'Baby faced hacker' from Northern Ireland who targeted XBox live,  Rockstar Games and Tumblr walks free from court

Sentencing 24-year-old Aaron Sterritt at Antrim Crown Court, Judge Roseanne McCormick KC said she was satisfied there were exceptional grounds in the background which justified her suspending the jail sentence including the fact that as well as being a teenager at the time of the offending Sterritt had also not reoffended while on bail for four years.

While she also refused a PPS and PSNI application to impose a Serious Crime Prevention Order, the judge told the court she felt that having the jail sentence hanging over his head would be an effective deterrent to prevent further offending.

At an earlier hearing Sterritt, from Brookfield Gardens in Ahoghill, entered guilty pleas to a total of eight offences including five counts of conspiring “with others not before the court, to commit unauthorised acts, namely a distributed denial of service (DDoS) attack,” on dates between 2 December 2016 and 21 December 2016.

The court heard that using the pseudonyms ‘Victor’ and ‘Vamp,’ Sterritt was part of a hacking gang known as “starpatrol” whose DDos cyber attacks targeted: Flowplay incorporated; Microsoft Corporation (XBox live); Ottawa Catholic School Board; Rockstar Games Incorporated and Tumblr Incorporated.

Judge McCormick told the court that according to the prosecution, Sterritt was subordinate to at least one other member of the star patrol group in offending which was “hugely harmful.”

Sterritt was prosecuted as a result of a joint operation between the PSNI and the National Crime Agency where he “attached himself to an agreement to carry out a series of DDoS attacks on a number of businesses.”

Taking each count in turn, the judge outlined how Flowplay inc. has two virtual worlds involving 75 million online gamers across the world. Between 3-11 December the attacks caused the servers to “lock up” for the entirety of the attacks and during that time, customers could not access their accounts or play online and as a result, Flowplay “had to refund tens of thousands of dollars of purchases and subscription fees.”

Along with losing out on potential new customers Flowplay had to pay to “migrant” their services to a new server, resulting in the company being out of pocket of “hundreds of thousands of dollars.”

There was a series of similar attacks on Xbox live and Rockstar games between 3-21 December while in the offences relating to Ottawa Catholic School Board, a school in Ontario experienced many DDoS attacks between 2015 and 2016.

Judge McCormick said information pointed to the school’s own students being responsible in that two work stations were accessing sites that could be launched to such an attack, affecting online access for the 4,000 staff and 40,000 pupils and leading the board to spend more than $100,000 on internet security and monitoring.

The attack on Tumblr Incorporated “appeared to originate from IP addresses all over the world”.

Sterritt operated under the assume name of Vamp and the judge said that in postings he had labelled himself as the “baby faced hacker with autism who took credit for the Talk Talk hack.”

Judge McCormick told the court it was an aggravating factor that at the time of the offences she was dealing with, Sterritt was on bail for other similar offences where he was involved in hacking into the Talk Talk network.

“That resulted in the company losing thousands of customers and disclosing financial losses in the realm of £77 million,” said the judge, adding that when Sterritt was dealt with for that case he received a Youth Conference Order of probation and 50 hour community service order

It transpired however that Sterritt only managed to complete 15 hours and the CSO was later replaced with a fine.

Turning to the various reports, Judge McCormick revealed that Sterritt had grown up in the care system, was diagnosed with autism and ADHD and despite his “obvious technological capabilities,” had left school with no formal qualifications.

According to a consultant psychologist, Sterritt had feelings of low self esteem and “feelings of worthlessness during his teenage years” but that by being part of the star patrol would have given him a “sense of mastery and control.”

The reports from probation and the consultant psychologist also established Sterritt had gained a level of maturity since he committed the offences and he now has insight and an understanding into the harm such DDoS attacks can cause.

Judge McCormick said while there was no doubt the offences crossed the threshold for a custodial sentence, Sterritt’s guilty pleas, thereby saving considerable court time and money over a protracted and complicated trial, along with his youth and immaturity and “personal challenges” meant she could take an exceptional course and suspend the sentence.

She warned Sterritt however that if he committed any further offences in the next three years, “I am confident that any District Judge will send you to me and you know what I will do.”