back to article 8-month suspended sentence for script kiddie who DDoS'd Labour candidate in runup to 2019 UK general election

A British script kiddie who DDoS'd a Labour Party parliamentary candidate's website in the runup to the last general election has been banned from using the Tor browser. Bradley Niblock, formerly the operator of the UGLegion Twitter account, pleaded guilty to two Computer Misuse Act crimes after being tracked down by Cumbria …

  1. Eclectic Man Silver badge

    I hope he has learnt his lesson.

  2. Terry 6 Silver badge

    He came across Furness Academy's Twitter account. He put in a password and it worked

    Really? What year is this? FFS!

    There's a sub-text here. Someone in Furness Academy needs a serious boot up the jacksy

  3. Version 1.0 Silver badge
    Facepalm

    F**** it!

    So they have "fixed" the problem?

    Sure, he was an idiot but he's demonstrated that another idiot can repeat problem this next time so the problem is F*****, not Fixed.

    1. Peter X

      Re: F**** it!

      I agree with you... but in this case, he was also attacking the democratic process, so personally, I think he's got off lightly considering.

      1. John Brown (no body) Silver badge

        Re: F**** it!

        I came here to ask if anyone knew what the point of the "attack" was.

        Technically, yes, he "attacked" the democratic process, but really, who goes looking at a candidates website just days before voting for them? Unless it was expected to be such a close race as to require years worth of recounts by the Ninjas, what was the kid thinking?

        He deserves to book thrown at him as much for being an idiot as for what he did.

        1. Anonymous Coward
          Anonymous Coward

          Re: F**** it!

          He deserves to book thrown at him as much for being an idiot as for what he did.

          And I hope they aim well.

          Moron.

  4. TeeCee Gold badge
    Alert

    Hmm.

    ...has been banned from using the Tor browser.

    ...after being tracked down by Cumbria Police.

    I suppose that the fact of the latter makes the former less of a loss for him.

  5. karlkarl Silver badge

    "Niblock is now said to be working as a web designer."

    Well, he certainly got his punishment! Seems a little overly harsh though.

    1. vogon00

      Not harsh enough!

      "working as a web designer"

      Not harsh enough IMO! If he's working, he's earning....and probably earning reasonable coin with that job title.

      If I had been the one passing sentence, I would have probably suggested he could choose to actually serve the 8 months in the bridewell or have it suspended...but suspended only if he spent those 8 months programming in VBA[1] using the Office-provided IDE. That'd teach him not to misbehave / be a dickhead at other peoples expense.

      Actually, come to think of it, I doubt I'd be allowed to pass that sentence.... aren't 'Cruel and unusual' punishments forbidden these days?

      [1] Partially obscured to avoid some of the horror induced by those three letters.

  6. TheSkunkyMonk

    Naughty boy! But this is why we are lacking in computer security/software engineering in the UK these days. Just look at all the big coding competitions. Research should be encouraged and he should be pushed in that direction, Mind do script kiddies ever turn good? Quite possibly.

  7. Cederic Silver badge

    impressively balanced

    I like "banned from signing up to social media platforms using "vanity names" unless these are "made available to the police for inspection on request"".

    Forcing him to only use his real name would be a horrible invasion of privacy and expose him to risks if he does online gaming or has hobbies that aren't work friendly, so when the summary mentioned this restriction my initial reaction was negative. What they've actually done though is a nice balance between giving him the means to protect himself online while making it either easy to check that he's behaving, or charge him with an offense if he ignores the ruling.

    (He could have ignored the 'no vanity names' ruling anyway, so in that regard this approach is no worse than a blanket ban.)

    A political site I browse (but don't have an account on so never comment) had a commenter that did have a 'must use your real name' court order. He received direct abuse from other commenters as a result, as they took advantage of being able to research his life in depth and attacked him for the things with which they disagreed. (He's now actually in prison due to a recurrence of the online behaviour that earned him the court order in the first place; a sad situation that seems linked to mental issues).

    So I welcome this court trying to find a sensible balance between discouraging poor behaviour, protecting the public and nonetheless protecting the individual concerned.

    1. cyberdemon Silver badge
      Pint

      Re: impressively balanced

      An impressively balanced comment, have an upvote

    2. John Brown (no body) Silver badge

      Re: impressively balanced

      "Forcing him to only use his real name would be a horrible invasion of privacy and expose him to risks if he does online gaming or has hobbies that aren't work friendly, so when the summary mentioned this restriction my initial reaction was negative. What they've actually done though is a nice balance between giving him the means to protect himself online while making it either easy to check that he's behaving, or charge him with an offense if he ignores the ruling."

      The way I see it, if this kid has any sense of privacy, this will make him think very carefully about what services he signs up to. It will hopefully instil in him the need for being careful about what one does online and respect for others privacy. This could be a very good life lesson for him. On the other hand, if he follows the rules and then signs up to "dodgy" places with his real name, he'll learn the same lessons the hard way.

    3. Eclectic Man Silver badge

      Re: impressively balanced

      Cederic: "A political site I browse (but don't have an account on so never comment)"

      Not, perchance that of Mr Dominic Cummings? (https://dominiccummings.com)

      I was going to post a comment on that, but you have to "subscribe", and I didn't fancy that much. (I admit to being a coward). Unsurprisingly, all the comments were in favour of what Mr Cummings had posted, although strangely I found it wanting. (Lots of statements about what should be done, no actual decisions to do anything in the various messages quoted.)

      1. John Brown (no body) Silver badge

        Re: impressively balanced

        His entire reason for being is to manipulate information and people. He's a spin doctor. You think comments on his own site might not be fully and completely moderated, or even "edited" before appearing in public?

      2. Cederic Silver badge

        Re: impressively balanced

        Not that one, no. Although I believe he has his own blog and also now posts on substack, neither of which I frequent.

  8. Hubert Cumberdale Silver badge

    Ah yes, the old "sophisticated" attack. Looking forward to a day when someone admits it was a "basic" attack.

    1. Fred Flintstone Gold badge

      I could not agree more (I tried :) ).

      Admitting an attack was "basic" amounts to accepting culpability for not even putting an effort in, so every single breach is always deemed to be the work of "sophisticated" "hackers" who deploy what must be sheer magic to break in, like using the immeasurably complex and impossible to memorise login combination of admin/admin.

      Given what I've seen so far of a lot of these "hacks", the people who run these sites probably live in homes with locks that you could pick with a toothpick without even slowing down and must exclusively use 0000 or 1234 for PIN codes.

      1. Eclectic Man Silver badge
        Joke

        You'd need to be an absolute GENIUS to hack into MY Twitter account by guessing my password is MAGA2020.

        I'll get my coat, its the one guarded by two secret service agents...

      2. Halfmad

        How do you know both my PINs ?

        *calls police*

      3. Robert Carnegie Silver badge

        I don't know details of the case but I assume that he attacked the candidate's web site using a substantial botnet, or an exploit which consumes the web server's resources disproportionately to the cost of generating the exploit, or both. There also will have been steps taken to conceal the identity of the attacker. Apparently this failed, and probably the sophisticated parts of the attack can be rented, cycbercrime as a service, but there is more to it than just running "ping" over and over again.

  9. tiggity Silver badge

    " crapflooded with 250,000 connection requests, overwhelming it"

    So about 3 a second averaged over 24 hours... piss poor hosting infrastructure if it cannot deal with that.

    Over what time frame was this "crapflood" of requests?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021