Hacker arrested for 2008 DDoS Attacks on Amazon.com

A 25-year-old Russian hacker has been arrested for allegedly orchestrating two DDoS (Denial-of-Service) attacks on Amazon.com and eBay in 2008.

"Cyber bandit" Dmitry Olegovich Zubakha was indicted in 2011, but he was just arrested in Cyprus on Wednesday. Zubakha was arrested on an international warrant and is currently in custody pending extradition to the United States.

According to the indictment, which was unsealed on Thursday, Zubakha, with the help of another Russian hacker, planned and executed DDoS attacks against Amazon.com, eBay, and Priceline in June 2008. Zubakha and his co-conspirator launched the attack by programming botnet computers to request "large and resource intensive web pages." According to a press release by the U.S. Department of Justice (DOJ), the attacks made it "difficult for Amazon customers to complete their business on line."

Zubakha and his friend claimed credit for the attacks on online hacker forums, and law enforcement traced 28,000 stolen credit card numbers to the pair in 2009. For that reason, Zubakha and his partner are also charged with aggravated identity theft for illegally using the credit card of at least one person.

"These cyber bandits do serious harm to our businesses and their customers," said US Attorney Jenny Durkan in a statement. "But the old adage is true: the arm of the law is long. This defendant could not hide in cyberspace, and I congratulate the international law enforcement agencies who tracked him down and made this arrest."

At present, the charges in the indictment - conspiracy, intentionally causing damage toa protected computer resulting in a loss of more than US$5000, possession of more than 15 unauthorised access devices (credit card numbers), and aggravated identity theft - are just allegations. Zubakha faces up to five years in prison for conspiracy, up to 10 years in prison and a US$250,000 fine for intentionally causing damage to a protected computer, up to 10 years in prison and another $250,000 fine for possessing unauthorised access devices, and an additional two years in prison (on top of any other sentence) for aggravated identity theft.