A Tennessee man faces 10 years in prison after admitting to participating in a series of computer hacks that targeted colleges, government agencies and telecommunications companies around the world and caused more than $750,000 in damages.
Timothy Justen French of Morristown pleaded guilty Tuesday to one count of intentionally damaging a protected computer without authorization, the Justice Department announced.
French, 21, was initially arrested in June 2014 and charged with three counts related to a two-year-long hacking spree waged by a group that called itself “NullCrew.” A plea agreement entered in the Northern District of Illinois on Tuesday has consolidated the government’s complaints into a single count, and he’ll face a maximum sentence of 10 years in prison when he goes before a federal judge for sentencing next March.
In accordance with the plea deal, French admitted to taking part in at least seven cyberattacks with NullCrew between 2012 and 2014, causing $792,000 in monetary loss to victims including companies, universities and governmental entities, prosecutors said.
Court documents filed against by the government against French fail to identify NullCrew’s victims, listing them instead as “a large Canadian telecommunications company,” “a large mass media communications company” and other nondescript targets.
The hacker group had routinely touted its successful intrusions through various Twitter accounts and publicly took credit for attacks against the World Health Organization, PBS, Bell Canada, Comcast, the University of Virginia, the state of Indiana’s computer network and the U.K.’s ministry of defense, among others.
Prosecutors alleged that French and his NullCrew cohorts penetrated the networks of vulnerable targets and acquired private information, including hundreds of thousands of username/password combinations that were then dumped online.
“Hackers who think they can anonymously steal private business and personal information from computer systems should be aware that we are determined to find them, to prosecute pernicious online activity, and to protect cyber victims,” U.S. Attorney Zachary T. Fardon said when charges were first brought against French last year.
The FBI was able to identify French as one of the members of NullCrew with the aid of a confidential witness who had participated in chats with the hackers where the attacks were discussed at length, government officials said.
U.S. Magistrate Judge Daniel G. Martin ordered French to be held by authorities back in May after he allegedly failed to make drug tests and counseling appointments, but allowed him to move in with his father until he was caught violating the court’s orders in September when he was spotted using the Wi-Fi at a Tennessee McDonald’s location, the Chicago Sun-Times reported.
His sentencing is scheduled for March 9, when he could receive closer to 57 months in federal prison in exchange for not going to trial, the Sun-Times reported.
Please read our comment policy before commenting.