Skip to main content

The man behind a spree of gaming network cyberattacks has pleaded guilty

The man behind a spree of gaming network cyberattacks has pleaded guilty

Share this story

Illustration by Alex Castro / The Verge

A man who helped orchestrate attacks on several gaming platforms, then abruptly disappeared in 2014, pleaded guilty in a California court yesterday. Utah resident Austin Thompson admitted to being a member of the hacking group DerpTrolling, which carried out a series of high-profile denial-of-service attacks in late 2013 as part of a campaign against Twitch streamer James “Phantoml0rd” Varga. Thompson was charged with causing “damage to a protected computer,” which carries a maximum penalty of 10 years in prison; he will be sentenced in March 2019.

DerpTrolling rose to prominence in December 2013 when it attacked a series of game networks, briefly overloading the servers for League of Legends, Dota 2, and Blizzard’s platform. DerpTrolling was potentially implicated in taking down the Sony PlayStation network, and the plea statement apparently confirms this, naming Sony Online Entertainment as one of the companies affected.

The denial-of-service attacks were largely part of a feud with Varga who willingly played along with the group’s efforts, although they later allegedly “swatted” him by making a fake emergency call to police. The plea agreement states that Thompson’s attacks caused $95,000 in damage, although that’s likely a fairly nebulous estimate.

The attacks turned into a bizarre publicity stunt

According to a 2014 report by The Guardian, Thompson’s name was leaked online almost immediately after this series of attacks, and Thompson was supposedly arrested. (Although The Guardian couldn’t confirm his arrest, and another Derp member claimed that “whatever’s happened, he’s not in jail.”) DerpTrolling continued to run after Thompson’s disappearance, and it later leaked what it claimed were thousands of passwords from gaming services, although this claim was denied by the companies. It’s unrelated to the hacking group Lizard Squad, which carried out similar attacks against gaming networks.

In early January 2014, the DerpTrolling Twitter account’s operator mentioned that agents from the Federal Bureau of Investigation and National Security Agency were at their door, then claimed to have escaped through a bathroom window. It’s unclear how accurate any of these tweets are, but according to the plea agreement, Thompson did operate the account until his arrest. “Thompson typically used the Twitter account @DerpTrolling to announce that an attack was imminent and then posted screenshots or other photos showing that victims’ servers had been taken down after the attack,” it reads.

The Guardian painted Thompson as the technical brains behind DerpTrolling, responsible for writing the software they used to carry out their denial-of-service attacks. Denial-of-service attacks are common and fairly easy to orchestrate, and these caused relatively little damage compared to massive operations like the Mirai botnet, which took down large sections of the web last year. Nonetheless, US Attorney Adam Braverman says the Justice Department is “committed to finding and prosecuting those who disrupt businesses, often for nothing more than ego.” That’s a pretty fair description of DerpTrolling, whose stated motivation was “the lulz.”