Cyber crook must pay £69,000 or face another two-year prison sentence after selling hacking tool

Mudd could face an extended jail term if he fails to cough up cash.

A judge has told a prolific hacker that he could face an extra two years in prison unless he pays £69,000 after creating a tool that let people attack websites.

According to Sky News, 21-year-old Adam Mudd created a tool called "Titanium Stresser" that allowed crooks to knock websites offline.

By renting it out to a string of cyber criminals, he earned himself more than £250,000. Last April, the Old Bailey sentenced him to two years in prison after he was found guilty under the Computer Misuse Act.

Mudd developed the software at the age of 16. It was reportedly used in an estimated 1.7 attacks against websites and servers. The court heard that these attacks resulted in firms losing millions.

While denial-of-service attacks generally only seek to cause disruption to servers rather than theft they can be very expensive. The companies targeted by the tool claimed they had to spend large sums to improve their defences.

On Monday, Mudd faced another court hearing. Judge Michael Topolski QC claimed that the tool generated him £171,000 in profit and affected targets "from Greenland to New Zealand, from Russia to Chile".

The judge ordered the attacker to cough up £69,000 in damages over the next three months. If he fails to meet this deadline, he could land himself another two years in prison.

Terry Ray, chief technology officer of security vendor Imperva, said that current criminal judgements for computer misuse "apply more reformative value to incarceration duration than they do to monetary reparations".

He said: "Of course, victim companies can certainly follow the criminal trial with a civil lawsuit where monetary reparations are the primary result."

In the case of Mudd, Ray said it is likely that he will face an extended prison term. "There are cases where judges have banned the use of computers and internet from offenders in some countries," he explained.

"However, this does seem to be fairly light for running a for-profit business specifically designed to offer services to anyone wanting to purposely damage businesses.

"A number of similar exploit services exist today, though most of them are run from countries where little is done to prevent them. At least in the UK, the attacker was identified, tried and incarcerated."

He said that firms need to take cyber security more seriously.

"Companies should know that solutions to prevent the behavior of Mr. Mudd's attack platform have existed for years," added Ray.

"And if an organization's web portal is important to them, they should consider implementing effective security, much like they do for front doors, windows, networks, laptops and the like."