Stupid hacker trick No. 3: Boost score, get busted
The suspect: An unnamed 17-year-old from Manchester, U.K.
The crime: Launching a DDoS attack on the Call of Duty website and bringing the game to a screeching halt
Dossier: The British teen is accused of using a tool called Phenom Booter to perform a DDoS attack on the servers responsible for hosting the popular Call of Duty video game. According to U.K. media reports, the boy's goal was to keep other players from signing in and killing his character -- thereby allowing him to maintain a high score.
To his credit, the plot worked. It reportedly took the Call of Duty staff several hours to get the site back up and running. In the meantime, countless users were unable to get online and play.
Our junior hacker didn't stop with the single attack, though. Investigators say he spent time scouting out other would-be hackers and offering to sell them the secret to his score-boosting ruse.
The bust: Police tracked the teen to his home -- where you can imagine Mum and Dad were none too pleased.
While hackers often use proxies and redirection services to mask their locations, it sounds like our amateur attacker didn't do much to hide. Officers say they quickly figured out that the server responsible was hosted in the United Kingdom. From there, it didn't take them long to make their way to the Manchester neighborhood where Boy Wizard lived.
"Hackers only need to make a mistake once for that to be the piece of evidence which ultimately identifies them," says Graham Cluley, senior tech consultant at Sophos.
Needless to say, this little prank didn't have police laughing. "This type of crime can often be the precursor to further offending in more traditional areas of online crime," detectives told the Daily Mail.
"Spanky, spanky," the kid's parents probably added.
Stupid hacker trick No. 4: Pummel PayPal, get payback
The suspects: Christopher Cooper, Joshua Covelli, Keith Downey, Mercedes Haefer, Donald Husband, Vincent Kershaw, Ethan Miles, James Murphy, Drew Phillips, Jeffrey Puglisi, Daniel Sullivan, Tracy Valenzuela, Christopher Vo, and one unnamed minor
The crime: Conducting a DDoS attack against PayPal
Dossier: When a handful of financial companies decided to stop handling payments for donations to WikiLeaks last December, the Internet temporarily went wild. Hackers from the group Anonymous cocked their guns and fired, promising to take down anyone "bowing down" to what they called "government pressure" to muzzle WikiLeaks' efforts.
For PayPal, that meant a bunch of bogus Internet traffic. Hackers around the country conducted a DDoS attack against the site, allegedly using a tool called "Low Orbit Ion Cannon" to send massive amounts of data into PayPal. The goal, of course, was to overwhelm the company and cause its service to collapse.
The bust: A "Low Orbit Ion Cannon" sounds impressive -- but apparently, the tool did a poor job of hiding its operators' locations. PayPal was reportedly able to identify the IP addresses of different attackers in its server logs, allowing authorities to use that data to dig up the suspects.
"Even if hackers do redirect through other sites, it's frequently still possible to track an attack back to them," USC's Neuman notes. "You trace it back to one point, then you go through diplomatic channels to get the authorities in the outside country to find and collect the logs. It's a months-long process, but it can be done."