A cyber security student has been jailed after creating malware targeting government websites while living with his parents.
Amar Tagore, a third year university student, offered buyers the malicious software to disrupt corporate and state-run websites, while living with his parents in Alexandria, Dunbartonshire.
The 21-year-old supplied a tool used by hundreds of online customers to carry out Distributed Denial of Services (DDoS) attacks which forced users to take their websites offline, and made nearly £45,000 from his crimes.
He also provided technical support to those who bought the cyber-attack software, which he constructed and sold, according to The Crown Office and Procurator Fiscal Service (COPFS).
Tagore, a third-year cyber security student, was jailed for 21 months at Dumbarton Sheriff Court after pleading guilty to computer misuse charges and a breach of proceeds of crime legislation.
Amar Tagore was convicted of creating, selling and supporting an online computer system with the capability of bringing down websites
Police were alerted after the Department of Work and Pensions (DWP) suffered regular ‘DDoS’ attacks at a Jobcentre site in Braintree, Essex, between May 12 and August 18 2022, the court heard.
Officers identified a suspect whose mobile phone was found to run a program called ‘Myra’ which was running two different attack ‘commands’ towards DWP’s computer system, according to COPFS.
The ‘Myra’ home page and its IP address were then traced to Tagore.
The website provided different Myra packages including a ‘normal’ one for beginners, and a VIP package giving users a ‘larger network increase and complex vector structures’.
Another VIP+ package stated it had ‘access to all add-on packages for full accessibility to the network. Specialised with your attack suite to meet any desires.’
Officers carried out a search of the house Tagore shared with his parents in November 2022 and found him logged into a ‘Myra VI’ terminal window through two large monitors and was using ‘commands’ which allowed another user to use two separate attack methods, the court heard.
Analysis of Tagore’s laptop revealed 73,347 search references including the word ‘Myra’, with another 1,131 found on his mobile phone.
A financial investigation found that between January 2020 and November 2022, Tagore earned £44,433 from the sales of his malicious software.
Sineidin Corrins, deputy procurator fiscal for specialist casework at COPFS, said: ‘Amar Tagore’s criminal conduct had the potential to cause serious disruption to government-affiliated and commercial websites all over the world.
‘He made tens of thousands of pounds through the sale of his malicious software and technical expertise.
‘But he is now paying the price for his criminal conduct, and we are already taking steps to recover his criminal benefit under proceeds of crime legislation.
‘This investigation involved domestic and international partners and reflects the worldwide nature of cybercrime investigations which does not stop at traditional borders.
‘COPFS is committed to fighting cybercrime at all levels and to protecting our communities and businesses from the effects of such criminality.’
Tagore will now be subject to confiscation action under proceeds of crime legislation.
■ Click here to visit the Scotland home page for the latest news and sport