Timothy Justin French, 20 years young boy was arrested and charged with federal computer hacking for allegedly conspiring to launch cyber attacks on two universities and three companies since last summer.He waived a detention hearing in Federal Court in Knoxville, and will be transferred in custody to face prosecution in U.S. District Court in Chicago, where no court date has yet been scheduled.
French is allegedly associated with a group of individuals, known as “NullCrew,” who have claimed responsibility for dozens of high-profile computer attacks against corporations, educational institutions, and government agencies.
French was charged with conspiracy to commit computer fraud and abuse in a criminal complaint that was filed under seal on June 3 and was unsealed upon his arrest.
According to the complaint affidavit, NullCrew has used Twitter accounts to announce dozens of attacks against various victims, including the websites of two organizations in July 2012 and eight computer servers belonging to a large company in September 2012.
In both instances, the announcements included links to posts on Pastebin, a website that allows uploading of text files for others to view, containing usernames and passwords associated with those victims.
In November 2012, NullCrew announced an attack on a foreign government’s ministry of defense, releasing more than 3,000 usernames, email addresses, and passwords purportedly belonging to members of the defense ministry.
The complaint charges French with involvement in five cyber attacks launched by NullCrew: a July 19, 2013, attack on University A, a large public university; a Feb. 1, 2014, attack on Company A, a large Canadian telecommunications company; attacks in early 2014 against University B and California-based Company B, both announced by NullCrew on April 20, 2014 as part of a series of hacking attacks; and an attack against Company C, a large mass media communications company, that NullCrew announced on Feb. 5, 2014.
In each of these instances, information allegedly hacked from the victims’ computers was released by NullCrew and caused significant financial damages to the universities and companies, including the costs of responding to the computer intrusions, conducting damage assessments, and restoring the computer systems.
The computer hacking charge in this case carries a maximum sentence of 10 years in prison and a $250,000 fine. If convicted, the court must impose a reasonable sentence under federal statutes and the advisory United States Sentencing Guidelines.
