Join our brand new verified AMN Telegram channel and get important news uncensored!

Hacker-for-hire pleads guilty to shutting down company websites

Hackers (Wikimedia Commons/Released)

CHICAGO — A Maryland man who once used a screen name that called the FBI “losers” pleaded guilty Tuesday in federal court in Chicago to running a hacker-for-hire service that shut down company websites and harassed thousands of unsuspecting people around the world.

Prosecutors said they will recommend a sentence of 2 1/2 years in prison for Zachary Buchta if he continues to cooperate in the investigation. He pleaded guilty to one count of conspiracy to commit damage to protected computers — a charge that can carry a sentence of up to 10 years in prison.

Buchta, 20, admitted in his plea agreement with prosecutors to being a founding member of the prolific hacker groups Lizard Squad and PoodleCorp, which charged a $20 fee to target anyone for online harassment.

A criminal complaint unsealed when Buchta was arrested in October 2016 charged him with launching a wide range of attacks over a two-year period, including shutting down the web networks of gaming companies and initiating so-called phone-bombing schemes that inundated victims with harassing phone calls.

One of his first victims, who lived in the Chicago area, started receiving expletive-laden phone calls every hour, on the hour, according to a criminal complaint. The calls went on for 30 straight days.

“Your target will be left with only 3 options,” the hackers allegedly boasted on their web page, “Change their number, Bend to your whim, deal with a ringing phone for the length of our attack :\”

The loosely based crew also sold stolen payment card account information on thousands of victims, prosecutors said.

Another member of the group from the Netherlands was also charged in the complaint filed in Chicago, but he wound up being prosecuted by Dutch authorities, records show.

Buchta, who has been allowed to live with his mother in Fallston, Md., while the case was pending, appeared before U.S. District Judge Manish Shah on Tuesday dressed in a dark gray suit and glasses. He kept his hands clasped in front of him as prosecutors detailed the charges, answering, “Guilty,” in a quiet voice when the judge asked for his plea. His sentencing was postponed until after his cooperation has been completed.

As part of his plea deal, Buchta agreed to pay $350,000 in restitution to two online gambling companies that were victimized by his schemes.

The charges stemmed from an international investigation and were among the first brought in the U.S. against alleged members of Lizard Squad.

A California man was previously charged with cybercrimes affiliated with the group, court records show. In addition, a 17-year-old boy in Finland was convicted in 2015 and sentenced to two years in custody for orchestrating a series of computer attacks connected to Lizard Squad, according to news reports.

Although the hacker group has been known in the security industry for some time, it rose to prominence over Christmas 2014 when it launched a crippling attack on Sony PlayStation and Microsoft Xbox Live gaming networks, according to news reports.

In January 2015, Lizard Squad made headlines by hijacking social media accounts of Grammy-winning pop singer Taylor Swift. The group sent tweets from Swift’s account instructing her millions of fans to follow two Lizard Squad-related Twitter accounts, then threatened to release nude photos of the superstar in exchange for bitcoins.

Swift shut down the extortion attempt, however, by announcing to fans that there were no nude photos.

“My twitter got hacked but don’t worry,” she wrote to fans on Tumblr, according to one news account. “Twitter is deleting the hacker tweets and locking my account until they can figure out how this happened and get me new passwords. Never a dull moment.”

The 61-page complaint alleged Buchta and the Dutch co-defendant operated websites that enabled paying customers to select victims to receive repeated harassing phone calls from spoofed numbers. In October 2015, they boasted online that the person in Illinois had become their “first victim,” according to the complaint.

That day, the victim, identified in the complaint only as Victim O, started receiving hourly phone calls with the same recorded message.

“When you walk the (expletive) streets, (expletive), you better look over your (expletive) back because I don’t flying (expletive) if we have to burn your (expletive) house down,” the message said, according to the complaint. “If we have to (expletive) track your (expletive) family down, we will (expletive) your (expletive) up (expletive).”


© 2017 Chicago Tribune

Distributed by Tribune Content Agency, LLC.