Shropshire cyber attack: Teenage student who targeted county firm avoids jail

Chappell, a 19-year-old from Stockport in Greater Manchester, ran a web business supplying malware that was used to attack the accounts of some of the world’s leading companies.

He supplied Distributed Denial of Service (DDoS) software that crashes websites by flooding them with huge volumes of data.

He was given a suspended sentence at Manchester Crown Court following an investigation by cybercrime detectives from the West Midlands Regional Organised Crime Unit – launched after a small firm in Shropshire offering educational tutoring packages was hit by a vDos attack.

Chappell helped criminals to target millions of websites around the world, including a 2015 attack on NatWest that brought down the firm’s online banking systems.

His web enterprise vDos-s.com offered Bronze, Silver, Gold and VIP hack packages on a sliding price scale, depending on the severity of damage customers wanted to inflict on target websites.

He even offered an online helpdesk as part of the operation which meant people with little or no IT knowledge could launch crippling digital attacks at the push of a button.

Chappell also conducted thousands of web assaults himself, aimed at companies including T-Mobile, EE, Vodafone, O2, Amazon, Netflix and Virgin Media, plus the BBC and National Crime Agency.

The inquiry into the attack on the Shropshire firm uncovered a network of vDos co-conspirators around the world – including in the USA and Israel – and led officers to identify Chappell as the lead UK-based agent.

Police raided Chappell ’s home in Curtis Road - where he lived with his parents - on 11 October last year and seized the battered computer hard-drive he used to conduct high-tech online attacks from his bedroom.

Forensic analysis of the computer and other electrical devices revealed evidence linking him to an account on vDos plus online chat with two men from Israel and another from the US who are accused of involvement in the “cyber vandalism" ring.

Chappell later admitted Computer Misuse Act offences, plus encouraging or assisting an offence and money laundering his crime proceeds.

He was given 16 months detention, suspended for two years.

Detective Sergeant Simon Biggs from the West Midlands Regional Cyber Crime Unit, said: “Chappell offered Denial of Service attacks on a subscription basis for a fee; users simply had to select the extent and duration of attack they wanted and pay with Bitcoin, PayPal, or a credit card. It was that simple.

“Cybercrime is largely seen as being committed by hackers with technical skills. But stresser services like vDos allow amateurs, sometimes motivated by a grudge, to launch attacks easily and with little or no specialist knowledge.

“He even offered customer support on how to pick the right malware for the site they wanted to crash; it was tailor-made cybercrime solutions.

“The site was responsible for facilitating more than one million attacks on businesses ranging from SMEs to multi-national household names."