If you’re going to go around DDoSing businesses, it’s probably not the slickest idea to carry a thumb drive full of evidence in your pocket while you’re hurling a Molotov cocktail at one of their brick-and-mortars.
A now-35-year-old Belgian man who was already sentenced to prison for hurling that bomb has had his sentence extended by 18 months because of what investigators found on a USB drive that the man dropped during or after his 2014 attack on a Crelan Bank in the town of Rumbeke, Belgium, according to Belgian news site Het Laatste Nieuws (HLN).
HLN reported last week that the USB held evidence showing that the man, identified in court documents only as Brecht S., was a member of the hacker groups that brand themselves as Anonymous Belgium and Cyber Crew.
It also implicated the man in launching a distributed denial of service attack (DDoS) against Crelan Bank that took it offline for hours, and that he extorted a pizza shop, DDoS-ing it several times until the pizzeria paid him to call off the attacks.
Investigators who searched Brecht’s devices and history reportedly found evidence that Brecht had participated in large-scale international cyber attacks, including attacks launched against the Fédération Internationale de Football Association (FIFA): the world soccer’s governing body.
FIFA has been hacked multiple times: The first time, in 2017, led to the publishing of footballers’ failed drug tests. At the time, the attack was attributed to the Russian hacking group Fancy Bear, also known as APT28.
The second intrusion was dubbed the largest ever leak in journalism: it involved more than 70 million documents, totaling 3.4 terabytes of data that covered events leading up to last year.
As HLN reports, Brecht told the court that he unleashed the DDoS against Crelan Bank in retaliation after €300,000 ($342,000) disappeared from his mother’s account. The money was looted after a divorce with his father, he said. Brecht also said that he couldn’t get a hearing from the bank on the matter.
Crelan’s servers were swamped, unable to conduct transfers for hours.
As far as the multiple extortionist DDoS attacks against the pizzeria go, Brecht said that he was having problems with drugs at the time.
According to his defense lawyer, Brecht had noble intent, as do many who’ve taken part in collective hacks over the years, be it DDoS attacks against hospitals in the #opJustina crusade or fighting the Islamic State by defacing loyalists’ profiles with porn.
HLN reports that the case law isn’t clear about whether hacking with ethical purposes is prohibited or not. That’s surprising to hear, particularly if you’re in the US, where prosecutors come down like a ton of bricks on hackers, noble intent or no.
HLN reports that a second, unidentified hacker from Bruges – an accomplice of Brecht’s – was also arrested. He was fined 1,200 euros (US $1,365).
Brecht had already been sentenced to a three-year jail term for arson related to the Molotov cocktail attack. The 18-month extension will be added to that term. According to ZDNet, Brecht hadn’t yet begun serving the jail time for arson: the prison time had been delayed so that he could receive psychological counseling.