap as $90 to $150 an hour. You can rent individual bots for as cheap as .30 per host," so 10 hosts would only cost $3.
The bad news is, hacking methods are growing increasingly sophisticated, even outpacing some of the solutions security researchers suggest to deflect the attacks, Dunham said. The good news is law enforcement is paying closer attention, and high-profile arrests could serve as a warning to would-be hackers.
"People realize if you live in the United States, you are more likely to get arrested," Dunham said. "But there are a lot of countries in which people feel like they have impunity. If you combine the anonymity and the sense of impunity, you have a serious problem when you look at it from a global network perspective."