A Russian man was arrested in Cyprus last week for allegedly launching two distributed denial-of-service attacks on Amazon.com in June 2008.
Dmitry Olegovick Zubakha, a 25-year-old man from Moscow, was indicted last year by a Seattle grand jury for conspiracy to intentionally cause damage without authorization to a protected computer and possession of more than 15 unauthorized access devices.
In addition to the attack on Amazon, Zubakha was linked to similar attacks on Priceline.com and eBay.
Along with fellow hacker Sergey Logashov, Zubakha is alleged to have launched the attack using a botnet of computers under the control of multiple users. The duo brazenly took credit for the attacks on hacker forums, according to the indictment.
In addition to their denial-of-service attacks, law enforcement also traced 28,000 stolen credit-card numbers back to both men, which helped lead to the arrest.
“Amazon is willing to expend dollars and energy beyond even what can be economically justified in order to bring cybercriminals to justice,” said company spokesperson Mary Osako in a statement.
If found guilty on all charges, Zubakha could face up to 37 years in prison and $750,000 in fines. Intentionally causing damage to a protected computer with a resulting loss of more than $5,000 is punishable by up to 10 years in prison. Logashov was also charged with the same count.
The arrest in Cyprus was a complex undertaking, with the U.S. Secret Service, the U.S. Attorney’s Office for the Western District of Washington and the Seattle Police Department all working together with global officials.
“The [three agencies] talking to each other is a direct result of the birth of the Department of Homeland Security,” security consultant Robert Siciliano told the E-Commerce Times.
American authorities are seeking Zubakha’s extradition.
According to the indictment, the first of two attacks lasted four and a half hours on June 6, 2008, before Amazon was able to intervene. Amazon’s servers were working overtime, on a magnitude of between 600 and 1,000 percent of normal traffic. The second attack began on June 9 of the same year and lasted until June 12.
Zubakha was also charged with aggravated identity theft for using the credit card of a Lake Stevens, Wash., resident illegally.
“This defendant could not hide in cyberspace,” said U.S. Attorney Jenny A. Durkan, head of the Justice Department’s Cybercrime and IP Enforcement Committee. “I congratulate the international law enforcement agencies who tracked him down and made this arrest.”
Logashov is still at large.