A 21-year-old man from Liverpool in the UK has been sent to prison for two years after admitting to thousands of denial of service attacks and running an online malware marketplace and "booter" service.
Alex Bessell was found guilty of writing, using and distributing malware since 2010, as well as of money laundering in conjunction with the DDoS attacks, the UK's Crown Prosecution Service said.
Police found 750 logins to infected systems on Bessell's computer during a raid on his home.
In total, Bessell controlled at least 9083 bots to use for DDoS atttacks, police said. His zombie army was used conduct 102 attacks on Pokémon, Skype and Google websites.
The hacker's computer also contained two Trojan horse applications to exfiltrate personally sensitive information such as email and internet banking credentials from web data forms.
Bessell created the Aiobuy online marketplace to sell malware, including remote administration tools (RATs), DDoS apps, and programs to bypass antiviruses.
The website contained over 9000 items for sale. Bessell made over 34,000 sales, earning him more than US$700,000 (A$875,771), according to West Midlands Police.
More than one million visitors were recorded for Bessell's site, which had 26,000 registered customers.
Detective constable Mark Bird hailed the prosecution as one of the most significant the police had seen.
"He [Bessell] was offering an online service for anyone wanting to carry out a web attack," Bird said.
Attackers using Bessell's site didn't need any technical knowledge and were able to simply choose a piece of malware, pay for it, and the hacker would do the rest, Bird said.
Senior crown prosecutor Hannah Sidaway said Bessell's actions helped others commit thousands of criminal attacks, causing financial loss as well as loss of personal and business data.
Bessell was arrested after what the CPS said was a lengthy and complex police operation that spanned several countries.
