Oregon Man Cops Plea in eBay DDOS Attack

A 21-year-old Oregon man faces up to 10 years in prison after pleading guilty this week for his role in launching a distributed denial of service (DDOS) attack on eBay in 2003.

Anthony Scott Clark admitted in a San Jose, Calif., federal court late Tuesday afternoon that he and unnamed associates coordinated a network of 20,000 hijacked computers to launch DDOS attacks on the name server for eBay.com, according to a Department of Justice statement.

Clark, then 18, gained control of the computers, or “bots,” by using a worm program that took advantage of a security weakness in Windows: the “Remote Procedure Call for Distributed Component Object Model,” or RPC-DCOM vulnerability.

The computers were then directed to a password protected Internet Relay Chat (IRC) server where they connected, logged in and waited for instructions. Under Clark’s control, the bots launched DDOS attacks at computers or computer networks connected to the Internet.

DDOS attacks are designed to swamp a company’s servers and make it virtually impossible for consumers to reach the company’s site.

The prosecution is the result of an investigation by agents of the U.S. Secret Service’s Electronic Crimes Task Force, which was overseen by the U.S. Attorney’s Office’s Computer Hacking and Intellectual Property (CHIP) Unit.